DDoS Detection and Mitigation Software

  • You can try Wanguard for 30 days by requesting an evaluation license.
  • Licenses for Wanguard components can be purchased from the online store.
  • Frequently asked questions are answered in User Guide and Knowledge Base.
  • A list with some companies currently using Wanguard can be found here.
  • If you need any further information, do not hesitate to contact us.

Andrisoft Wanguard is an award-winning enterprise-grade software solution designed to monitor and protect large WAN networks against volumetric DDoS attacks.

Unforeseen traffic patterns affect user satisfaction and clog costly transit links. Providing reliable network services is imperative for the success of today’s organizations. As the business cost of network malfunctions continues to increase, rapid identification and mitigation of network performance and reliability threats become critical to meet expected SLAs and network availability requirements. Such threats include distributed denial-of-service attacks, SYN floods, NTP amplification attacks, generic UDP or ICMP floods, and many more. Wanguard’s network-wide surveillance of complex, multilayer, switched or routed environments together with its unique combination of features is specifically designed to meet the challenge of pinpointing and resolving any such threats.

WANGUARD Components

  • Flow Sensor and Packet Sensor provide in-depth traffic analysis, traffic accounting, bandwidth monitoring, traffic anomaly and DDoS attack detection. The collected information allows generating complex traffic reports, graphs, and tops, instantly pin down the cause of network incidents, automate reactions to attacks, understand patterns in application performance and make the right capacity planning decisions.
  • Filter gets activated during DoS, DDoS or DrDOS attacks in order to find the filtering rules that will scrub the abnormal traffic in a granular manner without impacting the user experience or resulting in downtime.
  • Console is a multi-tenant web application that functions as the administrative core of the software. It offers single-point management and reporting by consolidating data received from Sensors and Filters deployed across the network.

Multi-level DDoS Protection Technology

  • Sensor can announce upstream provider(s) via BGP to stop routing traffic towards the attacked destinations. This widely-used DDoS protection technique called RTBH (Remotely Triggered Black Hole) requires only an agreement with the BGP peer(s). The attacked targets are effectively blocked from accessing the Internet; upstream links and all other destinations are not congested during attacks.
  • Sensor can announce the upstream Internet Service Provider (ISP) or a Managed Security Service Provider (MMSP) that offers anti-DDoS services to scrub malicious packets in cloud.
  • Filter can scrub and/or rate-limit malicious packets by applying dynamic filtering rules on stateless software-based firewalls, in-NIC hardware packet filters or BGP Flowspec-capable routers. Dedicated filtering servers can be clustered in packet scrubbing farms. It can protect critical services against attacks that do not congest upstream links.
  • Filter can automatically send notification emails to the ISPs originating non-spoofed attacks.
  • Filter can apply filtering rules and ACLs on third-party DDoS mitigation appliances, firewalls or routers.

Key Features and Benefits

DDoS Detection & Mitigation

alt Uses a fast and innovative traffic anomaly detection engine that detects DDoS attacks. Identifies and blocks malicious packets.

Powerful Reaction Tools

alt Quickly responds to attacks, sends automatically BGP routing updates (incl. Flowspec), emails, executes scripts, and more.

Detailed Forensics

alt Captures packet contents or flow records for each attack. Sends by email detailed attack reports to interested parties.

Full Network Visibility

alt Supports all major traffic monitoring technologies: NetFlow, sFlow, IPFIX, 40/100 Gbps packet sniffing, DPDK, Netmap, PF_RING, SNMP.

Advanced Web Console

alt Offers consolidated management through a multi-tenant and highly-configurable HTML5 web portal with custom dashboards and user roles.

Complex Analytics

alt Generates complex reports with aggregated data for hosts, subnets, IP groups, interfaces, protocols, ASNs, countries, and more.

Flow Analyzer and Collector

altIncludes a fully-featured NetFlow, sFlow, and IPFIX collector. Flows can be stored, searched, filtered, sorted and exported.

Distributed Packet Sniffer

alt Includes a packet sniffer that can save packet dumps from across the network. The dumps can be viewed online or downloaded.

Flexible Configuration

alt You can fine-tune everything in great detail: IP graph accuracy, LDAP & RADIUS authentication, user profiles, data retention and much more.

Real-Time Reporting

alt Bandwidth graphs are animated and can have a short-term accuracy of just 5 seconds. Live readings are available for all parameters.

Historical Reporting

alt You can view reports from the last 5 seconds to the last 10 years by selecting any custom time period. Supports 95th percentile billing.

Scheduled Reporting

alt Any report can be generated and emailed automatically to interested parties at preconfigured intervals of time, hourly, daily, weekly, monthly.

Affordable On Premise Anti-DDoS

alt The most cost-effective on-premise DDoS mitigation solution on the market! Annual subscription provides free support and upgrades.

Fast & Fully Scalable

alt The software was designed to run on low-cost commodity hardware. The components can be distributed on any number of clustered servers.

Outstanding Support

alt All support inquiries are answered by experienced engineers. Enterprise Support ensures a response time of under 1 hour, 24/7/365.


  Andrisoft Wanguard supports the sFlow standards. To learn more about sFlow please visit http://www.sflow.org.
Wanguard 8.3 was released! Changelog and upgrade instructions at: https://t.co/nDwGNJsmMw.
Follow Andrisoft on Twitter (X)
Join our Newsletter to receive the latest news from us!

  OUR CLIENTS  

  • Telecom Operators: HUAWEI | VODAFONE | ORANGE | JT GLOBAL | BITE LITHUANIA | MOLDTELECOM | JUPITER TELECOMMUNICATIONS

  • Internet Service Providers: GOOGLE FIBER | YELLOWFIBER | SKYLOGIC EUTELSAT | 1&1 VERSATEL | NETCOLOGNE | SOLCON NETHERLANDS

  • Cloud / VPS Hosting Providers: DIGITALOCEAN | LEASEWEB | FLEXENTIAL | WEEBLY | VPS.NET | EAPPS | SERVERPOINT

  • Software & Services: IBM CORPORATION | MOZILLA CORPORATION | NAMECHEAP | GANDI SAS | ALLEGRO | MBANK | TF1 FRANCE

  • Security / Anti-DDoS Services: GIGENET | DDOS-GUARD | BLACKLOTUS | KODDOS | ROKASECURITY | DOSARREST | SERVERIUS

  • Data Centers: EQUINIX | PHOENIXNAP | CORE-BACKBONE | BSO NETWORK | ASCENTY | PLUSSERVER | MYLOC MANAGED IT