WANGUARD 5.2 was released! Full changelog here : http://t.co/Cew9lCJuUP
Both WANSIGHT and WANGUARD make use of IP traffic sensors (also known as "probes") that can be distributed across the network. The Sensors support 10 Gigabit Port Mirroring (SPAN), Cisco NetFlow, Huawei Netstream, Juniper jFlow and cflowd, sFlow and IETF IPfix. All collected data is accessible through a rich web user interface that provides custom Dashboards with real-time traffic graphs and top listings. You can easily generate complex analytics with aggregated data for hosts, departments, interfaces, applications, autonomous systems and more. You'll be able to view accurate bandwidth graphs for thousands of IP addresses.
WANGUARD leverages a truly innovative traffic anomalies detection engine that allows you to define fine-grained traffic policies. Network attacks and anomalies are detected using predefined thresholds or by analysing traffic patterns and the online behaviour of users. You'll be able to automate responses to threats using extensible actions like: sending notifications by email, black-holing addresses in BGP, null-routing, executing custom scripts, alerting the attacker's ISP etc. DDoS attacks are detected using multi-vendor flow-based technologies or by doing packet-based processing.
The Flow Sensor provided by WANGUARD and WANSIGHT is a fully featured NetFlow analyzer and collector that support NetFlow v5 and v9, sFlow version 4 and 5, and IPFIX. It contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Flows can be stored for as long as you wish in a space-efficient binary format. You can generate top listings and almost any other aggregation report you could think of. The extensive flow filter configuration options allows you to quickly query individual flows for ad-hoc forensic investigation and analysis.
WANGUARD can protect networks either by cleaning the malicious traffic or by black-holing attacked destinations. Since 2006 the WANGUARD Filter was used to clean millions of DDoS attacks with zero downtime for customers. Spoofed Denial of Service attacks are blocked by applying intelligent, dynamic firewall rules. Dedicated servers can be deployed in the main data path, or can scrub the malicious traffic off-ramp and then re-inject valid traffic downstream into the network. The traffic diversion mechanism requires routers capable of running the Border Gateway Protocol.
Andrisoft develops two innovative and cost-effective Linux tools essential to Network Administrators and Security Engineers working at Internet Service Providers, Content Distribution Networks, Hosting Providers, or other companies that operate large IP networks:
• WANGUARD adds advanced DDoS detection and DDoS mitigation capabilities. It provides a filtering module designed for protecting networks and critical services from Distributed Denial of Service and other "volumetric" attacks by scrubbing off the malicious traffic using BGP-based traffic redirection and dynamic firewall rules.