NSFOCUS On-Premises Defenses

Comprehensive, Multi-Layered DDoS Protection

Partners / Technology Partners / NSFOCUS / On-Premises Defenses >

Today, Service Providers understand that a significant percentage of DDoS attacks targeting their customers can be defeated by anti-DDoS technology deployed within the providers network itself. Statistics demonstrate that nearly 50 percent of DDoS attacks observed are under 10Gbps in size, and last less than 30 minutes in duration. These attacks can easily be defended or mitigated by NSFOCUS On-Premises DDoS Defenses.

In order to defeat a DDoS attack against their customers, providers of all sizes must “detect” a DDoS attack first. Time-and-time again providers have been notified of DDoS attacks against their customers; however, without the proper detection technology in place, they had no ability to see the attack while in progress. DDoS defenses always begin with detection first. The most economical and effective way to detect DDoS attack traffic is to monitor xFlow data coming from the provider’s border, core, and/or edge routers.

Once a DDoS attack is detected by the provider, the most economical and effective way to protect customers is to divert both good and bad traffic for the IP address(s) under attack to out-of-path mitigation technology. This technology is located “within” the providers’ network itself. Once mitigation of the DDoS traffic is performed, legitimate traffic is re-injected back into the network for the entity under attack. This ensures that attack traffic is blocked and legitimate traffic continues to flow, without the use of null routes.

Once DDoS detection and mitigation have been addressed, a centralized management system is needed to control the overall solution. This system must allow service providers to implement multi-tenant configurations that control customer policies and rule sets, while providing real-time alerting, reporting, and analytics to the provider.

NSFOCUS provides a complete, on-premises anti-DDoS solution that provides detection, mitigation, and management as follows:

Network Traffic Analyzer (NTA) – Detects DDoS Attacks
NTA is a DDoS detection appliance that identifies attacks via traffic flow monitoring

Anti-DDoS System (ADS) – Mitigates DDoS Attacks
ADS is a DDoS mitigation appliance that removes unwanted, malicious traffic

Anti-DDoS System Manager (ADS-M) – Manages Complete Solution
ADS-M is a multi-tenant management system designed for providers. It provides centralized management of the ADS and NTA appliances as well as support for multiple, separate configuration and reporting domains for each customer. A web-based customer portal is also included.

The NTA monitors network activity by receiving and analyzing xFlow data from border, core and/or edge routers. It uses an innovative, multi-stage DDoS detection engine made up of several algorithms and other mechanisms to accurately identify DDoS traffic from other traffic streams. User can customize NTA alert plugins with specific signatures, in order to extend NTA detection capability. Also, NTA auto-learning feature provides machine learning threshold baseline, which can be adopted in different scenarios. In addition, the NTA can integrate with NSFOCUS Threat Intelligence (NTI) to query the reputation of the suspicious source IP. On the deployment, the NTA can be deployed as a stand-alone system that provides DDoS detection only and supports Remotely Triggered Black Hole (RTBH) functionality. Under large network traffic scenarios, NTA-FLB can manage and collect flow data from multiple detect points, thus implement high performance detection and flow reuse.

On Path Traffic Diversion

When an ADS is added to the deployment, the ADS then comes under the direction of the NTA. The NTA communicates with the ADS, alerting it to the IP address(s) that are under DDoS attack. The ADS next announces the border routers to divert traffic via BGP to the ADS where malicious traffic is discarded. It then re-injects legitimate traffic back into your network with extremely low latency and high accuracy. Also, the ADS can integrate with NSFOCUS Threat Intelligence (NTI) to discard the traffic from known botnets immediately, and uploads the attack data to NTI for contributing to intelligence.

The ADS-M real-time views are highly optimized for traffic monitoring, reporting, ease of use, and improved user experience

The ADS-M is used for central configuration, management, and reporting. It can be configured in a multi-tenant mode of operation to provide separate administrative domains on a per-customer basis. The ADS-M includes a flexible, web services API to automate provisioning and reporting for your specific environment. Network operators can use the ADS-M to direct and collect packet captures from co-resident ADS systems to shorten problem resolution and incident response times. Extensive reporting options include information on attack types, attack targets, protocols, ports, network status, alert information, device logs, and more.

The ADS-M also supports a customizable “customer portal” designed for providers who desire to offer Managed DDoS Services. This portal allows providers to offer web-based access to their customers for traffic analysis, reporting, and analytics on a case-by-case basis.



Complete service provider ready solution

Defend attacks against your customers

Lowest total cost of ownership (TCO)

Quick and easy install into your network

Deploy as much mitigation capacity as needed

Automatic hand-off with NSFOCUS Cloud Centers

Shorten time to redirection and cloud mitigation

Increased visibility and traffic threshold monitoring

Versatility of deployment options

Key Features

Automated or manual BGP redirection

GRE, VLAN, MPLS, PBR traffic re-injection

All-in-one solution, multi-tenancy enabled

Low false positives, high performance

Easy to integrate and cohabitate

Automated and reliable DDoS mitigation

Efficient and intelligent protection from the botnet-based attacks with NTI


DDoS and Web Application Attack Landscape Report

Annual Cybersecurity Insights Report

Botnet Trend Report

Fintech Security Analysis Report


640,000 TBytes of attack traffic in total, 79.4% increase over 2016

14.1 Gbps of average peak traffic of individual attacks, 39.1% increase over 2016

1.4 Tbps of maximum peak traffic among individual attacks, nearly 100% over 2016


Linux/UNIX hosts and servers constituted a strong base (55%) of DDoS attack sources. IoT devices were more frequently seen in small attacks (29.8% in small attacks and 10.3% in large attacks). Windows servers were often present in large attacks.

The trend of traditional reflection attacks, such as those based on the Network Time Protocol (NTP), slowed down, while modern ones that abused Memcached servers surged and related peak traffic hit a new record high of 1.35 Tbps

To download the latest report, please visit: https://nsfocusglobal.com/company-overview/resources

Industry-Leading Accuracy And Fastest Time To Mitigation
NSFOCUS On-Premises DDoS Defenses incorporate the latest from our internationally-recognized research labs and is developed with over 16 years of experience protecting the world’s largest banks, telecommunications, gaming, and streaming media companies. The NSFOCUS Security Labs is a cyber security threat research lab at the forefront of vulnerability assessment, threat detection, and mitigation research. Their work, combined with world-class engineering, has resulted in a solution with industry leading accuracy capable of automatically defeating advanced, multi-layer DDoS attacks in as little as 20 seconds.

The ADS series of appliances includes models that range from 1Gbps to 40Gbps of DDoS mitigation capacity that support flexible licensing, so providers can deploy as much mitigation capacity as needed. When deployed with an ADS-M appliance, the ADS systems can be clustered to withstand the most extreme volumetric and application-layer DDoS attacks.

Multi-Tenant, Centralized Management
The ADS-M provides a multi-tenant configuration interface that simplifies the administration and monitoring of Managed DDoS Services. It enables service providers to create and configure customer specific security policies and reports, including daily/weekly/monthly/yearly intervals with pie charts, bar graphs, line graphs, and more. It also provides real-time traffic monitoring, log information, and detailed attack history for post-incident forensic analysis.

Easy To Deploy And Integrate
The ADS is typically deployed at the ingress points to your network, while the NTA and ADS-M appliances can be installed at any location in your network. The ADS uses industry standard routing protocols to communicate with other routers in order to redirect suspicious traffic and forward legitimate traffic back into your network. A flexible web services API in the ADS-M further simplifies integration of the system into your network by providing a programmatic interface that can be used to automate labor intensive tasks.

NSFOCUS Hybrid DDoS Defenses
Many service providers utilize a hybrid approach to defeat the damaging effects of DDoS attacks. The approach combines NSFOCUS On-Premises Defenses (designed to defeat attacks against your customers) with NSFOCUS Cloud DDoS Protection Service (designed to defeat attacks that impact your infrastructure).

Working in unison, this Complete Service Provider DDoS Mitigation Solution eliminates smaller attacks on-premises, while defending infrastructures from larger attacks using the NSFOCUS Cloud. Both defenses are integrated, resulting in increased bandwidth visibility, reduced cloud redirect times for mitigation, and coverage for all L3-L7 DDoS attacks.

Software Specifications
Software Specifications

For Service Providers Of All Sizes
NSFOCUS On-Premises Defenses is the ideal solution for today’s service providers to defeat DDoS attacks against their customers. It is highly scalable and is performance optimized to meet the current and future needs of service provider environments. It is also easy to deploy, flexible, and provides a multi-tenant configuration interface to simplify the configuration and administration of large-scale Managed DDoS Services.

Software Specifications
Software Specifications
Software Specifications

Download Request for
NSFOCUS On-Premises DDoS Defenses Datasheet

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Download Request for
Votiro Secure File Gateway for Email

Please enter your details to sign up to our mailing list and the download will be emailed to you shortly.

Our website uses cookies to provide a better user experience, improve our services and our website’s functionality. By continuing to use our website, you consent to the use of cookies and agree to our Privacy Policy and Terms of Service.