NetFort LANGuardian helps keep your network secure by identifying and alerting you to anomalies in network traffic, user behaviour, and traffic volume.
 

Security Features

Network intrusion detection system
LANGuardian includes an advanced network intrusion detection system (NIDS) that enables real-time detection and alerting of malicious events that occur on your network. Configured via a rule-based language, it can monitor network traffic using the signature, protocol, and anomaly methods of inspection.

The LANGuardian NIDS uses several pre-processors to perform stateful protocol analysis and normalization of all requests and responses in a session or connection. This enables the system to identify threats that  have several components, which can escape detection when data packets are analyzed individually.
 

Web client detection

Many organizations specify in their IT policies a standard browser configuration, with a view to reducing security vulnerability and ensuring application compatibility. LANGuardian helps to ensure that users on your network comply with these standards. It uses Deep Packet Inspection (DPI) to decode the user agent string used in each HTTP and HTTPS request, and from this information it can detect what browsers are in use on the network and identify who is using them. It can also identify NAT servers on the network [does this sentence belong here?].
Note: this feature requires the optional Web Client Detection module.
find out more...

Internet monitoring
LANGuardian can monitor and report on Internet usage by the users on your network. You can log all web accesses, whether direct or through proxy servers, and see what websites your users are accessing the most. If inappropriate sites are being visited or excessive bandwidth is being consumed, you can block access to them.

Integration with directory services
If you are using Microsoft Active Directory or Novell eDirectory, reports and alerts created by LANGuardian can include the user name associated with each recorded event.
Note: this feature requires the optional Directory Services module.

Policy violations
You can configure LANGuardian to provide the data you need to monitor compliance with the usage policies you have defined for your network. By tracking web accesses, large traffic volumes, machines sending more than receiving, and other anomalous network activity, LANGuardian can generate policy violation reports that highlight any non-compliance.

Network and security incidents
All critical events that occur on the network can be grouped and displayed on-screen in real-time. A range of reports can be produced to highlight infected machines, Skype users, large data transfers and spy-ware. The LANGuardian can generate user-specific reports that identify all activity on the network and associate it with usernames.

Firewall configuration validation
You can use LANGuardian to validate your firewall rules and make sure no traffic that should be blocked by the firewall is entering the network. All network traffic is monitored, so you can use the report filters to isolate the data that is of interest.

Secure repository of network data
At the heart of LANGuardian is a high-performance database that stores details of all network traffic flows, security- and network-related events, IP addresses, machine names, and user names. Having this information available in one place provides a consolidated view of historical as well as real-time network activity, and makes LANGuardian an indispensable resource for detecting and troubleshooting anomalies and suspicious network events.

Email Alerts
You can configure LANGuardian to send immediate e-mail alerts to designated users whenever specified network events occur. You can also schedule any report to be sent by e-mail at regular intervals