Enterasys Dragon® Host Sensor and Web Server Intrusion Prevention

Dragon® Host Sensor and Web Server Intrusion Prevention, Must be purchased with a Host License Scalable, Flexible Host-Based Intrusion Defense

A host-based intrusion defense tool, Dragon Host Sensor prevents web attacks and monitors individual systems running today’s most common operating system for evidence of malicious or suspicious activity in real time.

Dragon Host Sensor may be deployed on a protected host where it uses a variety of techniques to detect attacks and misuse on the system, including analyzing the security event log, checking the integrity of critical configuration files, or checking for kernel level compromises. Dragon Host Sensor may also be deployed on a dedicated analysis system where logs are forwarded and analyzed from most commercial firewalls, routers, switches and other IDS devices.

The Dragon Host Sensor Web Intrusion Pervention System (Web IPS) module averts attacks on web servers running Microsoft IIS and Apache to provide maximum protection while operating with minimal overhead on the system. The web IPS provides threat prevention for a large array of attacks and can terminate individual malicious sessions.

Features & Benefits:

Web Server Intrusion Prevention

- Averts attacks on the most widely used web servers: Microsoft™ IIS and Apache.

File attributes monitoring

- Monitors file attributes such as owner, group.

File integrity checking

- Determines if content has been changed via MD5 hash.

Log file analysis

- Analyzes files or directories against signature policy.

Windows event log analysis

- Monitors Windows event logs for misuse or attack.

Windows registry analysis

- Analyzes Windows registry for attributes that should not be accessed and/or modified.

TCP/UDP service detection

- Monitors for opened TCP and UDP ports for protection against backdoor services.

Kernel monitoring

- Detects suspicious privilege escalations and other signs of kernel-level compromise.

Custom module interface

- Provides an open and easy interface for custom module development.

Customizable through Microsoft’s .Net Framework

- Custom modules can extend functionality using Microsoft’s .Net.