IDS mailing list archives
RE: Where is Ron Gula? (was "Changes in IDS Companies?")
From: Gary Golomb <gee_two () yahoo com>
Date: Mon, 18 Nov 2002 05:39:21 -0800 (PST)
This answer is coming from someone on the Dragon team (who already gets enough spam in his Enterasys account - so I apologize in advance for using the @yahoo.com addy. By the way, if there are any spammers on here, please make a note that I don't need to refinance my house, I'm sure you can make me debt free by the holidays, I don't want you to transfer $86,000,000,000 into my checking account, and thanks but no thanks on the larger member). I've gotten a couple questions like this, and they do nothing short of baffle me. Yes. Ron had the foresight to create Dragon and many of the technologies behind it years before most people heard of the acronym IDS. Yes, Ron is extremely creative and has an uncanny (and at time almost crazy!) ability to identify issues security administrators face and come up with solutions to those problems that other people have missed. Yes, he still has incredible insight to solve problems that are only emerging now. And yes, he is extremely technical and has a fascinating background. However, let's be realistic for about one minute here... Not since Ron has left, but since the acquisition of NSW by Enterasys, the Dragon team has been growing larger and stronger every month. If you read the "Dragon Newsletter" that I put out on the Dragon IDS users list, you would have known this because we include profiles every time someone joins our team. You would also have noticed that we have a pool of talent with backgrounds that stem from the NSA, to some of the largest e-commerce sites on the Internet, to Ivy-league colleges. In other words, people who were once security administrators in high-profile environments and who have incredibly technical hands-on implementation and research experience. Let me propose a scenario, and I hope this doesn't come as too much of a shock for anyone... I can only speak authoritatively about the R&D team since that is my home. It was not Ron who had us develop event/time correlation almost two years ago before anyone had heard of such a beast - it was Randy Taylor. SQL tunnel/attack (and other web application injection) detection capabilities before any major commercial IDS on the market - me. Encrypted tunnels, seganographically encrypted content, transfer of encrypted self-executing binaries, generic shellcode detection (works for ADMmutate too) that recently surprised even K2, analysis of passive and active detection methodologies, and other things that you won't find in other IDS detection libraries and capabilities... ummm, same person (hi!). The person directing our research ideas into protocol specific attacks and obfuscations, helping to move us in directions that no one is looking, managing our hardened appliance and software images 100%, and keeping a pulse on the trends of current and future technologies and issues that security administrators are facing - Rich Walchuck. And on the development side of the house... Moving the HIDS into the kernel and doing some pretty advanced research into kernel profiling and monitoring - Kevin Douglas. (All while continuing to handle a majority of the middleware and communication functions between Dragon components, and if I was looking correctly - all while having one hand tied behind his back!) And, implementing new encryption standards into Dragon, while enhancing the speed and performing of Dragon NIDS algorithm while also developing various load-balancing functionality and continuing to develop advanced protocol decoding and anomaly-based detection methodologies - well, that would be none other than Jason Damron. That's 5 people. There are still MANY others in the office who amaze me on a daily basis, but I hope you're starting to get the point. The point is... I'd like you to meet the Dragon team, and while we'll SERIOUSLY miss not working with Ron, we kept Dragon strong while he was here and we will continue to keep it stronger while he is working on his newest endeavor. Maybe it's our fault for not being so publicly facing while Ron was here, so in that case - that is something we can change. The next year is going to bring some interesting and cutting-edge technologies from both teams, I can promise you that. -gary -----Original Message----- From: Ron Gula [mailto:ronald.gula () verizon net] Sent: Sunday, November 17, 2002 9:50 PM To: Kevin Jones; focus-ids () securityfocus com Subject: Re: Where is Ron Gula? (was "Changes in IDS Companies?") Hi Kevin (and Focus-IDS), I left Enterasys back in September and founded a new company named Tenable Network Security. As for what it means for Dragon, I don't have a crystal ball, but I still get a lot of people (VARs mostly) who want to re-sell Dragon or implement it at a customer's request. I also have a lot of confidence in the team working on Dragon now. And, without going into exactly what we are working on at Tenable, we are planning to work with Dragon (among other NIDS) due mostly to customer feedback. Ron Gula ======= At 2002-11-15, 16:41:00 you wrote: =======
In-Reply-To: <010a01c273c3$da243c60$0200a8c0@MASTER> Samuel Cure wrote: Just noticing some changes with some known IDS companies and wanted some feedback from the community. Because Marcus Ranum left NFR earlier this year and Ron Gula has left Enterasys Networks, I am questioning the future of some early-on IDS companies. Maybe I missed the formal announcement, but... Can anyone confirm / deny that Ron Gula has in fact left Enterasys? I have to ask, following rumors & denials earlier in the year about this on the Dragon IDS mail list, dated from late June:Now that Ron Gula has left Enterasys, what does the future hold forDragon? Does anyone have a concern about that?Response from Randy Taylor, Enterasys Networks:I would if Ron had actually left Enterasys. Fact is he hasn't.There hasn't been any mention of him on the Dragon list (or post from him) in many months... SO, where in the world is Ron Gula?? And, what does it mean for Dragon if he is gone? Curious, Kevin Jones .
= = = = = = = = = = = = = = = = = = = = Best regards. Ron Gula ronald.gula () verizon net 2002-11-17 Sincerely, Gary Golomb Vulnerability Research Engineer Intrusion Detection Group Enterasys Networks 410-312-3194 __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
Current thread:
- Where is Ron Gula? (was "Changes in IDS Companies?") Kevin Jones (Nov 17)
- Re: Where is Ron Gula? (was "Changes in IDS Companies?") Randy Taylor (Nov 19)
- <Possible follow-ups>
- Re: Where is Ron Gula? (was "Changes in IDS Companies?") Ron Gula (Nov 17)
- RE: Where is Ron Gula? (was "Changes in IDS Companies?") Gary Golomb (Nov 20)