NetFort Advertising

Announcing NetFort LANGuardian 14.5. A look at the new features

18 January 2019 NetFort News By: Darragh Delaney

LANGuardian 14.5

NetFort is delighted to announce the availability of our latest LANGuardian release, V14.5.

“One of our objectives is to ensure that our customers always have ‘eyes on their traffic,’ including their data centers, hybrid and public cloud,” said John Brosnan, CEO.

LANGuardian 14.5 includes:

  • AWS flow log support.
  • PCAP (packet capture) import and export options.
  • Passive username capture from RADIUS traffic.
  • Migration to Suricata IDS.

AWS Flow Log Support

Amazon AWS VPC Flow Logs can now be processed by LANGuardian and generate similar metadata to NetFlow. The VPC Flow Logs are merged into sessions, GeoLocation information is then added and saved into the NetFort database. Read more about it here.

Username Extraction from RADIUS Traffic

RADIUS stands for Remote Authentication Dial In User Service. Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a corresponding response (Access-Accept or Access-Reject) from the server. The Access-Request packet contains the username, encrypted password, NAS IP address, and port.

RADIUS username metadata capture from network traffic

Our latest release includes a decoder for RADIUS traffic so user names can be captured directly from network traffic and stored within database tables on LANGuardian. You can then use this information to associate network and application activity with usernames. Read more in this blog post which looks at passive capture of usernames from RADIUS traffic.

PCAP Import & Export

LANGuardian 14.5 has a single page for the import and export of PCAP (packet capture) files. You can now extract network packets with or without filters by using the PCAP File Management page. Read more in this blog.

Migration to Suricata IDS

LANGuardian 14.5 now uses Suricata, which is a modern multi-threaded, high performance IDS. Suricata inspects network traffic by using a powerful, extensive rules and signature language. It also has strong Lua scripting support to detect complex threats.