LANGuardian includes an advanced network intrusion detection
system (IDS) that enables real-time detection and alerting of
malicious events that occur on your network. Configured via a
rule-based language, it can monitor network traffic using the
signature, protocol, and anomaly methods of inspection.
The LANGuardian IDS uses several pre-processors to perform
stateful protocol analysis and normalization of all requests and
responses in a session or connection. This enables the system to
identify threats that have several components, which can escape
detection when data packets are analyzed individually.
The LANGuardian IDS is based on Snort, an open-source network
intrusion prevention system that performs real-time traffic
analysis on IP networks. It can perform protocol analysis,
content searching/matching, and can be used to detect a variety
of attacks and probes, such as buffer overflows, stealth port
scans, CGI attacks, SMB probes, and OS fingerprinting
The IDS is configured with over 1600 signatures that include
DPI for HTTP, RPC, and Telnet protocols. The signatures cover the
events that typically occur on a network, for example:
- File accesses
- Database operations
- E-mail activity
- Web access
The IDS signatures are continually updated and you can choose
to apply the updates manually or automatically. You can also
define your own signatures.
When the IDS detects an event that matches a signature, it
stores the details in the LANGuardian database, including the
source and destination IP addresses, the rule that triggered the
event, and event-specific information.
Combined, the information stored in the database by the
traffic analysis engine and the IDS provide a detailed snapshot
of network activity, with efficient storage and no performance