NOMIC OUTPOST

The first line of defense.

Employing Network CloakingTM at the far edge of the network, the Outpost hides your public attack surface from threat actors, prevents sophisticated reconnaissance of your public infrastructure — including your firewall — and provides an additional layer of defense for outbound C2 communications.

instant demo
How Outpost Works

"The Outpost is cleaning off thousands of events that the firewall now doesn’t have to deal with."

"If there’s a vulnerability in the firewall or an open port, it mitigates that scenario ... If they’re trying to do some sort of reconnaissance, the Outpost picks up on that, and blocks them immediately. It’s not a timeout; the device just doesn’t respond to the request, as if nothing was there ... I can’t say that I know what the secret sauce is that makes Network CloakingTM work, but, what I know is that it does work."

City of Bryan, Texas
Scott Smith
CISO

What is the Outpost?

Outpost is the first line of defense in a defense-in-depth strategy, dynamically identifying and blocking  threats that firewalls and other security solutions leave behind, and hiding your network from malicious traffic.

EXTENSIVE COVERAGE

No Easy Targets

With Network Cloaking and Rogue Packet detection, Outpost makes it hard on threat actors attempting to find open ports and vulnerabilities lurking on your public-facing network.

STOP THREATS AT THE EDGE

Silence Network Noise

Outpost intercepts malicious probes and recon accounting for 70% of all inbound traffic, filtering out the noise and dramatically improving the efficacy of other security tools like SIEM, EDR, and firewalls.

GUARD THE PERIMETER

Fill In The Gaps

Catch the exploits firewalls leave behind due to misconfigurations, exposed ports, and vulnerabilities. Outpost also covers the security gaps that arise when firewalls must compromise to balance network performance with security.

REDUCE YOUR PUBLIC ATTACK SURFACE

See the power of Autonomous Threat Defense.

Outpost is deployed in front of your firewall, catching exploits before they even reach your network. Once a malicious IP is identified, Network Cloaking prevents any further queries as Outpost autonomously hides all public-facing assets – including your firewall – from view.

How Outpost Works

Network CloakingTM
Simply put, the Outpost renders your public-facing assets invisible to malicious traffic. By stopping all inbound and outbound connections between bad IPs and your entire protected network in real-time and sending no response of any kind, the Outpost sidesteps any further investigation by bad actors. With your network and firewall completely hidden from view, malicious exploits - no matter how sophisticated - will be forced to seek new targets.
Rogue Packet Detection
In addition to its traditional security measures, the Outpost takes advantage of its unique position on the network and scrutinizes each connection to itself. If it determines a connection is not valid for any reason, the connection is dropped, and its source IP is barred from further communication with the entire protected network. This "tripwire" is a very simple and surprisingly effective tool against initial reconnaissance.
Dynamic Blocking
The Outpost performs deep packet inspection on all North/South traffic to determine in real-time if a network connection is malicious. Once that determination is made, all communications between the malicious network and the protected network are dropped. Reporting and configuration options give our support team and our customers the ability to manage and review these events in more detail.
Threat Intelligence Feeds
The Nomic MNDR stack enables customers to configure highly specific and customized threat feeds tailored to their specific networks. Our propietary CINS threat intelligence and community threat feeds provide dynamic protection against the latest known threats, and Outpost also supports flexible, custom feeds based on an IP, network, Country, ASN, or domain. And managed through Nomic HQ, it's easy to deploy these feeds across all your Nomic sensors.
Passive Logging
The user interfaces provided through the Outpost and Nomic HQ give users visibility into blocked networks, events, dropped packets, flows, and more. But it's also worth noting that the Outpost stores passive logs of all traffic behind the scenes. These DNS, TLS, and flow logs are incredibly useful to our support team when providing context for specific alerts, events, and general network troubleshooting.
Outbound Malware
The Outpost is also the last line of defense against malware, ransomware, and other C2 communications. When other measures from the endpoint to the firewall fail to identify a threat, the Outpost offers another layer of protection. The Outpost locks down the communication and/or flags the traffic as malicious, and our proactive support staff helps provide context to customers, so they can track down infected devices.

What is Network CloakingTM?

Even state-of-the-art firewalls, depending on their configurations, allow scanners and threat actors to enumerate open ports and perform cursory reconnaissance. Not to mention any unintentional misconfigurations, active vulnerabilities in the firewall itself, or other public-facing devices that communicate directly with the internet.

Enter Network CloakingTM. By placing the Outpost at the very edge of the network - in front of every public-facing asset - and blocking all malicious communication to the entire protected network, your network appears hidden - "Cloaked" - to a would-be attacker.

Ensure your organization's cybersecurity is up to date with our managed NDR suite.

Insight

It’s hard to tell what really goes on between the firewall and the endpoints. Powered by Flows, Insight goes beyond traditional signature-based solutions to provide a comprehensive and  easy-to-use archive of network traffic and actionable ML/AI-driven Signals that watch for potentially malicious anomalies. Nomic Insight sidesteps the siloes to give you visibility beyond the known-bad – in a way few tools have done before.

Learn more

HQ

Nomic HQ is a cloud-based platform that puts you in the driver’s seat. Manage all Events, Threat Intel Feeds, sensors, and support tickets in one place. Add Insight, and gain additional visibility into network Flows and Signals for identifying anomalous traffic. HQ pulls it all together in a unique offering that combines it all with the simplicity of a single pane of glass.

Learn more

FAQs

Why is Outpost deployed outside the firewall, in the public space, and not behind the firewall?

Outpost’s Network Cloaking methodology preemptively blocks all malicious traffic, effectively reducing the network’s public attack surface to 0. This is most effective when deployed on the furthest network edge, so the Outpost can protect the entire public space. It also protects against open ports, misconfigurations, or vulnerabilities in the firewall itself, while reducing the amount of traffic the firewall must process by up to 70%.

Does Outpost replace my firewall?

Outpost is not a firewall. That said, Outpost is not only more effective than a firewall at blocking inbound exploits and reconnaissance; It also protects and improves the performance of the firewall itself. Network Cloaking effectively hides your entire public network from malicious actors, and the Outpost stops more than 70% of inbound traffic before it reaches the firewall. The Outpost’s rulesets and threat intelligence are curated by the Nomic support team and customized for your network, and our team is available 24/7 to answer any questions or troubleshoot.

I already have a firewall. Why do I need an Outpost?

Today's firewalls are called upon to do a lot - maybe too much. And, up to 70% of the external traffic touching the firewall is unwanted or malicious. The Outpost drops that unwanted traffic and protects the firewall from its own open ports and potential vulnerabilities, freeing up firewall resources in the meantime. Honestly, you have to see it in action to really understand. Luckily, we offer free evaluations on your own network.