• NexusFirewall_Icon_white
  • nexus firewall

  • NexusFirewall_Icon_white
  • nexus firewall

Protection Against Malicious Malware Attacks

 

Stop known and unknown open source risk from being downloaded into your repositories.

Combating modern-day supply chain attacks is significantly more complicated than in the past. Adversaries are getting craftier and are no longer waiting to exploit publicly disclosed vulnerabilities to launch a cyberattack. These next-gen attacks require a next-gen open source security solution. Nexus Firewall provides just that — an early warning detection system preventing malicious and suspicious open source components from entering your SDLC.

Release_Integrity_Flow_Chart_may25@2x

Sonatype has discovered 88,217 malicious packages.

These packages were caught by our next-generation AI behavioral analysis and automated policy enforcement, and then confirmed
by our Security Research team. More software supply chain attacks are happening all the time.

Protect Your Code Repository

 

Benefits of Nexus Firewall

alert-icon alert-icon

Early Identification and Warning

Decrease the risk of a security breach by automatically blocking known vulnerabilities and harmful OSS releases.

target-icon target-icon

Automatic Protection from Unknown Risks

Critically malicious components and newly released suspicious components are automatically blocked, so your SDLC is always secure.

gate-icon gate-icon

Automatic Release

Components that clear suspicious rating are automatically released to be consumed by developers, reducing time spend reviewing components and reducing friction.

playbook-icon playbook-icon

Comprehensive Control over your SDLC

Decide which components are allowed into your SDLC based on common risk factors, including age, popularity, and licensing credentials.

dev-icon dev-icon

Developer First

Firewall automatically returns secure versions of component version range requested so that developers spend less time choosing the most secure version.

universal-icon universal-icon

Universal Repository Support

Native integration with Nexus Repository and support for JFrog Artifactory Enterprise with high availability.

Need Cloud? Sign up for Early Access.

Auto Detection

Automatically detect and block malicious malware attacks

Decrease the risk of a security breach by automatically blocking vulnerabilities and harmful OSS releases from downloading into your repository. Sonatype's Artificial Intelligence evaluates millions of newly released open source software (OSS) components based on different behaviors and identifies if something is a potential threat or not. Those identified as "known malicious" (critically malicious/harmful OSS release) are automatically blocked from being downloaded. Your developers won't even have the chance to choose components with known vulnerabilities.

Those identified as potentially suspicious/malicious threats are also quarantined until they're confirmed or cleared of vulnerabilities by Sonatype's security research team. If cleared, then they are automatically released for your developers to consume.

Auto Detection

Automatically detect and block malicious malware attacks

Decrease the risk of a security breach by automatically blocking vulnerabilities and harmful OSS releases from downloading into your repository. Sonatype's Artificial Intelligence evaluates millions of newly released open source software (OSS) components based on different behaviors and identifies if something is a potential threat or not. Those identified as "known malicious" (critically malicious/harmful OSS release) are automatically blocked from being downloaded. Your developers won't even have the chance to choose components with known vulnerabilities.

Those identified as potentially suspicious/malicious threats are also quarantined until they're confirmed or cleared of vulnerabilities by Sonatype's security research team. If cleared, then they are automatically released for your developers to consume.

Create policy-based rules that we’ll enforce.

Use Sonatype’s out-of-the-box policy options or customize your own. Your policy settings dictate what OSS components are allowed into your SDLC, what is put into quarantine, and what is released from quarantine. Customize your rules based on common risk factors like popularity, and licensing credentials, and address known and unknown vulnerabilities via Sonatype’s Integrity Rating. From there, configure policy actions to automatically prevent applications from moving forward with unwanted or unapproved components.

Policy Rules

 

Policy Rules

 

Create policy-based rules that we’ll enforce.

Use Sonatype’s out-of-the-box policy options or customize your own. Your policy settings dictate what OSS components are allowed into your SDLC, what is put into quarantine, and what is released from quarantine. Customize your rules based on common risk factors like popularity, and licensing credentials, and address known and unknown vulnerabilities via Sonatype’s Integrity Rating. From there, configure policy actions to automatically prevent applications from moving forward with unwanted or unapproved components.

Frequently Asked Questions

Why should I choose Nexus Firewall?

Nexus Firewall is the only solution that can detect and block known and unknown risk, at scale, from entering the SDLC.

  • Automatically detect and prevent malicious cyber attacks
  • Create policy-based rules that we’ll enforce to block components
  • Automatic protection from unknown risks
  • Stop vulnerabilities from entering in your environment
  • Provides recommendations for removing vulnerabilities
How do I get started using Nexus Firewall?

Step 1: Install & Start IQ Server

Step 2: Import Reference Policies

Step 3: Configure Policy Actions

Step 4: Nexus Repository Manager Configuration

Step 5: Review Repository Results

Step 6: Investigate & Remediate Violations

A great place to learn more about how to get started using Nexus Firewall would be our comprehensive getting started documentation.

What is the price of Nexus Firewall?

Each single license for one user is $424 per year* for Nexus Firewall. Please refer to our Pricing Page for more information on pricing. We do offer volume discounts, as well.

Please contact our sales team today to see if you qualify for any additional discounts.

*Pricing based on 100 users

What repository managers are compatible?

Nexus Firewall is compatible with Nexus Repository and JFrog Artifactory.

If you’re looking for more information either of the two compatible repository managers, you can find the following below:

  • Read our Nexus Firewall for Artifactory plugin overview documentation here.
  • Read our Nexus Firewall for Nexus Repository Manager overview documentation here.
How does Nexus Firewall stop known and unknown risks?

Our ML/AI systems monitor the entire npm ecosystem 24x7x365 and observe every code commit and every new package that is published. We watch for abnormal behavior that is indicative of malicious activity, and if abnormal behavior is observed, we do four things:

  • Mark those components as suspicious
  • Place them in quarantine
  • Stop them from entering our customer’s software supply chain
  • Validate, with human researchers, whether the suspicious activity is malicious or not.

If found malicious, those components are kept in quarantine and blocked. If found safe, they are automatically released from quarantine and permitted to enter the software supply chain.

What type of attacks does Nexus Firewall help prevent?

Nexus Firewall helps prevent supply chain attacks from publicly known or unknown vulnerabilities. More specifically, Nexus Firewall has helped stop dependency confusion, cryptomining malware, ransomware, and other attacks from bad actors.

Language Coverage

language-coverage-wide@2x 1

Nexus Firewall proactively prevents known OSS risk from Java, Ruby, .NET, Python Go, RPM and more, as well as unknown risk from JavaScript.

Perimeter Control for All Software Supply Chains

NexusRepo_horiz

Better together: Protect your Nexus Repository
(Pro) with Firewall.

TRY PRO

 

JFrog-Artifactory-Logo

Using Artifactory? No problem.
Nexus Firewall supports JFrog’s Artifactory.

SEE A DEMO

 

PeerSpot-Stacked-Logo-White

“[Sonatype] has helped developer productivity. It’s like working in the dark and all of a sudden you’ve got visibility. You can see exactly what you’re using and you have suggestions so that if you can’t use something, you’ve got alternatives. That is huge.”

— C. Chani (Financial Services), PeerSpot Review

PeerSpot-Stacked-Logo-White

“[Sonatype] has helped developer productivity. It’s like working in the dark and all of a sudden you’ve got visibility. You can see exactly what you’re using and you have suggestions so that if you can’t use something, you’ve got alternatives. That is huge.”

— C. Chani (Financial Services), PeerSpot Review

Sonatype Envelope

See Firewall in Action