DDoS Detection and Mitigation Software
- You can try Wanguard for 30 days by requesting an evaluation license.
- Licenses for all Wanguard components are available for purchase through our online store.
- Answers to frequently asked questions can be found in the User Guide and Knowledge Base.
- A list of organizations currently using Wanguard is available here.
- For additional information or assistance, please don’t hesitate to contact us.
Andrisoft Wanguard is an award-winning, enterprise-grade software solution built to monitor and protect large WAN networks against high-volume DDoS attacks.
Unforeseen traffic patterns can degrade user experience and congest expensive transit links. Delivering reliable network services is essential to the success of modern organizations. As the business impact of network disruptions continues to grow, quickly identifying and mitigating performance and reliability threats has become critical to maintaining SLAs and ensuring network availability. These threats include Distributed Denial-of-Service (DDoS) attacks, SYN floods, NTP amplification, and various UDP or ICMP floods. Wanguard’s comprehensive, network-wide surveillance of complex, multilayer, switched, or routed environments—combined with its unique suite of features—is purpose-built to pinpoint and neutralize such threats with speed and precision.
Main Components Overview
- Flow Sensor and Packet Sensor deliver in-depth traffic analysis, accounting, bandwidth monitoring, and real-time detection of traffic anomalies and DDoS attacks. The collected data enables the generation of detailed traffic reports, graphs, and top statistics; helps instantly identify the causes of network incidents; automates attack responses; reveals application performance patterns; and supports accurate capacity planning decisions.
- Filter activates automatically during DoS, DDoS, or DrDoS attacks to apply intelligent filtering rules that precisely scrub malicious traffic without affecting user experience or causing downtime.
- Console is a multi-tenant web application that serves as the administrative core of the Wanguard platform. It provides centralized management and reporting by consolidating data from all Sensors and Filters deployed across the network.
Multi-level DDoS Protection Technology
- Sensor can announce upstream provider routes via BGP to stop routing traffic toward attacked destinations. This widely used DDoS protection technique, known as Remotely Triggered Black Hole (RTBH), requires only a simple agreement with the BGP peer(s). The attacked targets are effectively isolated from the Internet, ensuring that upstream links and other destinations remain uncongested during attacks.
- Sensor can also announce routes to an upstream Internet Service Provider (ISP) or a Managed Security Service Provider (MSSP) that offers cloud-based DDoS scrubbing services, allowing malicious traffic to be cleaned before reaching the protected network.
- Filter mitigates attacks locally by scrubbing and/or rate-limiting malicious packets using dynamic filtering rules applied to stateless software firewalls, in-NIC hardware packet filters, or BGP Flowspec-capable routers. Dedicated filtering servers can be clustered into high-capacity packet scrubbing farms, providing on-premises protection against attacks that do not saturate upstream links.
- Filter can also send notifications to ISPs originating non-spoofed attacks and apply filtering rules or ACLs to third-party DDoS mitigation appliances, firewalls, or routers for extended defense integration.
Key Features and Benefits
DDoS Detection & Mitigation
Uses a fast and innovative traffic anomaly detection engine that detects DDoS attacks, identifies and blocks malicious packets.
Powerful Reaction Tools
Quickly responds to attacks, sends automatically BGP routing updates (incl. Flowspec), emails, executes scripts, and more.
Detailed Forensics
Captures packet contents or flow records for each attack. Sends by email detailed attack reports to interested parties.
Full Network Visibility
Supports all major traffic monitoring technologies: NetFlow, sFlow, IPFIX, 40/100 Gbps packet sniffing, DPDK, Netmap, PF_RING, SNMP.
Advanced Web Console
Offers consolidated management through a multi-tenant and highly-configurable HTML5 web portal with custom dashboards and user roles.
Complex Analytics
Generates complex reports with aggregated data for hosts, subnets, IP groups, interfaces, protocols, ASNs, countries, and more.
Flow Analyzer and Collector
Includes a fully-featured NetFlow, sFlow, and IPFIX collector. Flows can be stored, searched, filtered, sorted and exported.
Distributed Packet Sniffer
Includes a packet sniffer that can save packet dumps from across the network. The dumps can be viewed online or downloaded.
Flexible Configuration
You can fine-tune everything in great detail: IP graph accuracy, LDAP & RADIUS authentication, user profiles, data retention and much more.
Real-Time Reporting
Bandwidth graphs are animated and can have a short-term accuracy of just 5 seconds. Live readings are available for all parameters.
Historical Reporting
You can view reports from the last 5 seconds to the last 10 years by selecting any custom time period. Supports 95th percentile billing.
Scheduled Reporting
Any report can be generated and emailed automatically to interested parties at preconfigured intervals of time, hourly, daily, weekly, monthly.
Affordable On Premise Anti-DDoS
The most cost-effective on-premise DDoS mitigation solution on the market! Annual subscription provides free support and upgrades.
Fast & Fully Scalable
The software was designed to run on low-cost commodity hardware. The components can be distributed on any number of clustered servers.
Outstanding Support
All support inquiries are answered by experienced engineers. Enterprise Support ensures a response time of under 1 hour, 24/7/365.
Andrisoft Wanguard supports the sFlow standards. To learn more about sFlow please visit http://www.sflow.org.