Network Traffic Analysis - Geolocation
WANVector monitors packet traffic and geolocates that traffic in real-time while comparing the discovered destinations to the CyVectors AI cloud. Geolocated destinations are shown on a world map, while also reporting local port, remote port, remote country, and whether the destination is a known threat according to the AI cloud. Additionally, WANVector records packet traffic, discovered destinations, and destination threat level to a local text log and to Windows Event Logs for the Event Forwarding Agent to send to your SIEM as syslog.
This solution is commonly used to find malware command and control traffic over trusted ports like 443.
This software runs on any Windows desktop or server version supported by Microsoft, and can be delivered in bulk by automated software delivery platforms.
WANVector performs scanning of the surrounding network and reports those scan results every two minutes to Windows event logs, and syslog when using CyVectors EFA.
Use case: One WANVector agent per remote office, install CyVectors event forwarding agent to send discovered paths to CyVectors Vector Analyzer or other SIEM platform
Real-time packet geolocation on world map
Identifies threat traffic on local port or SPAN port
AI-backed threat intelligence feeds
Reports malicious packet traffic to Windows event logs and syslog
Graphical interfaces display country, source port, remote port, and Windows process generating local AI threat matches