WANGuard Sensor

Sensor
Brochure

WANGuard Sensor is the WANGuard Platform and WANGuard Lite component designed to do both incoming and outgoing traffic monitoring and accounting, as well as traffic anomalies detection ( feature unavailable in the Lite version ).
At it’s core, WANGuard Sensor has a highly scalable traffic correlation engine capable of continuously monitoring hundred of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.

SUPPORTED TRAFFIC CAPTURING METHODS

WANGuard Sensor was designed to monitor the largest enterprises with hundreds of thousands of endpoints to the smallest branch office with tens of endpoints. The supported traffic capturing methods work with most switches, routers, firewalls and other network devices. The supported methods are:

Port Mirroring ( Switched Port Analyzer - SPAN, Roving Analysis Port ), Network TAP - The analysis of network packets sent by a monitoring port of a switch, router or network TAP. The WANGuard Sensor type that handles network packets is called WANGuard Sniff.
NetFlow® Monitoring - The analysis of pre-aggregated data flows sent by NetFlow® or NetStream® enabled routers and Layer 3 switches*. The WANGuard Sensor type that handles NetFlow® and NetStream® data is called WANGuard Flow.
In-line Deployment - The analysis of incoming and outgoing network packets that pass through a network card of an in-line deployed Linux server. From a software perspective this method is virtually identical with the Port Mirroring method, so WANGuard Sniff is used in this scenario too.

• Any number of instances can be deployed across the network and all collected data will be centralized and available through a single web interface that you can quickly access from any location (screenshots)
• You can access various real-time parameters ( top talkers, number of IP addresses, top protocols, protocols distribution etc. ) about the data flowing through router interfaces and switch ports (screenshots)
• Provides on-demand MRTG-style traffic graphs for every IP address or IP class in your network, for any time frame. Traffic graphs accuracy can be defined between 5 seconds and 5 minutes (screenshots)
• WANGuard Sensor is completely scalable and can monitor and generate graphs for hundreds of thousands of IP addresses
• Detects traffic anomalies and provides per endpoint flexible threat management tools and an easy to use API for configuring the reaction to traffic anomalies:
  • activate WANGuard Filter for DoS, DDoS and DrDoS mitigation or additional threat information (screenshot)
  • alert the NOC staff by email using user-defined email templates (screenshot)
  • send custom syslog messages to remote log servers (screenshot)
  • send BGP announcements for blackholing targeted endpoints (screenshot)

  • execute custom scripts (screenshot) that extend the built-in capabilities such as:
    • configure ACLs or execute PIX "shun" commands to drop traffic towards targeted endpoints
    • send SNMP TRAP messages to SNMP monitoring stations
    • display the routers that are being transited by the anomalous traffic
• Includes a very flexible billing system for bandwidth based billing (screenshots)
• Easy and non-disruptive installation on commodity hardware
• The most cost-effective traffic monitoring and analysis solution on the market

* Manufacturer devices supporting WANGuard Flow are: Cisco Systems (1400, 1600, 1700, 2500/2600, 3600, 4500/4700, AS5300/5800, 7200/7500, Catalyst 4500, Catalyst 5000/6500/7600, ESR 10000,GSR 12000), Juniper, Extreme Networks, Huawei, 3COM and others.
** An endpoint is an IP address that belongs to your ASN / clients / servers. The software is not limited by the number of connections between your IPs and remote IPs.
*** Other Linux distributions should work but haven't been tested yet.