See our complete list of top Intrusion Detection and Prevention Systems.
NSFocus is best known as a Distributed Denial of Service (DDoS) mitigation solution provider. It combines cloud and on-premises DDoS defenses with global threat intelligence.
The NSFocus Next-Generation Intrusion Prevention System (NGIPS) provides threat protection that blocks intrusions, prevents breaches, and safeguards assets. NGIPS uses a multi-layer approach to identify and address known, zero-day, and advanced persistent threats to protect from malware, worms, spyware, back-door Trojans, data leakage, brute force cracking, protocol attacks, scanning/probing and web threats. This approach combines signature and behavior-based detection, protocol and traffic anomaly detection, correlation analysis, deep packet inspection, and the latest threat intelligence to detect malicious sites and botnets.
An optional virtual sandboxing capability can be added to the NGIPS system using the NSFocus Threat Analysis (TA) appliance. The TA uses several detection engines to identify known and zero-day threats, including an IP reputation engine, anti-virus engine, static analysis engine, and virtual sandbox execution. The NGIPS can discover and block advanced threats by discerning anomalous network behaviors such as sensitive data leakage, file identification, and server illegal outreach.
Gartner gives NGIPS high marks for its threat intelligence features, but said the product has no public cloud support and “the core IDPS engine is signature-based and might be prone to evasion by heavily obfuscated threats.”
Markets and Use Cases
NGIPS protects some of the largest Fortune 500 companies, including the world’s largest mobile provider, and four of the five largest global financial institutions. It is also suitable for small to medium environments; demanding enterprise and service provider data centers can choose from a range of scalable hardware appliances that can provide up to 40 Gbps of throughput.
The NGIPS provides up to 20 Gbps of application-layer data processing capacity.
NSFocus TA is an optional virtual sandboxing appliance that is capable of detecting, analyzing, and mitigating known, zero-day, and advanced persistent threats. The technology is often deployed as an additional line of defense that operates in unison with the NGIPS.
The TA utilizes a multi-stage detection engine to identify malicious activity. This approach combines signature detection, heuristic analysis, threat intelligence and virtual execution techniques to protect any network against cyber threats.
Physical and virtual appliances
No pricing information was provided.