In the modern interconnected world, DDoS attacks are an integral part of sophisticated cyber-attacks. They clog networks, steal information from the targeted systems, and continuously spy on their targets. From entertainment businesses providing mission-critical services to large network service providers (i.e. Communication Services Providers) that own hundreds of Class-C networks, protection from DDoS attacks is an indispensable element that their cyber-security strategy must include.

Origin Protection by Nexusguard is a total solution to protect your company’s infrastructure from malicious traffic and DDoS attacks. More specifically, Origin Protection prevents flooding or volumetric attacks that abuse the weaknesses in various communications protocols, including TCP, UDP, ICMP, FTP, and SIP.

At Nexusguard, we take a holistic and real-time approach to the mitigation of these attacks, including three specific steps: detection, filtering and incident response.

Detection

When it comes to detection, we enforce both signature- and anomaly-based detection rules. Signature databases consisting of records of attack patterns constructed by our mitigation platform and research team are used to recognise attack patterns from packet headers. Using honeypots, our research team deliberately maintains a fake weakness that entices malicious scanning and attacks. This way, we can forestall any type of zero-day attacks too.

In addition to signature database, some types of attacks are identified by certain anomalies against legitimate traffic. Our anti-flood policies are customizable on the Portal, and guarantee defences against flood attacks using fake IP, TCP-SYN, UDP or ICMP packets.

Lastly, to add an extra layer of early warning detection capability, our mitigation platform collects samples of Netflow data from routers to detect DDoS attacks by active real-time monitoring of data feeds.

Filtering

Once an attack is detected, the mitigation platform determines the source of the attack and analyzes malicious packets. Predefined filtering kicks in automatically: they analyze the malicious packets, or enforce a rate limit, in order to limit service impact. On the Portal, you can customize security policies and configure how the detected malicious traffic is regulated and dropped.

Large network owners can also customize and build policy templates that helps them better manage different protection groups specific to their own environments.

Monitoring and incident response

Our Security Operations Center (SOC) monitors DDoS attacks day and night and can work in real-time. The SOC team is comprised of security analysts with extensive experiences in, and a profound understanding of, the DDoS landscape. They are able to interpret and drop the malicious activity and support our customers to take appropriate action.

Comprehensive protection for infrastructure

A redundant, secure GRE (or Generic Routing Encapsulation) tunnel is established that then forwards clean traffic from our proprietary scrubbing centers to your Origin IP. This then returns the outbound traffic from applications to users. This fool proof setup maximizes network availability while maintaining low latency, all the while delivering a superior user experience.

Key benefits

The following are the greatest advantages of this system.

● Real-time network protection against DDoS attacks

● Consistent uptime connections and high, 24/7 availability

● Effective security cost management through real-time network insights

● Vastly superior end-user experience

For more information, please read about Nexusguard’s Origin Protection.