<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-56W9VX" height="0" width="0" style="display:none;visibility:hidden">

Nexusguard combines purpose-built cloud infrastructure, proprietary technology, 24x7 SOC and collective intelligence to defend networks from targeted attacks and Advanced Persistent Threats (APTs).

Global Scrubbing Network

Nexusguard's multi-node scrubbing centers are strategically deployed in traffic-heavy hubs around the world to handle requests, process traffic and eliminate attacks closest to their source.

The global scrubbing network has 9 points of presence (PoPs) located worldwide including San Jose, Los Angeles, Miami, London, Amsterdam, Hong Kong (x2), Taipei and Singapore which command more than 1.44 Tbps of aggregate mitigation capacity.

Nexusguard is expanding the global scrubbing network through the ISP Partnership Program. This help us extend our DDoS mitigation platform into every corner of the world in order to eliminate attack traffic as close as the source as possible.

Intelligence-based Detection

Nexusguard Threat Intelligence collects and analyzes traffic data from the mitigation platform, SOC, research, IP reputation and external intelligence exchanges to identify threats, mitigate them proactively, and take preventive security postures.

Zero day attack

False positive incident

Malicious crawler

Blacklisted IP

Multilayered Mitigation

Comprehensive, multilayered mitigation platform eliminates massive volumetric-based and complex L7 attacks in a matter of nanoseconds.

High-speed border filtering

Defend against bandwidth flood using wire-speed Access Control Lists. Nexusguard also keeps tracking lists of bogus IPs and infected hosts, which are also filtered at this layer.

Protocol vertification Deep packet inspection (DPI)

Filter out SYN flood and other similar attacks that attempt to exploit the TCP/IP protocol vulnerability. Progressive challenge-response (C/R) algorithms are further employed to distinguish between spoofed and legitimate traffic.

Adaptive filtering

Statistical Analysis and Anomaly Recognition are used to guard against zero-day attacks.

Application-level filtering

It learns what applications are running on the client’s network in order to effectively detect and deter application traffic violations using Nexusguard’s DPI engine. Malicious traffic is further assessed by the C/R engine. Intelligent HTTP Malformed filtering steps in to mitigate application-specific level attacks (HTTP attacks) as they arise.

Flexible content filtering

Deter morphing HTTP Flood attacks by adapting flexible-content filters to counter evasive intents rapidly.

Web application firewall (WAF)

Protect web applications, mobile apps and application program interface (API) apps against common threats such as the OWASP Top 10 Attacks.


Caching serves as the last layer of protection to absorb the final bit of attack traffic, if any, that has slipped through the preceding layers.

DDoS Mitigation

Defend websites, applications and networks from L3-L7 attacks, ensure 24x7 uptime, and maintain high performance and resilience.

Low false-positives, keeping end user experiences intact.

Mitigation capabilities for DDoS attacks of any size, using excess cloud capacity.

Immediate protection, triggered by real-time attack monitoring.

24x7 Security Operations Center (SOC)

The 24x7 security operations center (SOC) provides real-time network monitoring, early threat warnings and advisories, vulnerability identification and mitigation and incident response.

Clients are kept updated at all times on all threats, attacks and actions to be/having been taken by the SOC to handle the incident.

Clear, comprehensive and cohesive post-attack reports and statistical data are provided in a timely manner.

Web Application Firewall (WAF)

Nexusguard cloud-based WAF is built upon the OWASP ModSecurity Core Rule Set (CRS) to address the OWASP Top 10 Threats, such as SQL injection, cross-site scripting, and zero-day web application attacks. It also can prevent execution of fraudulent transactions, stop in-browser session hijacking, and secure AJAX applications and JSON payloads.

Nexusguard's WAF is certified by the PCI Security Standards Council, meaning that you can comply with PCI DSS requirement 6.6 without having to invest in costly hardware.

It is centrally managed by our security analysts, ensuring that your websites and applications are protected against new and emerging threats.

Threat intelligence is collected from and shared among a large pool of clients, resulting in improved detection rates as well as lower false positives.

Download White Paper
Non-intrusive Use Authentication

To minimize impact on user experience, Nexusguard uses a set of challenge-response algorithms to discreetly police suspicious network activity in a progressive order. Only users failing all tests are put to a CAPTCHA challenge as a final gatekeeping step.

As part of Nexusguard’s DDoS mitigation technology, progressive C/R authentication provides multiple layers of defense to detect and block bad bots and malicious traffic.

Authentication process is non-invasive to legitimate users, but is effective in blocking all bad bots. No splash or delay screens to annoy legitimate users, even under attack.

Crawler Identification

Nexusguard uses a crawler identification technology, which consists of a proprietary signature database, to block abusive bots and let in only the good ones.

The bot identification technology achieves 0% false positives and false negatives in the detection and elimination of malicious crawlers, spammers, potential hackers, other bad bots and even those using forged IP addresses.

This ensures 100% search engine access, thereby enhancing SEO efforts and improving organic search engine rankings.

SSL Attack Mitigation

Nexusguard's SSL attack mitigation protects sites and applications from SSL-based attacks. SSL decryption and challenge-response mechanisms are enforced only on malicious requests.

Nexusguard Secure Key Management Infrastructure (KMI) provides the highest level of assurance for safeguarding private keys. KMI is PCI and ISO 27001 compliant, incorporating robust service level requirements.

For those who are unable to upload the private key for compliance reasons, Nexusguard offers a "separate key pair" approach to allow the client to retain the private key, whilst Nexusguard can use a separate key pair to process Nexusguard-to-Visitor SSL traffic.

Download White Paper