Introduction to NxtFireGuard
Overview
Welcome to NxtFireGuard, a real-time, community-driven network defense platform. NxtFireGuard protects your organization by continuously collecting threat intelligence from your network assets, analyzing live traffic, and automatically blocking malicious IP addresses before they can cause damage.
Traditional security tools rely on static blocklists that are outdated the moment they're deployed. Attackers operate in seconds; conventional update cycles take hours or days. NxtFireGuard closes this gap by combining collective threat intelligence from the entire NxtFireGuard community with live traffic analysis on your network, giving you dynamic, always-current protection.
How NxtFireGuard Works
NxtFireGuard operates in three continuous phases:
Phase 1: Threat Intelligence Collection
NxtFireGuard collects threat logs from your network assets via Threat Sensors. These can be firewalls, honeypots, AAA servers, or any custom source. Logs are forwarded to the Threat Collector, which processes each event and enriches it with IP metadata. The resulting data feeds into the IP Scoring Engine, which assigns each IP a dynamic risk score based on threat severity, frequency, third-party intelligence, and community-wide signal from all NxtFireGuard users.
Supported Threat Sensors out of the box:
| Security Solution | Type | Log Transmission |
|---|---|---|
| PaloAlto Firewall and vFirewall | Firewall | Direct HTTPS |
| Cisco FTD (managed with FMC) | Firewall | via Syslog-Relay Docker Container |
| Cisco ISE | AAA Server | via Syslog-Relay Docker Container |
| T-Pot | Honeypot | via Logstash-Relay Docker Container |
Custom integrations are also supported via the generic API.
Phase 2: Traffic Analysis & Mitigation
Traffic Sensors monitor your live network traffic by tapping into firewall syslogs, router logs, or port mirroring. Each observed IP is checked in real time against the local IP Score database and your configured block thresholds.
When a suspicious IP is detected, the Traffic Sensor sends a block recommendation to the Arbiter. The Arbiter validates the recommendation against your whitelists and blocklist configuration, then — if confirmed — adds the IP to the appropriate blocklist(s). Your firewalls poll these blocklists and enforce the blocks automatically.
Phase 3: Continuous Re-evaluation
NxtFireGuard doesn't block IPs indefinitely. Each blocklist has a configurable re-evaluation interval. At every interval, all blocked IPs are re-scored. IPs that are no longer considered a threat are automatically removed, keeping your blocklists lean and accurate.
The Community Advantage
Every NxtFireGuard user contributes to and benefits from a shared, real-time threat intelligence pool. When one organization detects a malicious IP, that signal propagates across the community — meaning your defenses improve continuously, even from threats you haven't directly encountered yet.
Who Should Use NxtFireGuard?
NxtFireGuard is built for organizations that want to:
- Move beyond static blocklists and respond to threats at the speed they actually occur
- Centralize threat intelligence from multiple network assets into a single platform
- Automate IP blocking with dynamic scoring and re-evaluation, reducing manual effort
Ready to get started? Head to the next section to choose the right product tier for your organization.