Wanguard includes a Sensor component which detects volumetric DDoS attacks by leveraging an extremely fast and highly innovative traffic anomaly detection engine. It profiles the on-line behavior of users and compares over 130 live traffic parameters against user-defined thresholds. The reaction to threats is automated using predefined action modules able to send notification emails, announce prefixes in BGP, generate SNMP traps, modify ACLs and execute custom scripts with access to an easy-to-use API that exposes 80+ live parameters. DDoS attacks are detected through packet sniffing, SNMP polling, or by using multi-vendor flow-based technologies.
Wanguard includes a Filter component which ensures zero downtime for customers and services during Distributed Denial of Service attacks, without requiring operator intervention. It defends against DDoS attacks by cleaning the malicious traffic on-premise and notifies the attacker's ISP during non-spoofed attacks. The malicious packets are blocked using intelligent, dynamic filtering rules that are applied to stateless software or hardware firewalls, or on BGP FlowSpec-capable routers. It can perform side-filtering with BGP off-ramping, or it can run on dedicated packet scrubbing servers deployed in the main data path.
Wanguard and Wansight provide full network traffic visibility by using distributed Sensors ("probes”) able to capture IP packets, query SNMP devices and analyze flow records exported by Cisco NetFlow, Huawei Netstream, Juniper jFlow, cflowd, sFlow and IPFIX. All the collected data are accessible in a web-based user interface that provides custom dashboards, real-time traffic graphs and top statistics. You can quickly generate complex analytics with aggregated data for hosts, departments, interfaces, applications, protocols, autonomous systems and countries; view accurate bandwidth graphs for thousands of IP addresses, inspect packets and flows.
Flow Sensor provided by Wanguard and Wansight is a fully-featured flow analyzer and collector that supports all major flow technologies: NetFlow version 5, 7 and 9; IETF IPFIX; sFlow version 4 and 5. It contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IPv4 and IPv6 addresses and ranges. Flows can be stored for as long as you wish in a compressed binary format. You can generate top listings and almost any other aggregation report you can think of. The extensive flow filtering expression options allow you to query individual flows quickly for ad-hoc forensic investigation.
Packet Sensor provided by Wanguard and Wansight inspects IP packets by sniffing 1/10/40 Gbps port-mirrored or in-line interfaces at wire-speed. It contains an entirely scalable IP traffic analysis engine able to monitor, in real time, tens of thousands of IPv4 and IPv6 addresses and ranges. Users can save packet dumps for forensic investigation and to aid network troubleshooting. Packet dumps can be downloaded or viewed online in a Wireshark-like interface that displays detailed layer 7 information or hexadecimal raw and ASCI data for inclusion in regular expressions. It supports Libpcap, PF_RING Vanilla, PF_RING ZC, Netmap and Sniffer 10G.