Both our products make use of IP traffic sensors (also known as "probes") that can be distributed across the network. The Sensors support 10 Gigabit Port Mirroring (SPAN), Cisco NetFlow, Huawei Netstream, Juniper jFlow and cflowd, sFlow and IETF IPfix. The collected data is accessible through a rich web user interface that provides custom Dashboards with real-time traffic graphs and top listings. You can easily generate complex analytics with aggregated data for hosts, departments, interfaces, applications, autonomous systems and more. You'll be able to view accurate bandwidth graphs for thousands of IP addresses.
WANGUARD leverages a fast and innovative traffic anomalies detection engine that allows you to define fine-grained traffic policies. Network attacks and anomalies are detected using predefined thresholds or by analyzing traffic patterns and the online behavior of users. You'll be able to automate responses to threats using extensible actions like: sending notifications by email, black-holing addresses in BGP, null-routing, executing custom scripts, alerting the attacker's ISP etc. The DDoS attacks are detected using multi-vendor flow-based technologies or by doing packet-based processing.
The Flow Sensor included in WANGUARD and WANSIGHT is a fully featured NetFlow analyzer and collector that support NetFlow v5 and v9, sFlow version 4 and 5, and IPFix. It contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Flows can be stored for as long as you wish in a space-efficient binary format. You can generate top listings and almost any other aggregation report you can think of. The extensive flow filter configuration options allows you to quickly query individual flows for ad-hoc forensic investigation and analysis.
WANGUARD can protect networks either by cleaning the malicious traffic or by black-holing attacked destinations. Since 2006 the WANGUARD Filter was used to clean millions of DDoS attacks with no operator intervention and with zero downtime for customers. Spoofed Denial of Service attacks are blocked by applying intelligent, dynamic firewall rules. Dedicated servers can be deployed in the main data path, or can scrub the malicious traffic off-ramp and then re-inject valid traffic downstream into the network. The traffic diversion mechanism requires routers capable of running the Border Gateway Protocol.
Andrisoft develops two innovative and cost-effective Linux tools essential to Network Administrators and Security Engineers working at Internet Service Providers, Content Distribution Networks, Hosting Providers, or other companies that operate large IP networks:
• WANGUARD adds advanced DDoS detection and DDoS mitigation capabilities. It provides a filtering module designed for protecting networks and critical services from Distributed Denial of Service and other "volumetric" attacks by scrubbing off the malicious traffic using BGP-based traffic redirection and dynamic firewall rules.