Origin Protection (OP)

A robust set of rules designed to counter flood attacks, including IP, TCP, UDP, ICMP, SSL/TLS, and SIP floods. These attacks overwhelm systems by flooding them with excessive requests, depleting resources and blocking legitimate traffic. Anti-flooding ensures systems remain responsive and operational.

Continuously monitors traffic, offering advanced warnings and triggering responses if thresholds are exceeded within a set timeframe.

Focuses on bursty traffic and hit-and-run attacks, enabling quick threat detection through active traffic monitoring.

‍

Uses Nexusguard’s AI-driven Deep Learning system for dynamic traffic profiles, ensuring precise detection and minimizing false positives.

Leveraging advanced deep learning, Smart Baselining continuously analyzes network traffic to establish accurate baseline thresholds. This intelligent approach minimizes false alarms, enhances the speed of anomaly detection, and enables rapid threat mitigation.

Origin Protection supports Direct Connect as an alternative for returning clean traffic directly from Nexusguard’s scrubbing centers to customer networks. CSPs with data centers in the vicinity of Nexusguard’s PoPs or shared facilities can establish a direct physical connection for enhanced performance. Direct Connect is not limited to nearby IDCs; it can also be extended via Virtual Private Connect (VPC) service providers, offering flexible connectivity options.

Nexusguard’s Origin Protection module includes a Cloud Diversion feature, which seamlessly redirects customer traffic within minutes when it surpasses a predefined bandwidth threshold. This automated process requires no on-premise appliances or customer intervention, ensuring a smooth and hassle-free experience.

On-Net integrates a Cloud Diversion agent into the customer’s routing domain, enabling communication and routing information sharing with the customer router within the same ASN. Customers have full control, including the ability to withdraw the /24 network, ensuring flexibility in routing management. This speeds up decision-making and reduces mitigation time.

During peacetime, the customer router announces routes directly to the internet. During an attack, routes are announced to the Nexusguard Cloud using the “attack” BGP community, triggering immediate mitigation.

Traditional methods like Remotely-Triggered Black Hole (RTBH) use BGP to drop all traffic to an under-attack server, including legitimate traffic. BGP Flow Specification (FlowSpec) offers a more precise alternative, enabling rapid deployment of filtering and policing across BGP peer routers to mitigate DDoS attacks without completely blocking access.

Nexusguard employs FlowSpec to match specific flows based on source, destination, L4 parameters, and packet data (e.g., length, fragment). It dynamically installs actions at border routers to:

• Drop traffic matching the flow,
• Redirect traffic to a VRF (Virtual Route Forwarding) for analysis, or
• Police traffic at a defined rate.

Designed to provide complete visibility and control, the Customer Portal is a powerful, user-friendly platform for managing security and performance. Featuring an integrated dashboard and detailed analytics, it enables customers to view and configure detection and mitigation settings tailored to their specific service plans. From monitoring real-time traffic — including raw and clean bandwidth — to tracking network performance metrics like cached bandwidth and request volumes, the portal offers a comprehensive overview of their digital environment.

Customers can stay ahead of threats by viewing ongoing and stopped DDoS attacks, analyzing potential risks, and exploring detailed insights such as visitor geography, source IPs, connection speeds, and more. The portal also provides access to detailed event logs, downloadable raw logs, and monthly reports for deeper analysis.