e.guardo Smart Defender

eguardo is the first smart protection application for DMZ or Internet facing computers. Protects from Brute Force, DDoS and Spoof Attacks.

DMZ/Internet facing computers are always in risk of intrusion. eguardo protects many services including Remote Desktop Protection, IIS and MS FTP against these threats by analysing system logs and system health.

What is eguardo?

Did you ever realise how hard it is to configure the Windows Firewall? Even if you have the best configuration, the primivite infrastructure of the firewall itself won’t allow you to analyze or block threats when they occur. e.guardo is a security and instrusion detection software designed to secure several network services.

In general, e.guardo watches the network services and their logs to generate system behaviour and immediately determines unusual network traffic. With the correct actions, e.guardo will prevent the attacker to leak into your system.

e.guardo is not only dependent to services and their logs, it analyzes many indicators of the underlying system to take the right defensive action.

Beside generating security rules dynamically, e.guardo also uses a global black list. This black list consists of many blocked IP addresses gathered from e.guardo installations worldwide. With the help of the black list, e.guardo will protect your system before the attacker can detect your vulnerabilities.

e.guardo analyzes your network traffic and decides who to block in a manner of time based on the rules defined. eguardo is not a firewall, it is a supporting tool for firewalls (for now, e.guardo supports native Windows Firewall).

With the help of eguardo open API, you can compile your own modules to protect any kind of network enabled service by using libraries delivered with the installation. You can see the working examples including Microsoft .NET and PHP from our developer corner online.

e.guardo protects for

• Remote Desktop (RDP) threats
• Microsoft FTP Server threats
• Internet Information Service threats
• MSSQL Server threats
• SMTP threats
• Microsoft Exchange Oulook Web Access (OWA) threats
• Microsoft Sharepoint Portal threats
• Microsoft CRM threats
• Microsoft Lync Server threats
• Custom Application threats using eguardo developer API
• and any application using eguardo Free XML Black List API

e.guardo is not another firewall!

With the comprehensive firewall scripting technique, eguardo can control any firewall with SNMP, telnet or through SOAP API. Built-in functionality for Windows Firewall and Cisco IOS devices doesn’t require any scripting to start blocking offensives.
What typically e.guardo do?

e.guardo simply listens Windows log files or flexible net-flow data from Cisco to analyze network traffic and based on the given credentials, eguardo blocks offenders using native Windows Firewall or through your gateway. eguardo also checks it’s comprehensive global black list through the fingerprint analysis. If previously blocked offensive is located in the global black list, the offensive will be automatically blocked. Global Black List is gathered from thousands of eguardo installations and web sites using eguardo API worldwide. The fingerprints are analysed and based on certain rules they are added to eguardo black list. Currently more than 100 thousand IP addresses are in the black list.