This is the user sandbox of Vborcan. A user sandbox is a subpage of the user's user page. It serves as a testing spot and page development space for the user and is not an encyclopedia article. Create or edit your own sandbox here.
Writing an article and ready to request its creation?
|Initial release||March 1, 2006|
5.3 / December 23, 2013
|Type||Network monitoring, DDoS mitigation|
Andrisoft WANGUARD is a commercial software that monitors IP traffic and protects networks from DDoS attacks by filtering the malicious packets and by black-holing destinations.
Its web interface provides customizable Dashboards with real-time traffic graphs and tops, complex reports with aggregated data for hosts, departments, interfaces, applications, ports, protocols and more.
The key features of the product are:
- Distributed traffic monitoring – it uses software sensors that can be deployed across the network to monitor IP traffic by Port mirroring, NetFlow, SFlow or IPFIX.
- Web Interface – the integrated Ajax-based web portal provides centralized management and a network-wide visibility of traffic flows, events and other collected data.
- DDoS detection – DDoS attacks are detected by a traffic anomaly detection engine that can use user-defined traffic policies or Holt-Winters-based traffic behaviour analysis.
- DDoS mitigation – it generates Iptables rules that block attacking IP Addresses; spoof attacks are filtered by applying dynamic rules for source or destination TCP and UDP ports, IP protocols, TTL, TCP SYN etc.
- Collector of flows and packets – it provides a flow collector and a web-based, Wireshark-like Packet analyzer that can save packets or flows.
- Real-time reporting – the traffic analysis engine updates graphs, tops and statistics every 5 seconds; histograms appear animated.
- Historical reporting – every data retention parameter can be configured from 1 day to 10 years; reports can be generated for any custom time period.
- Scheduled reporting – consolidated reports can be automatically generated and emailed at preconfigured intervals of time.
- Automatic responses – it includes modules for sending emails, executing custom scripts, notify SIEM systems though SNMP traps etc.; responses to threats can be extended though an open API.
Since 2012 Andrisoft is also releasing a "lite" version of WANGUARD called WANSIGHT that doesn't contain features related to traffic anomalies.
|1 March 2006||1.0||First public release|
|1 March 2008||2.0||Major performance improvements and a completely rewritten web console|
|5 January 2009||3.0||Major performance improvements, bug fixes, 10 Gigabit Ethernet packet sniffing, Netflow sampling support and improved AS Numbers support|
|8 May 2010||4.0||Adds a brand new Web User Interface, performance improvements, partial SFlow support, 95th percentile, greatly improved traffic accounting and traffic graphs support, advanced permissions for user roles, FreeBSD 8 support, LDAP and Active Directory support, Events Reporting, Scheduled Reports, Tables and Logs can be exported in Excel, VLAN & MPLS support, PF_RING support for improved 10 Gbps packets sniffing, RAM storage method for IP graphs, RRDCache support, NetFlow archive, 4 Console themes, DNS reverse lookups for IP addresses|
|20 October 2012||5.0||WANGuard is renamed WANGUARD. It adds extensible traffic decoders, a new traffic thresholds system, NetFlow v9, native SFlow, IPFIX, traffic capturing framework, Combined Reports and Dashboard, full IPv6 support, new decoders, multiple CPU support for packet sniffing, in-NIC hardware filters, IPv4 and IPv6 mask restrictions to BGP announcements|
- First release at http://web.archive.org/web/20071011091644/http://andrisoft.com/
- Andrisoft announces WANGuard 2.0 http://www.andrisoft.com/company/news/wanguard-platform-2-released
- Andrisoft announces WANGuard 3.0 http://www.andrisoft.com/company/news/wanguard-platform-3-released
- Andrisoft announces WANGuard 4.0 http://www.andrisoft.com/company/news/wanguard-4-0-released
- Andrisoft announces WANGUARD 5.0 http://www.andrisoft.com/company/news/wanguard-5
Category:System administration Category:Network management Category:Network performance Category:Network analyzers Category:Network software stubs Category:Intrusion detection systems Category:Firewall software Category:Internet Protocol based network software