LANGuardian is a powerful network traffic and security monitoring software. You can use LANGuardian to:
- Passively capture traffic flowing through your network switch
- Analyse internal traffic, capture metadata such as IP addresses, user names, file and folder names, web domains and URIs
- Store the results in a database for reporting and analysis
- Get alerts if suspicious activity is detected
- Provide access to traffic data through a web interface
What is LANGuardian?
NetFort LANGuardian is deep packet inspection software for investigating, monitoring, and reporting on network activity. It is a passive network traffic analyser, not inline and cannot have an impact on network performance.
LANGuardian helps network administrators to:
- Classify network traffic by application and by user
- Troubleshoot bandwidth issues right across the network
- Perform network or user forensics on past events
- Investigate activity on Windows file shares,
- Keep track of user activity on the Internet.
Integration with Active Directory and other directory services enables LANGuardian to report on the network activity of individual users and to generate traffic reports that incorporate usernames.
LANGuardian offers three ways to access information about network activity:
- Search – by username, IP address or subnet, file name, or web address.
- Dashboards – customizable pages that provide an overall view of network activity.
- Reports menu – built-in and custom reports with drilldown to the minutest level of detail.
Content-based application recognition
Content-Based Application Recognition (CBAR) is a new LANGuardian feature that takes traffic-based application recognition to a new level. With support for hundreds of the most common applications and protocols, and a unique deep packet inspection algorithm, CBAR delivers greater accuracy and fewer false positives than other approaches to application recognition.
- Vendor-agnostic solution – works with any switch that supports port mirroring.
- Uses deep-packet inspection to analyze packet content as well packet headers – the foundation for more detailed and accurate reporting than NetFlow-based monitoring tools can provide.
- Eliminates reliance on source address, destination address, and port number to identify the application associated with network traffic.
- Enables network engineers and system administrators to identify applications that use random port numbers or that use standard port numbers for non-standard purposes.
- Generates consolidated reports that show network activity on a per-application or per-protocol basis, with drilldown to more detailed information.
Full packet analysis, storage of historical network events, and comprehensive analytical capabilities make LANGuardian the ideal solution to your network forensics requirements. When you need to analyze an incident or respond to a request for information about network activity, LANGuardian provides all the details you need.
Firewalls, content filters, and anti-virus software can help to protect a network by blocking certain types of traffic, but it's inevitable that breaches will occur. Advanced persistent threats are the most sinister breaches and receive the most publicity, but the most common breaches arise from misconfigured systems and deliberate or unwitting misuse of the network by authorized users. These breaches are often difficult, even impossible, to detect using real-time monitoring tools. However, with network forensics you can identify patterns of behavior that you cannot identify from real-time data alone.
NetFort LANGuardian brings additional troubleshooting capability to your SolarWinds® environment by providing instant access to packet level data, directly from SolarWinds® NPM and SAM dashboards. LANGuardian is an ideal solution if you need that extra level of visibility provided by deep-packet inspection at critical points in your network.
LANGuardian is the one and only solution that integrates with SolarWinds® products to provide root cause information about network and user activity that:
- Shows actual user and application names rather than IP addresses and port numbers
- Provides 100% accuracy with clickable graphics
- Works on any network of any size
- Provides total visibility into usage of key resources by both external and internal users of the network