Different Categories of Protection
This comparison is between two different categories of DDoS protection, not two competing products in the same category. Understanding the distinction matters for evaluating where each fits in your security stack.
Nexusguard is a cloud-based DDoS scrubbing service. When an attack is detected, traffic is diverted through Nexusguard's global scrubbing centers where malicious packets are filtered out. Clean traffic is then forwarded to your origin servers. Nexusguard also offers DNS protection and web application firewall services. Their primary value is absorbing large volumetric attacks in their scrubbing infrastructure before the traffic reaches your network.
Flowtriq is an on-node detection and mitigation platform. The FTAgent runs directly on your servers, reading kernel-level network statistics every second. When an attack is detected, it fires local firewall rules (iptables/nftables) within the same second, then escalates through BGP FlowSpec, RTBH, and cloud scrubbing as needed. Flowtriq's primary value is per-server visibility, sub-second response, and forensic documentation.
Architecture Comparison
| Dimension | Nexusguard | Flowtriq |
|---|---|---|
| Category | Cloud scrubbing (mitigation) | On-node detection and mitigation |
| How it works | Traffic diversion through external scrubbing centers | Agent on each server reads kernel counters |
| Mitigation location | In cloud scrubbing centers (upstream) | On the server itself + BGP + cloud scrubbing |
| Detection speed | Depends on diversion and scrubbing pipeline | Under 1 second per node |
| Per-node visibility | Network-level (per IP or prefix) | Per-server with independent baselines |
| PCAP forensics | Limited (traffic is scrubbed upstream) | Full PCAP for every incident |
| Non-HTTP protection | Available (DNS, network layer) | All protocols, all ports |
| Deployment | DNS/BGP-based traffic diversion configuration | Agent install per server (minutes) |
Where Nexusguard Fits Well
Nexusguard is well-suited for organizations that need upstream volumetric attack absorption and cannot handle large floods at their own network edge.
- Organizations facing multi-Tbps volumetric attacks that exceed local network capacity
- Service providers offering DDoS protection to their customers as a managed service
- DNS infrastructure protection where Nexusguard's DNS-specific scrubbing is valuable
- Environments where traffic diversion latency is acceptable for the protection gained
Where Flowtriq Fits Well
Flowtriq is well-suited for operators who need per-node visibility, sub-second response time, and forensic evidence for every incident.
- Hosting providers who need per-customer detection across hundreds of nodes
- Infrastructure behind existing CDN/scrubbing that needs local detection for bypass attacks
- Operators who need PCAP forensics for compliance, incident reporting, or customer communication
- Non-HTTP services like game servers, VoIP, mail servers, and custom TCP/UDP applications
- Budget-conscious operators who need predictable per-node pricing without bandwidth-based costs
Using Both Together
Cloud scrubbing and on-node detection are complementary. Many operators run both:
- Nexusguard absorbs volumetric floods upstream before they reach your network
- Flowtriq monitors each server individually for attacks that bypass cloud scrubbing, originate internally, or target specific services
- Flowtriq can auto-trigger cloud scrubbing as its highest escalation tier when local mitigation is insufficient
- PCAP forensics from Flowtriq provide incident documentation regardless of where the attack was ultimately mitigated
Flowtriq natively integrates with Cloudflare Magic Transit, OVH VAC, Hetzner DDoS Protection, Path.net, and Voxility for cloud scrubbing escalation. Webhook-based triggers can integrate with any API-accessible scrubbing service.
Try Flowtriq free for 14 days. Per-node detection with sub-second response, PCAP forensics, and automated mitigation. No credit card required. Start your trial.