KEY BENEFITS
1.28Tbps global scrubbing
capacity
Multi-layered protection
Zero capex
New revenue stream
Hassle-free setup
Cloud-based WAFs
Instant service providing
Enhanced site performance
Service Provider
Enablement
Cloud Implementation Model
While most service providers can handle limited DDoS attacks
relying on legacy security solutions, such an approach typically fails
to guard against large-scale volumetric attacks. Although legacy
solutions are essential for basic security, they were not designed
for today’s DDoS attacks and may, in fact, become bottlenecks
themselves. This situation makes it difficult for service providers to
honor the zero-downtime commitments they may have made to their
customers. And the complexity of maintaining mitigation appliances
and providing the necessary training makes for additional challenges.
Nexusguard Service Provider Enablement (SPE) is a zero-capex,
easy-to-operate solution that enables you to provide customers with
essential DDoS protection. Nexusguard’s comprehensive solution lets
you turn DDoS challenges into an attractive business opportunity,
allowing you to expand your service offerings and satisfy customer
demands for protection from DDoS and other cyber attacks.
Nexusguard delivers carrier-grade DDoS mitigation services through
its industry-leading network of globally distributed scrubbing
centers. With over 1.28Tbps of mitigation capacity, Nexusguard
Turn DDoS Pain into Business Gain
Beyond DDoS Protection
DDoS attacks are a major concern for Internet businesses. But data integrity, confidentiality, and website performance are also key priorities. A solution that addresses both security and performance offers service providers an attractive opportunity for generating recurring revenues for their business. Nexusguard integrates DDoS mitigation, cloud-based Web Application Firewalls (WAFs), caching, and load balancing all in one package. Our multi-dimensional solution protects against sophisticated DDoS attacks and stealthy web application threats — without compromising site performance.
Lower Latency, Higher Capacity
SPE also delivers lower latency and higher capacity for your customers. All traffic going through the cloud is compressed and cached for speedy delivery, which translates into greatly enhanced site performance and a superior user experience.
Service Provisioning In Minutes
Nexusguard helps you set up and integrate the service. Once installation is completed, you can easily deploy DDoS mitigation services to your customers via the automated Partner Portal. The entire intuitive process takes less than five minutes, allowing you to quickly activate new accounts.
Zero Upfront Cost
The Nexusguard SPE program provides the
technology, support, and expertise required to deliver DDoS mitigation services in house. With no upfront investment in appliances or cloud-based scrubbing centers, you can immediately cash in on Nexusguard’s infrastructure and resources by marketing DDoS mitigation services under your own brand.
A New Revenue Stream
As a Nexusguard SPE partner, you can tap into the potential of the fast-growing market for DDoS mitigation services. The revenue generated from reselling Nexusguard’s services through the program is shared equitably, making it a win-win for both parties.
No Hassles, No Complications
The state-of-the-art service platform is built, maintained, and operated by Nexusguard, and SPE services are delivered directly to your customers via an automated portal. With easy installation and setup, the turnkey solution provides a powerful competitive advantage by enabling you offer DDoS mitigation services as an integral part of your product portfolio.
To meet growing
customer demand,
Nexusguard
delivers a turnkey,
cloud-based
solution that
enables you to
quickly launch new
DDoS protection
services.
As DDoS attacks become increasingly common, it is crucial for
service providers to offer flexible, scalable, and cost-effective
solutions that can help customers protect their networks.
To help you meet growing demand for such services, Nexusguard
delivers a turnkey, cloud-based solution that enables you to quickly
expand existing DDoS protection services, and even launch new
ones. And even better, you can do it without any additional capital
expenditures for infrastructure or manpower.
Capable of mitigating over 1.28Tbps of attacks, Nexusguard’s
Global Cloud consists of scrubbing centers strategically located in
San Jose, Miami, Los Angeles, Ashburn (Va.), London, Singapore,
Hong Kong, and Taiwan. Such enormous mitigation capacity
ensures that Nexusguard can quickly and effectively handle the
most threatening DDoS attacks — regardless of their size or type,
and with no lag time between attack detection and mitigation.
Cloud Solution
Global Scrubbing Center
MIAMI SAN JOSE LOS ANGELES LONDON ASHBURN SINGAPORE
During an attack, malicious traffic is eliminated at Nexusguard’s scrubbing centers so as to not consume the service provider’s bandwidth. Inbound traffic is redirected to the nearest scrubbing center, where DDoS filtering and routing techniques are employed to reduce DDoS traffic interference. Clean traffic is then routed back to your network, while analytical reports on the attack are generated.
How It Works
Cloud Solution
HIGHLIGHTED FEATURES • 1.28Tbps mitigation capacity
• Protection against attacks on network Layers 3, 4, and 7
• Protection beyond HTTP/HTTPS (including protection against hacking into web applications)
• Site acceleration supported by load-balancing across all active backend servers
• Dynamic and static content caching, boosted by in-memory cache to reduce I/O Attack Traffic Legitimate Traffic SPE Partner Cloud Global Cloud
Backend Web Server In-Country Traffic Global Traffic Attack Traffic Legitimate Traffic
Preventing
collateral damage
to non-targeted
customers and
avoiding huge
bandwidth
overages by
offloading
attack traffic to
Nexusguard’s
cloud.
Deep Packet Inspection (DPI)
Deep packet inspection is used to direct, filter, and log IP-based applications and traffic based on the content of a packet’s header or payload, regardless of the protocol or application type.
Adaptive Filtering
By learning baseline protocols and patterns of an ongoing attack, adaptive filtering can more accurately identify and filter out abnormal and unusual traffic.
Technology and Features
Preventing dynamic DDoS attacks requires real-time, comprehensive, and meticulous detection and action. Nexusguard guards against attack traffic through multiple layers of inspection to deliver fast, clean traffic.
Comprehensive Filtering
Comprehensive Filtering DDoS Mitigation
Caching and Load Balancing Visibility and Control
Web Application Firewall (WAF) Auto-Recovery
Flexible Content Filtering
Nexusguard continuously monitors application traffic for unusual behavior. Using its proprietary pattern recognition and analysis system, Nexusguard deters morphing HTTP flood attacks by adapting flexible content filters to rapidly counter evasive actions.
Web Application Firewall (WAF)
Web Application Firewalls enable heuristic-based, intelligent, and accurate detection and mitigation of web application-based attacks.
Caching & Compression,
Acceleration & Optimization
If any malicious traffic slips through the net, Nexusguard’s vast caching capacity absorbs it. With multiple layers of protection working seamlessly behind the scene, legitimate visitors will never notice if a site is under attack.
Designed to deliver a perfect balance of protection and performance for public-facing websites, Nexusguard’s best-in-class SPE solution offers a wealth of features and benefits:
DDoS Mitigation
HIGHLIGHTED FEATURES
• Anti-reflection – uses attack fingerprints to avoid sending reflected DDoS traffic. By collecting and analyzing attack patterns, the technology differentiates real users and drops requests from botnets without interrupting web services. • No bandwidth abuse – powered by a proprietary spoofing detection algorithm, our volumetric DDoS mitigation never sends abusing traffic.
• Zero user impact – identifies popular attack fingerprints using Big Data correlation analysis from systems, networks, and industry types, and stops DDoS attacks without affecting real users. • OS fingerprint – ensures proper user experience with fewer false positives by collecting and analyzing different attack patterns from an OS and TCP/IP stack perspective.
• Auto mitigation – learns and analyzes user patterns and behaviors, which are then used to formulate mitigation policies.
Volumetric DDoS Mitigation
Nexusguard’s volumetric DDoS mitigation solution is built on state-of-art technology. Issues concerning IP spoofing and high-volume DDoS attacks are solved in an innovative, reliable way.
Application DDoS Mitigation
Application DDoS attacks (aka Layer 7 attacks) are increasingly popular with attackers due to their “cost effectiveness.” Such attacks generally consume less bandwidth and are stealthier in nature when compared to volumetric attacks.
Application attacks are difficult to detect because a connection has already been established and is frequently encrypted (HTTPS/SSL), and therefore requests may appear to be from legitimate users. Nexusguard’s solution offers total defense against application DDoS attacks that attempt to exhaust the resources of web applications and servers.
HIGHLIGHTED FEATURES
• Anti-bot defense – comprises Protocol ID, Browser ID, and Challenge ID to distinguish between humans and bots. This three-pronged approach analyzes and traces HTTP protocols, checks browser behavior patterns, and challenges suspicious traffic requests to create a more effective defense front.
• Smart AI – mitigates DDoS attacks with much greater accuracy. Smart AI identifies visitors using a unique, encrypted tracking tag that prevents users behind proxies from being mistaken for bots. In addition, a smart, state-monitoring machine adjusts filter settings automatically for different circumstances, effectively keeping legitimate users undisturbed.
• Web API protection – protects API servers from DDoS attacks. Through a virtual throttling system, API calls are controlled at the API server’s normal processing rate to ensure service availability. Coupled with GeoIP control, malicious API calls from suspicious regions are blocked at the edge, preventing further impact on API servers.
SSL Attack Mitigation
As part of Nexusguard’s total anti-DDoS solution, we also support SSL-encrypted attack mitigation. Our SSL certification management follows the PCI Data Security Standard and ISO 27001. In doing so, our scrubbing centers become the intermediary for all incoming traffic to your websites, including SSL traffic.
We offer three SSL traffic-handling options to maximize DDoS mitigation and minimize false-negatives.
• Offloading – SSL traffic is decrypted at our scrubbing centers and returned to your web servers in clear-text format. This method relieves your servers of processing heavy encrypting/decrypting traffic via SSL, thereby improving server
performance.
• Bridging – SSL traffic is decrypted at our s crubbing centers and re-encrypted when sent back to your servers. As data is SSL-encrypted en route, this method offers the highest level of security. • Forwarding – SSL traffic is forwarded to your web servers directly without decryption in between.
During “peacetime,” your customers have little tolerance for slow loading pages and website
downtime. Leveraging our Global Cloud infrastructure, Nexusguard’s goal is to deliver pages without a glitch — and deliver them fast.
The solution’s dynamic and static content caching mechanism offloads excessive HTTP requests from the server. All traffic going through the cloud is compressed and cached for speedy delivery. The load-sharing traffic services support multiple backend configurations. Automatic, backend failover is also implemented in the event of a backend server failure.
Nexusguard’s SPE Partner Portal allows you to
monitor customers from a consolidated dashboard. You can quickly see which customers are under attack and get details in real time or with an
historical view from the event timeline. Access to attack size, duration, clean bandwidth, attack source, botnet request numbers, and request statistics are available in any event view.
Besides high visibility, ease of customer
management is another benefit of the Partner Portal. Configuration change, policy tuning, and site monitoring are all available in the Customer View.
DDoS tactics are increasingly incorporated into larger malicious incidents, often serving as a distraction or smokescreen to cover more sophisticated attacks on web applications. In fact, a DDoS attack may well be a prelude to a more severe event. That’s why it’s critical to have a comprehensive solution that can protect websites and digital assets from all kinds of attacks and data breaches.
Nexusguard SPE features a cloud-based WAF as a service module that protects your customers’ applications against a wide range of threats and malicious attacks, such as brute force attacks, SQL injections, cross-site
scripting, and more.
Until recently, WAFs were only available as expensive hardware appliances, affordable only to large organizations. Today, Nexusguard’s
web-based WAF offers a cost-effective security solution, making it a compelling feature for you to attract new customers and lock in existing business. Depending on your customer’s needs, Nexusguard’s WAF platform can be deployed in basic or advanced modes:
• Basic mode monitors traffic and provides WAF protection with basic rule-sets to protect most websites.
• Advanced mode monitors traffic and provides WAF protection with customizable rule-sets to protect mission-critical websites.
The analytics generated by the WAF project a clear
Web Application Firewall (WAF)
Better yet, Nexusguard’s 24x7 team of security experts at our Security Operations Center (SOC) constantly monitor and tune the WAF in order to protect your customers from evolving threats. Also, because we centrally manage the WAF platform, we analyze latest attack patterns from our large pool of customers, fine-tuning the platform to reduce false positives and improve detection rates.HIGHLIGHTED FEATURES
• Cutting-edge technology – cloud-based WAF technology blocks application layer attacks with positive and negative security features.
• 24x7 monitoring and tuning – our SOC constantly monitors and tunes the WAF to protect customer websites from evolving threats.
• Turnkey solution without capex costs – offered as a part of our monthly service plans with no capital expenses or complex integration required.
• High detection rates and low false positives – analyzes latest attack patterns from a large pool of customers, resulting in better detection and fewer false positives.
• Protect against OWASP top 10 threats - protects web application from SQL injection, cross-site scripting, OS command injection and other OWASP top 10 threats.
Auto-Recovery
Nexusguard’s Global Cloud and the partner cloud are equipped with an auto-recovery Traffic Director. The Traffic Director can detect device failures,
Here is a typical workflow for deploying Nexusguard SPE
in the Cloud Model:
Deployment Workflow
Project Kick-off
6
SPE hardware and
software development
6
Partner Portal
deployment
6
UAT
6
Training
6
Preparation for
product launch
6
• Introduction to Nexusguard’s project team • Project briefing on development,
administration, customer portal, and service modules for end-customers
• Hardware purchase and delivery • Hardware installation and setup • Software deployment
• Develop a development plan • Agree on deployment timeline • Implement and verify the trial portal
• UAT plan • UAT testing • UAT sign-off
• SPE sales training • SPE product training • SPE operational training
• Customer packaging and pricing • Business plans and forecasts
• Marketing plans and marketing collateral • Invoicing and payment process
SPE Partner Support
In addition to the benefits you are entitled to as a Nexusguard Service Provider Enablement Partner, several support resources are
available to help you operate and grow your DDoS protection services:
• Business planning and management support • Press release and marketing content support • Enablement toolkits
• Program onboarding and operational training • Updates on the latest cyber threats
Business Support
The SPE program offers 24x7 real-time monitoring of your customers’ websites. Whenever a threat emerges, it is immediately handled by our SOC, with a Nexusguard security expert always ready to address your security concerns. If further support is required, you can reach our technical support team at any time.
Technical Support &
Emergency Service
