NEXUSGUARD





Application Protection



What is Application Protection?



The Nexusguard Cybersecurity Platform encompasses three essential elements: Application Protection, Origin Protection, and DNS Protection.


Nexusguard Application Protection service is designed to deliver a perfect balance of protection and performance for public-facing websites and applications while allowing organizations to operate without interruption. The solution leverages Nexusguard’s global scrubbing centers, which are equipped with more than 1.44Tbps of mitigation capacity and multi-layered filtering systems, enabling them to mitigate and absorb the largest, most complex DDoS attacks.



How Does It Work?



A multi-layered mitigation mechanism, including Nexusguard’s proprietary technologies, is used to identify, mitigate, and analyze attacks effectively. Because it is a pure-cloud solution, there are no upfront costs or ongoing maintenance and upgrade costs. Mitigation can start immediately. Multi-layered protection is based on two methods of protection: signature-based detection complemented by statistical behaviour analysis.



Mitigation Process





NEXUSGUARD





DNS Protection



What is DNS Protection?



The Nexusguard Cybersecurity Platform encompasses three essential elements: Application Protection, Origin Protection, and DNS Protection.


Nexusguard DNS Protection service protects mission-critical online services from all DNS attacks and malicious queries. The solution leverages Nexusguard’s globally distributed network of scrubbing centers to resolve incoming DNS queries quickly and reliably.



How Does It Work?



In a typical recursive DNS query, a client requests the resolution of a domain name or the reverse resolution of an IP address on a local DNS server. The DNS server performs the queries on behalf of the client and returns a response packet with the correct information or an error message. The specification does not allow for unsolicited responses. In a DNS amplification attack, the main indicator is a query response without a matching request.


Residing in front of a customer’s infrastructure1, Nexusguard DNS Protection Service replaces the DNS server by directly fetching zone records from the customer’s servers and hosting them in our globally distributed scrubbing centers. The client first has to change the nameservers for the domain and point the domain name to Nexusguard’s name servers, which can be accomplished at Nexusguard’s self-service Customer Portal.


As the destination for all incoming queries, Nexusguard’s cloud-based DNS servers absorb all DNS attacks, while filtering out malicious traffic from incoming queries. Your DNS servers never need to respond to any malicious DNS query — Nexusguard handles everything. Our service protects against direct attacks on DNS services, and abuses of server vulnerabilities as a leverage to launch DNS amplification attacks on other servers.



Always-on DNS Protection





NEXUSGUARD





Origin Protection



What is Origin Protection?



The Nexusguard Cybersecurity Platform encompasses three essential elements: Application Protection, Origin Protection, and DNS Protection.


Nexusguard Origin Protection Service guards against threats that target network resources. The service is especially beneficial for organizations that can’t afford any downtime of network assets. The service complements Nexusguard’s Application Protection Service by safeguarding the backend infrastructure from all DDoS threats, and covers all network components: internal websites, email servers, FTP servers, and other applications, against volumetric and protocol-based DDoS attacks, such as SYN floods, fragmented packets attacks, Ping death, Smurf DDoS, and more.



How Does It Work?



Using BGP announcements, all incoming traffic is routed through Nexusguard scrubbing centers, collectively equipped with over 1.44Tbps of mitigation capacity. Only clean traffic is routed through a secure Generic Routing Encapsulation (GRE) tunnel back to our customers’ servers. Nexusguard advertises all protected IP range announcements on your behalf.



Mitigation Layers