Hosting Provided By

RE: Where is Ron Gula? (was "Changes in IDS Companies?")

From: Gary Golomb <gee_two(at)yahoo.com>
Date: Mon Nov 18 2002 - 08:39:21 EST

This answer is coming from someone on the Dragon team (who already gets enough spam in his Enterasys account - so I apologize in advance for using the @yahoo.com addy. By the way, if there are any spammers on here, please make a note that I don't need to refinance my house, I'm sure you can make me debt free by the holidays, I don't want you to transfer $86,000,000,000 into my checking account, and thanks but no thanks on the larger member).

I've gotten a couple questions like this, and they do nothing short of baffle me.

Yes. Ron had the foresight to create Dragon and many of the technologies behind it years before most people heard of the acronym IDS. Yes, Ron is extremely creative and has an uncanny (and at time almost crazy!) ability to identify issues security administrators face and come up with solutions to those problems that other people have missed. Yes, he still has incredible insight to solve problems that are only emerging now. And yes, he is extremely technical and has a fascinating background.

However, let's be realistic for about one minute here... Not since Ron has left, but since the acquisition of NSW by Enterasys, the Dragon team has been growing larger and stronger every month. If you read the "Dragon Newsletter" that I put out on the Dragon IDS users list, you would have known this because we include profiles every time someone joins our team. You would also have noticed that we have a pool of talent with backgrounds that stem from the NSA, to some of the largest e-commerce sites on the Internet, to Ivy-league colleges. In other words, people who were once security administrators in high-profile environments and who have incredibly technical hands-on implementation and research experience.

Let me propose a scenario, and I hope this doesn't come as too much of a shock for anyone...

I can only speak authoritatively about the R&D team since that is my home. It was not Ron who had us develop event/time correlation almost two years ago before anyone had heard of such a beast - it was Randy Taylor. SQL tunnel/attack (and other web application injection) detection capabilities before any major commercial IDS on the market - me. Encrypted tunnels, seganographically encrypted content, transfer of encrypted self-executing binaries, generic shellcode detection (works for ADMmutate too) that recently surprised even K2, analysis of passive and active detection methodologies, and other things that you won't find in other IDS detection libraries and capabilities... ummm, same person (hi!). The person directing our research ideas into protocol specific attacks and obfuscations, helping to move us in directions that no one is looking, managing our hardened appliance and software images 100%, and keeping a pulse on the trends of current and future technologies and issues that security administrators are facing - Rich Walchuck.

And on the development side of the house... Moving the HIDS into the kernel and doing some pretty advanced research into kernel profiling and monitoring - Kevin Douglas. (All while continuing to handle a majority of the middleware and communication functions between Dragon components, and if I was looking correctly - all while having one hand tied behind his back!) And, implementing new encryption standards into Dragon, while enhancing the speed and performing of Dragon NIDS algorithm while also developing various load-balancing functionality and continuing to develop advanced protocol decoding and anomaly-based detection methodologies - well, that would be none other than Jason Damron.

That's 5 people. There are still MANY others in the office who amaze me on a daily basis, but I hope you're starting to get the point.

Do you need help?

The point is... I'd like you to meet the Dragon team, and while we'll SERIOUSLY miss not working with Ron, we kept Dragon strong while he was here and we will continue to keep it stronger while he is working on his newest endeavor. Maybe it's our fault for not being so publicly facing while Ron was here, so in that case - that is something we can change. The next year is going to bring some interesting and cutting-edge technologies from both teams, I can promise you that.

-gary

-----Original Message-----
From: Ron Gula [mailto:ronald.gula@verizon.net] Sent: Sunday, November 17, 2002 9:50 PM
To: Kevin Jones; focus-ids@securityfocus.com Subject: Re: Where is Ron Gula? (was "Changes in IDS Companies?")

Hi Kevin (and Focus-IDS),

I left Enterasys back in September and founded a new company named Tenable Network Security.

As for what it means for Dragon, I don't have a crystal ball, but I still get a lot of people (VARs mostly) who want to re-sell Dragon or implement it at a customer's request. I also have a lot of confidence in the team working on Dragon now. And, without going into exactly what we are working on at Tenable, we are planning to work with Dragon (among other NIDS) due mostly to customer feedback.

Ron Gula

At 2002-11-15, 16:41:00 you wrote: =======

>In-Reply-To: <010a01c273c3$da243c60$0200a8c0@MASTER>

= = = = = = = = = = = = = = = = = = =

Do you need more help?

Best regards.
Ron Gula
ronald.gula@verizon.net
2002-11-17

Sincerely,

Gary Golomb
Vulnerability Research Engineer
Intrusion Detection Group
Enterasys Networks
410-312-3194

Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com Received on Wed Nov 20 04:14:39 2002

This message: [ Message body ]
Next message: Ken Smith: "RE: IDS for DataBase Systems."
Previous message: Randy Taylor: "Re: Where is Ron Gula? (was "Changes in IDS Companies?")"
In reply to Kevin Jones: "Where is Ron Gula? (was "Changes in IDS Companies?")"
Reply: Kohlenberg, Toby: "RE: Active response... some thoughts."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT