2. Andrisoft Wanguard Overview¶
Andrisoft Wanguard is an award-winning, enterprise-grade software solution engineered to monitor and safeguard large-scale WAN infrastructures against a broad range of volumetric DDoS attacks. As unforeseen traffic patterns emerge, they not only degrade user satisfaction but also drive up transit costs. In an era where reliable network services are paramount to organizational success, swift identification and remediation of network performance and reliability threats are essential to maintaining SLA compliance and high availability standards.
By rapidly detecting and mitigating threats—ranging from distributed denial-of-service attacks and SYN floods to NTP amplification, UDP floods, and ICMP floods—Wanguard enables businesses to stay ahead of evolving risks. Its comprehensive, network-wide surveillance capabilities extend across complex, multilayered, switched, or routed environments, while its unique combination of advanced features empowers IT teams to accurately pinpoint and resolve issues before they impact critical operations.
2.1. Key Features & Benefits¶
✔ FULL NETWORK VISIBILITY
Wanguard supports all leading IP traffic monitoring technologies — packet sniffing, NetFlow (v5, v7, v9), sFlow (v4, v5), IPFIX, and SNMP — offering end-to-end transparency into your network environment.
✔ COMPREHENSIVE DDoS DETECTION
Its advanced anomaly detection engine uses behavioral profiling and over 150 real-time traffic parameters to swiftly identify volumetric attacks. By comparing live traffic data against user-defined thresholds, Wanguard instantly flags suspicious activity.
✔ ON-PREMISE DDoS MITIGATION
Safeguard your network with BGP blackhole routing or Flowspec, and protect critical services through in-line or out-of-line packet-scrubbing servers that filter out malicious traffic before it can cause damage.
✔ FAST, SCALABLE & ROBUST
Optimized for commodity server hardware, Wanguard leverages high-speed packet capture technologies such as DPDK, PF_RING Vanilla, PF_RING ZC, and Netmap. Its clustered architecture easily distributes components across multiple servers for superior scalability and resilience.
✔ POWERFUL AUTOMATION & REACTION TOOLS
Wanguard automatically reacts to detected threats by sending email alerts, announcing prefixes in BGP, generating SNMP traps, modifying ACLs, or running custom scripts that access hundreds of internal parameters through a user-friendly API.
✔ DETAILED FORENSICS
Investigate attacks at a granular level with packet capture samples and archived flow data. Comprehensive attack reports can be directly emailed to you, affected customers, or the responsible ISP, ensuring timely and transparent communication.
✔ ENTERPRISE-GRADE WEB CONSOLE
Manage and report through a highly customizable, multi-tenant web portal offering dashboards, role-based access control, and remote authentication. Easily tailor the console to meet the unique needs of your organization.
✔ PACKET SNIFFER
Deploy Wanguard’s distributed packet sniffer at multiple network entry points to capture packet dumps. Quickly review packet details in a convenient, Wireshark-like web interface.
✔ FLOW COLLECTOR
A fully-featured NetFlow, sFlow, and IPFIX collector stores flow data in a compressed format for long-term analysis. Effortlessly search, filter, sort, and export flow records for comprehensive traffic insights.
✔ COMPLEX ANALYTICS
Generate detailed, aggregated reports for hosts, departments, interfaces, applications, ports, protocols, countries, autonomous systems, and more, providing the data-driven intelligence you need to optimize network performance.
✔ REAL-TIME REPORTING
Visualize bandwidth usage with dynamic, animated graphs that update every five seconds, ensuring up-to-the-second insights into network health and activity.
✔ HISTORICAL REPORTING
Access historical data from the last five seconds up to the past 15 years. Choose any custom timeframe and incorporate 95th-percentile values for more accurate billing and capacity planning.
✔ SCHEDULED REPORTING
Automatically generate PDF and HTML reports at predefined intervals. Have them delivered by email to key stakeholders, ensuring everyone stays informed without manual effort.
✔ COMPLETE REST API
Tap into hundreds of internal parameters, anomaly data, graphs, and top insights through a fully-featured RESTful API. This open interface enables seamless integration with your existing workflows and platforms.
✔ THE LOWEST TCO
Wanguard delivers industry-leading DDoS detection and mitigation at the most competitive price point, minimizing your total cost of ownership while maximizing security and reliability.
2.2. Software Components¶
Wanguard Sensor provides traffic anomaly detection, bandwidth monitoring, and traffic accounting. Leveraging this data, you can generate detailed traffic reports, graphs, and top usage statistics; rapidly isolate the root cause of network incidents; automate threat response; understand patterns in application performance; and confidently plan for future capacity needs.
Wanguard Filter generates dynamic filtering rules that deliver comprehensive intelligence on attackers and effectively isolate malicious traffic targeting specific destinations. This granular approach to traffic scrubbing removes the malicious packets without degrading user experience or causing downtime.
Wanguard Console is a multi-tenant, web-based graphical user interface that serves as the software’s administrative hub. It centralizes management and reporting by integrating the information from all Wanguard Sensors, Wansight Sensors, and Wanguard Filters deployed across the network.