WANGuard Sensor
| OVERVIEW |
WANGuard Sensor is the WANGuard Platform component designed to do both incoming and outgoing traffic monitoring and accounting, as well as DDoS detection. WANGuard Sensor Lite is a variant of WANGuard Sensor lacking the traffic anomalies detection and reaction capabilities.
At it’s core, the WANGuard Sensor has a highly scalable traffic correlation engine capable of continuously monitoring hundred of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build accurate and detailed picture of real-time and historical traffic flows across the network.
SUPPORTED TRAFFIC CAPTURING METHODS
WANGuard Sensor was designed to monitor the largest enterprises with hundreds of thousands of endpoints to the smallest branch office with tens of endpoints. It works with most switches, routers, firewalls and other network devices. Different traffic capturing techniques may be used:
Port Mirroring / SPAN / TAP - Analyzing incoming/outgoing network packets sent by a monitoring port of a switch/router
NetFlow® / NetStream® - Analyzing pre-aggregated data sent by NetFlow / NetStream v.5 enabled routers/switches*
Inline Deployment - Analyzing incoming/outgoing network packets that pass through a network card of an inline deployed server |
| HIGHLIGHTS |
- Quickly see detailed network traffic parameters from any location using only your web-browser, through WANGuard Console
- Access various real-time network statistics ( top talkers, number of IPs, top protocols, protocols distribution etc. ) (screenshots)
- On-demand MRTG-style traffic graphing for every IP address or subnet in your network, for the selected time frame (screenshots)
- User defined graphs accuracy ranging from 5 seconds to 5 minutes for user defined time-frames (screenshot)
- Per endpoint flexible threat management tools and easy to use API for scripting the reaction to traffic anomalies:
-
activate WANGuard Filter for DDoS mitigation (screenshot)
-
alert the NOC Staff by email (screenshot)
-
send Syslog messages to remote logservers (screenshot)
-
send BGP announcements for blackholing (screenshot)
-
execute custom scripts (screenshot). Examples:
- configure ACLs or execute PIX "shun" command to drop traffic towards destination IP
- send SNMP TRAP messages to SNMP monitoring stations
- display the routers that are being transited by the anomalous traffic
- Includes a billing system for bandwidth based billing (screenshots)
- Per endpoint insightful report analytics and audit trail analysis for the detected traffic anomalies
- Easy and non-disruptive installation on common server hardware
- The most cost-effective traffic monitoring and analysis solution on the market
|
| SIMPLE DEPLOYMENT |
 |
| DATASHEET |
|
WANGuard Sensor |
|
WANGuard Sniff |
WANGuard Flow |
| Technology |
Port Mirroring / SPAN / TAP / Inline Deployment |
NetFlow® / NetStream® enabled routers/switches* |
| Capacity |
1 Gbps
150,000 endpoints |
10 Gbps
100,000 endpoints |
| Accuracy |
Highest |
High |
Anomaly Detection Time
|
< 5 seconds |
< flow export time + 5 seconds |
| Filtering |
IP Subnet, MAC address |
IP Subnet, Interface, AS |
| |
| Server Requirements ( for the above traffic capacity ) |
| |
| Architecture |
x86 ( 32 or 64 bit ) |
x86 ( 32 or 64 bit ) |
| CPU |
1 x Pentium IV 3 GHz |
1 x Pentium III 2 GHz |
| Memory |
500 MBytes |
2 GBytes |
| Network Cards |
2 x Fast/Gigabit Ethernet ( one with NAPI Support ) |
1 x Fast/Gigabit Ethernet
|
| Operating System |
Linux 2.6.x kernel |
Linux 2.6.x kernel |
| Installed Packages |
tcpdump |
- |
| Disk Space |
5 GB ( including OS ) |
5 GB ( including OS ) |
* Manufacturer devices supporting WANGuard Flow are : Cisco Systems (1400, 1600, 1700, 2500/2600, 3600, 4500/4700, AS5300/5800, 7200/7500, Catalyst 4500, Catalyst 5000/6500/7600, ESR 10000,GSR 12000), Juniper, Extreme Networks, Huawei, 3COM and others.
|
| DOWNLOAD |
WANGuard Sensor TRIAL VERSION can be downloaded here. |
|
