Fwd: Dragon IDS

[Martin Roesch <roesch () clark net>]

Thought you all might be interested....

     -Marty

----------  Forwarded Message  ----------
Subject: Dragon IDS
Date: Tue, 06 Jul 1999 15:28:48 -0700
From: Ron Gula <rjgula () home net>


Hi there, 

I heard about the NFR vs NR vs RS thread and thought I'd send you a 
note about Dragon. Have either of you heard about it? I wrote Dragon 
and formed Network Security Wizards (http://www.securitywizards.com ) 
after evaluating RS, NFR and NR. We just started out, and have had
great success through word-of-mouth advertisement alone. 

In a nutshell Dragon's key features are: 

- Keeps up with 100baseT networks
- Comes with ~300 known attack signatures
- New data driven attacks can be trivially added with one line 
  descriptions
- Not vulnerable to fragmentation and other IDS avoidance attacks
- Dragon-Master can receive event data from up to 100 Dragon-Sensors 
  without impacting the performance or security of the sensor
- Operates in GUI and non-GUI modes such that all analyisis and 
  configuration can be accomplished from an SSH shell or through a
  web browser. 
- Robust SNMP trap notification
- Syslog support
- Works on x86 OpenBSD, FreeBSD, Linux and Solaris
- Works on Sparc Solaris, SunOS and OpenBSD
- Very economical cost (each sensor is $3500 and all other analysis
  and enterprise tools are included with any purchase)
- All events can be converted to TCPDUMP binary formats

Feel free to contact us at 443-259-0298 for more information or to 
evaluate a 30 day trial. There is also an online demo available.

Good luck on your IDS selection. 

Ron Gula
President, Network Security Wizards
--
Martin Roesch
roesch () clark net
http://www.clark.net/~roesch