Description
Enhance Security, Automate Defense, and Accelerate Protection with NGINX
Achieve comprehensive protection against DoS and DDoS attacks for your apps and APIs with a multi-layered, adaptive, automated mitigation strategy for DevOps environments. Running natively on NGINX Plus and NGINX Ingress Controller, NGINX App Protect DoS is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.
Why Use NGINX App Protect DoS
Multi-Layered App and API Defense
Mitigate against Layer 7 DoS attacks using machine learning and adaptive security for comprehensive protection at scale. With NGINX App Protect DoS you can:
- Implement a multi-layered DDoS defense strategy managed by your app and API teams that includes blocking bad-actor IP addresses and bad requests, and applying global rate limiting as needed
- Reduce operational costs and false positives with machine learning to establish normal baseline patterns, detect anomalies, and block malicious traffic without affecting legitimate traffic
- Continuously measure mitigation effectiveness with adaptive learning for no-touch policy configuration that enables cost-effective DDoS protection at scale
- Track and analyze over 300 metrics of user and app behavior and deploy dynamic signatures to automatically mitigate and defend against zero-day attacks.
- Enhance security with advanced attack detection that tracks client traffic patterns, reviews service health checks, and uses eBPF with XDP technology for accelerated protection.
Mitigate DDoS Attack Types
Protect against multiple Layer 7 DDoS attack types that evade traditional network defenses. With NGINX App Protect DoS you can:
- Protect traditional HTTP/S and modern HTTP/2 apps – plus gRPC and WebSocket traffic – against various low-and-slow DDoS attacks including Slow
POST
, Slow Read, Slowloris and more - Block
GET
andPOST
flood attacks which overwhelm the server or API with a high volume of requests, rendering it unable to respond to real users - Block Challenger Collapsar attacks where frequent requests appear normal except the requested URI requires complicated computations designed to exhaust server resources
- Accurately detect bad actors using encryption or NAT to evade detection using TLS fingerprinting for IPv4 in combination with IP address
- Ensure app uptime and protect against targeted SSL/TLS attacks that abuse the handshake protocol using a signatures mechanism for anomaly detection and mitigation based on the CLIENT HELLO message.
Deploy Platform-Agnostic Protection
Ensure consistent app and API security with seamless integration throughout your entire infrastructure. With NGINX App Protect DoS you can.
- Easily implement protection across distributed architectures and environments including on-premises, hybrid and multi-cloud
- Natively deploy DoS protection in a flexible software form factor on NGINX Plus as a load balancer or API gateway, and on NGINX Ingress Controller or as a per-pod or per-service proxy
- Build consistent security controls for web apps, microservices, containers, and APIs
- Reduce complexity and tool sprawl using the NGINX portfolio for single-vendor DoS mitigation
- Scale your DoS protection for Kubernetes apps in the cloud with this lightweight, high-performance, low-latency, and low-compute security solution.
Support for Security Automation, DevSecOps, and Shift Left
Enable a shift-left strategy where DoS protection is incorporated into every stage of the software development lifecycle (SDLC). With NGINX App Protect DoS you can.
- Implement DevSecOps with seamless integration of changes to your configured security posture into your CI/CD pipelines with security-as-code for Layer 7 DoS defense
- Apply consistent app and API DoS protection with declarative security policies created by SecOps and deployed by DevOps
- Enable cost-effective DDoS protection at scale with no-touch configuration
- Leverage easy policy integration via the Kubernetes API
- Keep developers agile and focused on delivering new capabilities, accelerating time to market at a reduced cost