RE: Where is Ron Gula? (was "Changes in IDS Companies?")

[Gary Golomb <gee_two () yahoo com>]

This answer is coming from someone on the Dragon team (who already gets enough spam in his
Enterasys account - so I apologize in advance for using the @yahoo.com addy. By the way, if there
are any spammers on here, please make a note that I don't need to refinance my house, I'm sure you
can make me debt free by the holidays, I don't want you to transfer $86,000,000,000 into my
checking account, and thanks but no thanks on the larger member). 

I've gotten a couple questions like this, and they do nothing short of baffle me. 

Yes. Ron had the foresight to create Dragon and many of the technologies behind it years before
most people heard of the acronym IDS. Yes, Ron is extremely creative and has an uncanny (and at
time almost crazy!) ability to identify issues security administrators face and come up with
solutions to those problems that other people have missed. Yes, he still has incredible insight to
solve problems that are only emerging now. And yes, he is extremely technical and has a
fascinating background.

However, let's be realistic for about one minute here... Not since Ron has left, but since the
acquisition of NSW by Enterasys, the Dragon team has been growing larger and stronger every month.
If you read the "Dragon Newsletter" that I put out on the Dragon IDS users list, you would have
known this because we include profiles every time someone joins our team. You would also have
noticed that we have a pool of talent with backgrounds that stem from the NSA, to some of the
largest e-commerce sites on the Internet, to Ivy-league colleges. In other words, people who were
once security administrators in high-profile environments and who have incredibly technical
hands-on implementation and research experience. 

Let me propose a scenario, and I hope this doesn't come as too much of a shock for anyone...

I can only speak authoritatively about the R&D team since that is my home. It was not Ron who had
us develop event/time correlation almost two years ago before anyone had heard of such a beast -
it was Randy Taylor. SQL tunnel/attack (and other web application injection) detection
capabilities before any major commercial IDS on the market - me. Encrypted tunnels,
seganographically encrypted content, transfer of encrypted self-executing binaries, generic
shellcode detection (works for ADMmutate too) that recently surprised even K2, analysis of passive
and active detection methodologies, and other things that you won't find in other IDS detection
libraries and capabilities... ummm, same person (hi!). The person directing our research ideas
into protocol specific attacks and obfuscations, helping to move us in directions that no one is
looking, managing our hardened appliance and software images 100%, and keeping a pulse on the
trends of current and future technologies and issues that security administrators are facing -
Rich Walchuck.

And on the development side of the house... Moving the HIDS into the kernel and doing some pretty
advanced research into kernel profiling and monitoring - Kevin Douglas. (All while continuing to
handle a majority of the middleware and communication functions between Dragon components, and if
I was looking correctly - all while having one hand tied behind his back!) And, implementing new
encryption standards into Dragon, while enhancing the speed and performing of Dragon NIDS
algorithm while also developing various load-balancing functionality and continuing to develop
advanced protocol decoding and anomaly-based detection methodologies - well, that would be none
other than Jason Damron.

That's 5 people. There are still MANY others in the office who amaze me on a daily basis, but I
hope you're starting to get the point. 

The point is... I'd like you to meet the Dragon team, and while we'll SERIOUSLY miss not working
with Ron, we kept Dragon strong while he was here and we will continue to keep it stronger while
he is working on his newest endeavor. Maybe it's our fault for not being so publicly facing while
Ron was here, so in that case - that is something we can change. The next year is going to bring
some interesting and cutting-edge technologies from both teams, I can promise you that.

-gary

-----Original Message-----
From: Ron Gula [mailto:ronald.gula () verizon net] 
Sent: Sunday, November 17, 2002 9:50 PM
To: Kevin Jones; focus-ids () securityfocus com
Subject: Re: Where is Ron Gula? (was "Changes in IDS Companies?")

Hi Kevin (and Focus-IDS),

I left Enterasys back in September and founded a new company
named Tenable Network Security. 

As for what it means for Dragon, I don't have a crystal ball, but
I still get a lot of people (VARs mostly) who want to re-sell Dragon
or implement it at a customer's request. I also have a lot of
confidence in the team working on Dragon now. And, without
going into exactly what we are working on at Tenable, we are
planning to work with Dragon (among other NIDS) due mostly
to customer feedback. 

Ron Gula

======= At 2002-11-15, 16:41:00 you wrote: =======

> In-Reply-To: <010a01c273c3$da243c60$0200a8c0@MASTER>
>
> Samuel Cure wrote:
>
>
>
> Just noticing some changes with some known IDS companies and wanted some 
>
> feedback from the community. Because Marcus Ranum left NFR earlier this 
>
> year and Ron Gula has left Enterasys Networks, I am questioning the future 
>
> of some early-on IDS companies. 
>
>
>
> Maybe I missed the formal announcement, but...
>
>
>
> Can anyone confirm / deny that Ron Gula has in fact left Enterasys?
>
>
>
> I have to ask, following rumors & denials earlier in the year about this 
>
> on the Dragon IDS mail list, dated from late June:
>
>
>
> > Now that Ron Gula has left Enterasys, what does the future hold for 
>
> > Dragon?  Does anyone have a concern about that?
>
>
>
> Response from Randy Taylor, Enterasys Networks:
>
> > I would if Ron had actually left Enterasys. Fact is he hasn't.
>
>
>
> There hasn't been any mention of him on the Dragon list (or post from him) 
>
> in many months...
>
> SO, where in the world is Ron Gula?? And, what does it mean for Dragon if 
>
> he is gone?
>
>
>
>
>
> Curious,
>
>
>
> Kevin Jones
>
> .

= = = = = = = = = = = = = = = = = = = =
                        

Best regards.                            
Ron Gula
ronald.gula () verizon net
2002-11-17


Sincerely,

Gary Golomb
Vulnerability Research Engineer
Intrusion Detection Group
Enterasys Networks
410-312-3194


__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com