- LANGuardian
LANGuardian features, architecture, and licensing. - Solutions
See what you can do with LANGuardian. - Downloads
Free trial software, videos, documentation, and more. - Customers
See what our customers are doing with LANGuardian. - Partners
Intrusion detection
Intrusion detection
LANGuardian includes an advanced network intrusion detection system (IDS) that enables real-time detection and alerting of malicious events that occur on your network. Configured via a rule-based language, it can monitor network traffic using the signature, protocol, and anomaly methods of inspection.
The LANGuardian IDS uses several pre-processors to perform stateful protocol analysis and normalization of all requests and responses in a session or connection. This enables the system to identify threats that have several components, which can escape detection when data packets are analyzed individually.
The LANGuardian IDS is based on Snort, an open-source network intrusion prevention system that performs real-time traffic analysis on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts.
The IDS is configured with over 1600 signatures that include DPI for HTTP, RPC, and Telnet protocols. The signatures cover the events that typically occur on a network, for example:
- File accesses
- Database operations
- E-mail activity
- Web access
The IDS signatures are continually updated and you can choose to apply the updates manually or automatically. You can also define your own signatures.
When the IDS detects an event that matches a signature, it stores the details in the LANGuardian database, including the source and destination IP addresses, the rule that triggered the event, and event-specific information.
Combined, the information stored in the database by the traffic analysis engine and the IDS provide a detailed snapshot of network activity, with efficient storage and no performance impact.
Find out more
If you have any questions about how LANGuardian can help you with your network monitoring requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.
