Last Updated on 11 Aug. 2003, Company: Enterasys Networks, Inc.
A host-based intrusion defense tool, Dragon Host Sensor monitors individual systems and applications, including today's most common operating systems, for evidence of malicious or suspicious activity in real time, and monitors key system logs for evidence of tampering. Dragon Host Sensor may be deployed on a protected host or on a dedicated analysis system where logs are forwarded from switches, firewalls, routers and other IDSs and aggregated via SNMP or syslog. Dragon Host Sensor uses a variety of techniques to detect attacks and misuse on a protected system, including analyzing the security event log, checking the integrity of critical configuration files, or checking for kernel level compromises. This hybrid approach ensures that no misuse goes undetected.