NSFocus IPS: IDPS Product Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of top Intrusion Detection and Prevention Systems.

Company Description

NSFocus is best known as a Distributed Denial of Service (DDoS) mitigation solution provider. It combines cloud and on-premises DDoS defenses with global threat intelligence.

Product Description

The NSFocus Next-Generation Intrusion Prevention System (NGIPS) provides threat protection that blocks intrusions, prevents breaches, and safeguards assets. NGIPS uses a multi-layer approach to identify and address known, zero-day, and advanced persistent threats to protect from malware, worms, spyware, back-door Trojans, data leakage, brute force cracking, protocol attacks, scanning/probing and web threats. This approach combines signature and behavior-based detection, protocol and traffic anomaly detection, correlation analysis, deep packet inspection, and the latest threat intelligence to detect malicious sites and botnets.

An optional virtual sandboxing capability can be added to the NGIPS system using the NSFocus Threat Analysis (TA) appliance. The TA uses several detection engines to identify known and zero-day threats, including an IP reputation engine, anti-virus engine, static analysis engine, and virtual sandbox execution. The NGIPS can discover and block advanced threats by discerning anomalous network behaviors such as sensitive data leakage, file identification, and server illegal outreach.

Gartner gives NGIPS high marks for its threat intelligence features, but said the product has no public cloud support and “the core IDPS engine is signature-based and might be prone to evasion by heavily obfuscated threats.”

Markets and Use Cases

NGIPS protects some of the largest Fortune 500 companies, including the world’s largest mobile provider, and four of the five largest global financial institutions. It is also suitable for small to medium environments; demanding enterprise and service provider data centers can choose from a range of scalable hardware appliances that can provide up to 40 Gbps of throughput.


The NGIPS provides up to 20 Gbps of application-layer data processing capacity.


NSFocus TA is an optional virtual sandboxing appliance that is capable of detecting, analyzing, and mitigating known, zero-day, and advanced persistent threats. The technology is often deployed as an additional line of defense that operates in unison with the NGIPS.

The TA utilizes a multi-stage detection engine to identify malicious activity. This approach combines signature detection, heuristic analysis, threat intelligence and virtual execution techniques to protect any network against cyber threats.


Physical and virtual appliances




No pricing information was provided.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis