gorgoncyber.com

What It Is

Gorgon Cyber currently presents two product lines publicly: Gorgon Defender and Gorgon Scout. Defender is an autonomous intrusion detection system that runs on OpenWRT routers. Rather than relying on the traditional stacking of rules, its core idea is to learn the behavior of real devices and deploy up to 25 “ghost” decoy hosts, making scans, reconnaissance, and lateral movement more likely to trigger high-confidence alerts. Scout, meanwhile, is a native Windows Web/API security scanning tool that emphasizes zero-proxy setup, 90+ OWASP-mapped probes, and an MCP Server, allowing scans to be initiated by AI assistants.

Core Capabilities and Deployment

Defender’s protection model leans toward network-side NIDS and deception defense, detecting port scans, network sweeps, ARP scans, unauthorized access, and lateral movement. Deployment requires a modern OpenWRT router, with support for ARM aarch64 and MIPS. It is integrated as an OpenWRT package, with detection and analysis performed primarily locally; the cloud is used only for minimal functions such as remote access and alert delivery. The management side covers iOS, Android, Windows, macOS, and Linux, offering device discovery, activity heatmaps, three-tier alerts, natural-language explanations, one-click blocking, remote auditing, OTA updates, and more.

Integrations, Pricing, and Compliance

For enterprise integration, Defender supports forwarding alerts to SIEM/SOC platforms via Syslog UDP in CEF or JSON format (RFC 5424). Alerts can be filtered by severity and include contextual information such as serial number, site ID, public IP, and GPS, making it suitable for bringing remote employees’ home networks into security operations visibility. Public materials do not disclose Defender pricing, SLA, data residency, or compliance certifications. Scout public beta is marked as free to download, but production licensing and future pricing remain unclear.

Pros, Cons, and Who It’s For

The main advantage is its clear positioning: bringing low-false-positive deception-based detection onto the router locally, reducing operational complexity for homes, small businesses, and remote work scenarios. It also has white-label and embedded-product value for ISPs, telecom operators, and router vendors. The drawbacks are its reliance on the OpenWRT ecosystem, with hardware compatibility, firmware updates, and scaled support still needing validation. Claims such as “zero false positives” also need to be confirmed through real-world testing. It is best suited for teams that want to improve visibility into home or small-office internal networks, or vendors looking to add a security selling point to router products.

Access from China

The source material does not provide information on connectivity from mainland China, payment methods, local resellers, or Chinese-language support, so china_access can only be assessed as unknown. If procuring from China, key points to verify include cloud relay reachability, push notification stability, payment and invoicing, cross-border data transfer, and possible alternatives such as local router security suites, enterprise IDS/IPS, SOC/SIEM ecosystems, or Burp Suite-style application security tools.