WANGuard Filter

OVERVIEW
WANGuard Filter Brochure
Brochure

WANGuard Filter is the WANGuard Platform component designed to protect organizations from internal and external threats (availability attacks on DNS, VoIP, Mail and similar services, unauthorized traffic resulting in network congestion), botnet-based attacks, zero-day worm and virus outbreaks. WANGuard Filter includes sophisticated traffic analysis algorithms that are able to detect and filter the malicious traffic.

TRAFFIC DIVERSION AND INJECTION TECHNIQUES

Traffic diversion is the mechanism by which an upstream router in the core network is instructed to send suspect traffic (syn floods, spoofed packets, and so on) to the WANGuard Filter system. After scrubbing off anomalous packets, the WANGuard Filter performs traffic injection to insert cleaned traffic back to the network - to a downstream router - using one of the following techniques:

Static Routing - In a Layer 2 topology, WANGuard Filter will forward cleaned traffic to a statically configured next-hop address
GRE/IPIP Tunneling - In a Layer 3 topology, WANGuard Filter will forward cleaned traffic via a GRE/IP over IP tunnel
Inline Deployment - When the WANGuard Filter system is deployed inline, no traffic diversion and injection is needed

HIGHLIGHTS
  • Quickly see live information about DDoS attacks in your network from any location using only your web-browser, through WANGuard Console
  • Defends against unknown, evolving and known attack patterns
  • Recognizes and drops malicious traffic in under 5 seconds
  • Does not block/blacklist valid customer traffic
  • Per endpoint flexible threat management tools and easy to use API for scripting the reaction to traffic anomalies:
    • alert the NOC Staff by email (screenshot)
    • alert attacker's ISP via email (screenshot)
    • send custom Syslog messages to remote logservers (screenshot)
    • execute custom scripts (screenshot). Examples:
      • configure ACLs or execute PIX "shun" command to filter attacking IPs
      • issue route blackhole commands on the attacked Linux servers to filter attacking IPs
      • send SNMP TRAP messages to SNMP monitoring stations
  • Does not require network baseline training and operator intervention
  • Easy and non-disruptive installation on common server hardware
  • The most cost-effective malicious traffic filtering solution on the market
SIMPLE DEPLOYMENT
DATASHEET

Server Requirements for protecting an OC-3 ( 155 Mbps ) WAN link
 
Architecture x86 ( 32 or 64 bit )
CPU 1 x Pentium IV 2.6 GHz
Memory 500 MBytes
Network Cards 2 x Fast/Gigabit Ethernet ( Linux NAPI support strongly recommended )
Operating System Linux kernel 2.6.x
Installed Packages perl 5.x
quagga or zebra
Net::Telnet
iptables
mysql 5.x
perl-DBD-MySQL
tcpdump
Disk Space 5GB ( including OS )


DOWNLOAD WANGuard Filter TRIAL VERSION can be downloaded here.