Cisco Security Monitoring, Analysis, and Response System
Encyclopedia
Cisco
Cisco
Cisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...

 Security Monitoring, Analysis, and Response System (MARS
MARS
MARS is a block cipher that was IBM's submission to the Advanced Encryption Standard process. MARS was selected as an AES finalist in August 1999, after the AES2 conference in March 1999, where it was voted as the fifth and last finalist algorithm....

)
is a security monitoring tool for network devices. Together with the Cisco Security Manager
Cisco Security Manager
Cisco Security Manager is an Enterprise software management application designed to configure firewall, VPN, and Intrusion-prevention system security services on Cisco network and security devices...

 (CSM) product, MARS make up the 2 primary components of the Cisco Security Management Suite.

MARS is an appliance-based solution that provides insight and control of existing security deployments. It can monitor security events and information from a wide variety of sources, including third-party devices and hosts. The correlation engine in MARS can identify anomalous behavior and security threats and can use large amounts of information collected for forensics analysis and compliance reporting.

Features

  • Learns the topology, configuration and behavior of your environment
  • Automatically updates knowledge of new Cisco IPS signatures, for up to the minute reporting on your environment
  • Promotes awareness of environmental anomalies with network behavior analysis using NetFlow and syslog
  • Provides simple access to audit compliance reports with more than 150 ready-to-use customizable reports
  • Makes precise recommendations for threat mitigation, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2 and Layer 3
  • Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event.

Supported Types

MARS centrally aggregates logs and events from a wide range of popular devices:
  • network devices (such as routers and switches)
  • security devices and applications (such as firewalls
    Firewall (computing)
    A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....

    , intrusion detection systems vulnerability scanners, and antivirus software)
  • hosts (such as Microsoft Windows, Sun Microsystems
    Sun Microsystems
    Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...

     Solaris, and Linux
    Linux
    Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

     syslog
    Syslog
    Syslog is a standard for computer data logging. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them...

    )
  • server-based applications (such as databases, Web servers, and authentication servers)
    • Note: Web logging is only supported on hosts running Microsoft IIS on Windows, Apache on Solaris or Linux, or iPlanet on Solaris.
      • Note: Hosts running Microsoft IIS on Windows need to run InterSect Alliance SNARE
        Snare (software)
        Snare is a group of open-source agents, and a commercial server, used to collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis...

         for IIS, from which MARS receives web log data.
  • network traffic (such as Cisco NetFlow
    Netflow
    NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...

    ).

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK