Enterasys this week is expected to announce an upgrade to its Dragon intrusion-detection-system product that the company says will make it easier for customers to protect their networks.

Dragon Intrusion Defense 7.0 lets users deploy network-based and host-based intrusion detection while simplifying the management and collection of network activity data, Enterasys says. The software also can be used to trigger actions on network devices - such as launching scripts or closing ports - when suspicious activity is detected. Faster IDS processing is also on tap.

The updated suite consists of IDS software that can run on Enterasys Dragon appliances or standard servers dedicated for IDS. Host sensors are part of the package, and are used for detecting network hacks on servers. Also included is an upgraded network management package for configuring and setting rules on IDS nodes and monitored servers.

New management capabilities rely on a client-server architecture. A Java-based client, as opposed to a previous Web-based client interface, now is used to access an Intrusion Defense management server. Enterasys says the new client lets users perform more-complex IDS management and eases configuration tasks.

The management software also includes a Security Event Gateway feature, which can let users aggregate information from third-party IDS appliances, firewalls and routers and build a database for tracking network events. Enterasys says this feature requires help from Enterasys' professional services arm to implement because it involves writing custom scripts for collecting and processing log files and other data from third-party products. Enterasys says next year it will have a version of Security Event Gateway that will let users self-configure the settings.

A new virtual sensor capability lets a single Dragon IDS appliance (running Intrusion Defense 7.0) monitor traffic on multiple virtual LANs, and even individual application traffic streams, when attached to a mirrored port on a network distribution switch - a box that ties together multiple desktop switches. In the past, a separate Enterasys Dragon appliance would have been needed for monitoring each individual VLAN or application stream, the vendor says.

The network-based IDS monitoring software also has been fine-tuned to process attack signatures and recognize suspicious traffic patterns more quickly, Enterasys says. Version 7.0 lets a Dragon appliance or server fitted with Gigabit Ethernet inspect traffic at near line rate. Gigabit ports were available on Dragon appliances in the past, but maximum traffic inspection speeds were about 400M to 600M bit/sec.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports