A modern replacement for
Andrisoft Wanguard
Wanguard is a capable on-premises tool. But it requires dedicated hardware, quote-based licensing, and still uses sampled flow data with 10–60 second detection latency. Flowtriq deploys in 60 seconds, detects in under 1 second, and starts at $9.99/node/month — no hardware required.
Why teams look for alternatives
The real cost of running Wanguard
Wanguard is a mature product with real deployments. But four structural constraints push growing teams to evaluate alternatives.
Dedicated hardware required
Wanguard requires a dedicated server for its Sensor and Filter components. The hardware must handle your peak flow export volume, and Andrisoft recommends PF_RING or DPDK-capable NICs for high-throughput deployments. This hardware is not part of the license — it is an infrastructure prerequisite you source and manage separately. For teams with multiple detection points, hardware costs multiply.
Quote-based licensing, annual renewals
Wanguard pricing is not publicly listed. You negotiate directly with Andrisoft. Community reports place the Sensor + Filter bundle for a single detection point at $1,500–3,000+/year for small deployments, scaling with bandwidth capacity and the number of sensors. Annual renewals are required. Budget planning is difficult without a published price list, and procurement involves vendor negotiation rather than a self-serve signup.
Flow-based detection: 10–60 second latency
Like FastNetMon, Wanguard builds detection on top of NetFlow, sFlow, and IPFIX — sampled flow exports from your network equipment. Flow export intervals on most routers are 10–60 seconds. Even with aggressive tuning, detection latency for NetFlow-based detection typically falls in the 10–60 second range. Short-burst attacks (under 30 seconds) frequently complete before Wanguard's detection fires. Attacks are absorbed before the response begins.
Self-hosted only, no cloud-native path
Wanguard is designed for on-premises deployment with dedicated hardware. Cloud providers (AWS, GCP, Azure) do not expose the packet-level mirroring that Wanguard's Filter component relies on at scale. Teams with hybrid or cloud-first infrastructure end up with incomplete coverage — flow-based detection where it works, and blind spots where it doesn't. There is no SaaS deployment option and no lightweight agent model.
Side-by-side comparison
Wanguard vs Flowtriq
A factual comparison across detection, mitigation, forensics, and operational requirements.
| Capability | Andrisoft Wanguard | Flowtriq |
|---|---|---|
| Deployment | ||
| Setup time | Days to weeks (hardware procurement, OS config, Sensor + Filter setup) | 60 seconds — pip install ftagent |
| Hardware required | Dedicated server (PF_RING/DPDK NIC recommended) | None — agent on existing Linux server |
| Pricing model | Quote-based, annual license + hardware | $9.99/node/month, self-serve, month-to-month |
| Cloud support | Self-hosted only — cloud coverage is incomplete | Full support: AWS, GCP, Azure, bare metal, VPS |
| Free trial | Available, requires contact with sales | 7 days, no credit card, instant access |
| Detection | ||
| Detection method | NetFlow/sFlow/IPFIX or PF_RING packet capture | Kernel-level per-packet monitoring on each server |
| Detection speed | 10–60 seconds (flow export interval) | <1 second |
| Attack classification | Protocol-level breakdown (UDP, TCP, ICMP, etc.) | 7 attack families + confidence scoring |
| L7 / HTTP flood detection | Not available — L3/L4 only | Access log parsing (nginx / apache / caddy) |
| IP spoofing detection | Not available | TTL distribution analysis |
| Mitigation | ||
| BGP RTBH (blackhole) | Yes | Yes |
| BGP FlowSpec | Yes (Wanguard Filter) | Yes — with confidence scoring + auto-rollback |
| Auto-mitigation rule types | iptables/nftables, BGP | 46 types: iptables, nftables, XDP/eBPF, cloud APIs |
| Cloud API mitigation (Cloudflare, DigitalOcean) | Not available | Yes — included |
| Forensics & Reporting | ||
| PCAP forensics | Not available | Pre-attack ring buffer + upload analyzer |
| Attack reports | Historical reports via web UI | Automated PDF / HTML / JSON postmortem |
| AI incident summaries | Not available | Included |
| Alerting & Integrations | ||
| Alert channels | Email, SNMP, script-based | 12+: Discord, Slack, Teams, PagerDuty, OpsGenie, SMS… |
| Prometheus metrics | Limited / via custom export | 15+ metric families, native |
| Kafka export | Not available | Included |
| Terraform provider | Not available | Included |
Pricing
Wanguard vs Flowtriq: cost comparison
Wanguard pricing is not publicly listed. Based on community reports and operator accounts, here's a representative cost comparison.
Wanguard
- BGP RTBH + FlowSpec mitigation
- Web dashboard with traffic graphs
- Commercial support
- Quote-based — must contact sales
- Annual license renewal required
- Dedicated hardware required (not included)
- 10–60 second detection latency (flow-based)
- No PCAP forensics
- No cloud API mitigations
- No sub-second detection
Flowtriq
- BGP RTBH + FlowSpec included
- Full web dashboard — unlimited users
- Commercial support included
- Published pricing, self-serve signup
- Month-to-month — cancel any time
- No hardware required
- <1 second detection (kernel-level)
- PCAP forensics + pre-attack buffer
- Cloud API mitigations (Cloudflare, DO, Vultr…)
- 12+ alert channels — all included
Getting started
Switch from Wanguard in 60 Seconds
Flowtriq runs alongside or replaces Wanguard. No migration window required — you can run both in parallel during evaluation.
Sign up — no credit card, no application
Create a free account at flowtriq.com/signup. No gatekeeping, no sales call required, no approval queue. Full trial access immediately.
Install the agent on any Linux server
Any Linux kernel ≥ 3.10. <30 MB RAM. <0.1% CPU at idle.
Baseline auto-learns in ~5 minutes
No threshold tuning. EWMA baselines adapt automatically to each node's traffic pattern. Run Flowtriq alongside Wanguard to compare detection during the trial.
Connect BGP (optional)
ExaBGP, GoBGP, BIRD 2, FRRouting — all supported. Configure via the web dashboard. BGP is optional; detection and alerting work without it.
Decommission Wanguard when ready
Once satisfied with detection reliability, decommission your Wanguard hardware and cancel the annual license at renewal. No migration data to transfer — Flowtriq starts a fresh baseline per node.
Common questions