Our products provide full network traffic visibility using distributed Sensors ("probes") that can analyze IP packets and process flow records exported by Cisco NetFlow, Huawei Netstream, Juniper jFlow, cflowd, sFlow and IETF IPFIX. All collected data are accessible in a rich, web-based user interface that provides custom dashboards with real-time traffic graphs and top listings. You can easily generate complex analytics with aggregated data for hosts, departments, interfaces, applications, autonomous systems, countries and more. You can view extremely accurate bandwidth graphs for hundreds of thousands of IP addresses.
WanGuard Sensors use an extremely fast and highly innovative traffic anomaly detection engine that detects volumetric attacks by profiling the on-line behavior of users and by comparing over 120 live traffic parameters against user-defined thresholds. You can automate reactions to threats using predefined or custom modules that send notification emails, announce prefixes in BGP, generate SNMP traps, modify ACLs and execute your own scripts with access to over 70 operational parameters through an easy-to-use API. DDoS attacks are detected using multi-vendor flow-based technologies or by sniffing IP packets.
The WanGuard Filter ensures zero downtime for customers and services during Distributed Denial of Service attacks, with no operator intervention. It defends against DDoS attacks by complementary methods: it cleans the malicious traffic on-premise when the upstream links are not congested and null-routes attacked destinations in BGP to prevent bandwidth saturation and the subsequent network outage. Attacks are blocked by applying intelligent, dynamic filtering rules for stateless software or hardware firewalls. Dedicated packet scrubbing servers can be deployed in the main data path, or can perform side-filtering by diverting the traffic.
The Flow Sensor provided by WanGuard and WanSight is a fully-featured flow analyzer and collector that supports all major flow technologies: NetFlow v5 v7 and v9, sFlow v4 and v5 and IPFIX. It contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Flows can be stored for as long as you wish in a space-efficient binary format. You can generate top listings and almost any other aggregation report you can think of. The extensive flow filter configuration options allow you to quickly query individual flows for ad-hoc forensic investigation.
Andrisoft develops innovative and affordable Linux tools that are essential to Network and Security Professionals working at Internet Service Providers, Content Distribution Networks, Cloud Hosting Data Centers, other companies that operate large networks:
• WANGUARD adds advanced DDoS detection and DDoS mitigation capabilities. It protects networks and critical services against Distributed Denial of Service and other "volumetric" attacks by scrubbing off malicious packets with dynamic filtering rules applied on software or hardware firewalls for inline or redirected traffic.