NSFocus IPS: IDPS Product Overview and Analysis

See our complete list of top Intrusion Detection and Prevention Systems.

Company Description

NSFocus is best known as a Distributed Denial of Service (DDoS) mitigation solution provider. It combines cloud and on-premises DDoS defenses with global threat intelligence.

Product Description

The NSFocus Next-Generation Intrusion Prevention System (NGIPS) provides threat protection that blocks intrusions, prevents breaches, and safeguards assets. NGIPS uses a multi-layer approach to identify and address known, zero-day, and advanced persistent threats to protect from malware, worms, spyware, back-door Trojans, data leakage, brute force cracking, protocol attacks, scanning/probing and web threats. This approach combines signature and behavior-based detection, protocol and traffic anomaly detection, correlation analysis, deep packet inspection, and the latest threat intelligence to detect malicious sites and botnets.

An optional virtual sandboxing capability can be added to the NGIPS system using the NSFocus Threat Analysis (TA) appliance. The TA uses several detection engines to identify known and zero-day threats, including an IP reputation engine, anti-virus engine, static analysis engine, and virtual sandbox execution. The NGIPS can discover and block advanced threats by discerning anomalous network behaviors such as sensitive data leakage, file identification, and server illegal outreach.

Gartner gives NGIPS high marks for its threat intelligence features, but said the product has no public cloud support and “the core IDPS engine is signature-based and might be prone to evasion by heavily obfuscated threats.”

Markets and Use Cases

NGIPS protects some of the largest Fortune 500 companies, including the world’s largest mobile provider, and four of the five largest global financial institutions. It is also suitable for small to medium environments; demanding enterprise and service provider data centers can choose from a range of scalable hardware appliances that can provide up to 40 Gbps of throughput.


The NGIPS provides up to 20 Gbps of application-layer data processing capacity.


NSFocus TA is an optional virtual sandboxing appliance that is capable of detecting, analyzing, and mitigating known, zero-day, and advanced persistent threats. The technology is often deployed as an additional line of defense that operates in unison with the NGIPS.

The TA utilizes a multi-stage detection engine to identify malicious activity. This approach combines signature detection, heuristic analysis, threat intelligence and virtual execution techniques to protect any network against cyber threats.


Physical and virtual appliances




No pricing information was provided.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles