Enterasys Networks this week is expected to announce an upgrade to its Dragon intrusion-detection-system product that the company says will make it easier for customers to protect their networks.
Dragon Intrusion Defense 7.0 lets users deploy network-based and host-based intrusion detection while simplifying the management and collection of network activity data, Enterasys says. The software also can be used to trigger actions on network devices - such as launching scripts or closing ports - when suspicious activity is detected. Faster IDS processing is also on tap.
The updated suite consists of IDS software that can run on Enterasys Dragon appliances or standard servers dedicated for IDS. Host sensors are part of the package, and are used for detecting network hacks on servers. Also included is an upgraded network management package for configuring and setting rules on IDS nodes and monitored servers.
New management capabilities rely on a client-server architecture. A Java-based client, as opposed to a previous Web-based client interface, now is used to access an Intrusion Defense management server. Enterasys says the new client lets users perform more-complex IDS management and eases configuration tasks.
The management software also includes a Security Event Gateway feature, which can let users aggregate information from third-party IDS appliances, firewalls and routers and build a database for tracking network events. Enterasys says this feature requires help from Enterasys' professional services arm to implement because it involves writing custom scripts for collecting and processing log files and other data from third-party products. Enterasys says next year it will have a version of Security Event Gateway that will let users self-configure the settings.
A new virtual sensor capability lets a single Dragon IDS appliance (running Intrusion Defense 7.0) monitor traffic on multiple virtual LANs, and even individual application traffic streams, when attached to a mirrored port on a network distribution switch - a box that ties together multiple desktop switches. In the past, a separate Enterasys Dragon appliance would have been needed for monitoring each individual VLAN or application stream, the vendor says.
The network-based IDS monitoring software also has been fine-tuned to process attack signatures and recognize suspicious traffic patterns more quickly, Enterasys says. Version 7.0 lets a Dragon appliance or server fitted with Gigabit Ethernet inspect traffic at near line rate. Gigabit ports were available on Dragon appliances in the past, but maximum traffic inspection speeds were about 400M to 600M bit/sec.
Enterasys says its Dragon Intrusion Defense 7.0 framework will be integrated next year with the company's Trusted End System (TES) architecture. TES is a technology that lets Enterasys LAN switches shut off network access to suspicious users, or move end users into quarantined network segments based on third-party, virus-scan information. Dragon-TES integration could let IDS gear communicate with LAN switches to close network ports when intrusions are detected.
Dragon Intrusion Defense 7.0 competes with IDS products from Cisco Systems Inc., as well as security vendors such as Check Point Software Technologies Ltd., Internet Security Systems Inc. and open source products such as SNORT.
The Dragon Intrusion Defense 7.0 suite starts at US$10,000 for the IDS software, management server and host sensors. The product is scheduled to ship in November.