At the heart of the NSFOCUS On-Premises DDoS Defenses is the ADS. It provides comprehensive, multi-layered protection from today’s advanced DDoS attacks. When deployed out-of-path, traffic streams for the IP addresses under attack are “diverted” to the ADS. It surgically mitigates DDoS attack traffic, while allowing all legitimate traffic to continue to pass downstream. When deployed in-line, the ADS detects attacks, and mitigates DDoS traffic. Both deployment modes provide extremely low latency and reliable detection and mitigation of attacks; while ensuring service provider’s customers and services are protected from the impact of DDoS. Features: Multi-Tenant Design Domain specific configurations, learning algorithms, automated mitigation responses, modular architectures, flexible licensing models, and the lowest total cost of ownership (TCO) Reliable, Accurate Algorithmic, multi-filter, rulebased approach provides automated and reliable DDoS mitigation with low false positives and high performance, efficient and intelligent protection from the botnet-based attacks with NTI Best-in-Class Performance Provides advanced DDoS mitigation for any size service provider that is easy to integrate with your network Scalable Architecture Supports scalable clusters for both In-line and out-ofpath deployment scenarios to meet the needs of any size network Benefits:

• Defeat DDoS attacks against your customers when deployed in your network
• Reduces operating expenses for DDoS mitigation by providing increased levels of automation

The WAF serves as an essential part of an intelligent hybrid security architecture by providing advanced inspection and specialized security for the web application layer. It also includes up to 1 Gbps of DDoS protection from other volumetric and application layer attacks, including TCP flood and HTTP/S GET/ POST floods. Additionally, if deployed in conjunction with a higher capacity NSFOCUS ADS Series Anti-DDoS appliance, the WAF can direct flows in real-time to the ADS to keep your servers running under the most extreme conditions. Features and Benefits Prevent Theft of Critical Data Data breaches are extremely complex and surprisingly frequent. The NSFOCUS WAF offers powerful protection against web attacks with a complete set of signatures for web vulnerabilities and the ability to detect unauthorized file uploads. WAF enforces access control policy from layer 4 through layer 7, to prevent access to data without proper authorization. In the later phases of an attack, WAF provides outbound data leakage detection, including illegal file download detection, web shell prevention, and filtering of sensitive information (such as credit card numbers and social security numbers). Ensure Website Availability The NSFOCUS WAF offers a built-in anti-DDoS module to protect against TCP flood attacks, HTTP/S GET/POST flood attacks and slow rate attacks up to 1Gbps. The WAF employs access rate thresholding, IP reputation and algorithm-based protection mechanisms. Coupled with the NSFOCUS ADS anti-DDoS product line, higher rate DDoS attacks can be thwarted. Close the PCI DSS Compliance Gap The NSFOCUS WAF provides reports for PCI audits as well as suggestions for policy tuning and configuration in order to help ensure compliance with PCI DSS. Protections like the cookie security feature within the WAF protects against cookie tampering and cookie poisoning in compliance with section 6.5.10 in the new PCI 3.2 standard.