User:Vborcan/sandbox

Andrisoft WANGUARD is a commercial software that monitors IP traffic and protects networks from DDoS attacks by filtering the malicious packets and by black-holing destinations. Its web interface provides customizable Dashboards with real-time traffic graphs and tops, complex reports with aggregated data for hosts, departments, interfaces, applications, ports, protocols and more.



Features
The key features of the product are:
 * Distributed traffic monitoring – it uses software sensors that can be deployed across the network to monitor IP traffic by Port mirroring, NetFlow, SFlow or IPFIX.
 * Web Interface – the integrated Ajax-based web portal provides centralized management and a network-wide visibility of traffic flows, events and other collected data.
 * DDoS detection – DDoS attacks are detected by a traffic anomaly detection engine that can use user-defined traffic policies or Holt-Winters-based traffic behaviour analysis.
 * DDoS mitigation – it generates Iptables rules that block attacking IP Addresses; spoof attacks are filtered by applying dynamic rules for source or destination TCP and UDP ports, IP protocols, TTL, TCP SYN etc.
 * Collector of flows and packets – it provides a flow collector and a web-based, Wireshark-like Packet analyzer that can save packets or flows.
 * Real-time reporting – the traffic analysis engine updates graphs, tops and statistics every 5 seconds; histograms appear animated.
 * Historical reporting – every data retention parameter can be configured from 1 day to 10 years; reports can be generated for any custom time period.
 * Scheduled reporting – consolidated reports can be automatically generated and emailed at preconfigured intervals of time.
 * Automatic responses – it includes modules for sending emails, executing custom scripts, notify SIEM systems though SNMP traps etc.; responses to threats can be extended though an open API.

Editions
Since 2012 Andrisoft is also releasing a "lite" version of WANGUARD called WANSIGHT that doesn't contain features related to traffic anomalies.