|
  |
The Ciscoฎ Security Monitoring,
Analysis, and Response System (Cisco Security MARS) is an
appliance-based, all-inclusive solution that provides unmatched
insight and control of your existing security deployment. Part of
Cisco's security management lifecycle, Cisco Security MARS empowers
your security and network organizations to identify, manage, and
counter security threats. It works with your existing network and
security investments to identify, isolate, and recommend precise
removal of offending elements. It also helps maintain internal
policy compliance and can be an integral part of your overall
regulatory compliance solution.
Security and network administrators
face numerous challenges, including:
Security and network information overload
Poor attack and fault identification, prioritization, and response
Increases in attack sophistication, velocity, and remediation
costs
Compliance and audit requirement adherence
Security staff and budget constraints
Cisco Security MARS addresses these challenges by:
Integrating network intelligence to modernize correlation of
network anomalies and security events
Visualizing validated incidents and automating investigation
Mitigating attacks by taking full advantage of your existing
network and security infrastructure
Monitoring systems, network, and security operations to aid in
compliance
Delivering a scalable appliance that is easy to deploy and use
with the lowest total cost of ownership (TCO) |
Cisco Security MARS transforms raw network and security data into intelligence that can be used to subvert valid security incidents and maintain compliance. This easy-to-use family of threat mitigation appliances enables operators to centralize, detect, mitigate, and report on priority threats using the network and security devices already deployed in your infrastructure.
| |
|
Cisco Security MARS captures thousands of raw events, efficiently
classifies incidents with unprecedented data reduction, and
compresses this information for archive. Managing this high volume
of security events requires a secure and stable centralized logging
platform. Cisco Security MARS appliances are security-hardened and
optimized for receiving extremely high levels of event traffic-more
than 10,000 events per second or more than 300,000 Cisco NetFlow
events per second. This high-performance correlation is made
possible through inline processing logic and the use of embedded
Oracle systems. All database functioning and tuning is transparent
to the user. Onboard storage and continual compression of historical
data archives to network file system (NFS) secondary storage devices
makes Cisco Security MARS a reliable security log/event aggregation
solution.
Incident Visualization and Mitigation
|
 |
Cisco Security MARS helps to accelerate and simplify the process of
threat identification, investigation, validation, and mitigation.
Security staff are often confronted with escalated events that
require time-consuming analysis for resolution and remediation.
Cisco Security MARS provides a powerful, interactive security
management dashboard. The operator GUI provides a topology map that
comprises real-time hotspots, incidents, attack paths, and detailed
investigation with full incident disclosure, allowing immediate
verification of valid threats.
Cisco SureVector analysis processes similar event sessions to
determine if threats are valid or have been countered by assessing
the entire attack path, down to the endpoint mandatory access conrol
(MAC) address. This automated process is accomplished by analyzing
device logs such as firewalls and intrusion prevention applications,
third-party vulnerability assessment data, and through Cisco
Security MARS endpoint scans to eliminate false positives. Users can
quickly fine-tune the system to further reduce false positives.
The goal of any security program is to keep systems online and
functioning properly-this is critical for preventing security
exposures, containing incidents, and facilitating remediation. With
the Cisco Security Monitoring, Analysis, and Response System,
operators have a rapid means to understand all of the components
involved within an attack, down to the offending and compromised
system MAC address. Cisco AutoMitigate capabilities identify
available "choke-point" devices along the attack path and
automatically provide the appropriate device commands that the user
can employ to mitigate the threat. The results can be used to
quickly and accurately prevent or contain an attack.
Real-Time Investigation and Compliance Reporting
Cisco Security MARS features an easy-to-use analysis framework that
streamlines the conventional security workflow, providing automated
case assignment, investigation, escalation, notification, and
annotation for daily operations and specialized audits. It can
graphically replay attacks and retrieve stored event data to analyze
previous events. The system fully supports ad-hoc queries for
real-time and subsequent data-mining efforts.
Cisco Security MARS offers numerous predefined reports to satisfy
operational requirements and assist in regulatory compliance
efforts, including compliance with Sarbanes-Oxley, the Gramm-Leach
Bliley Act (GLBA), the Health Insurance Portability and
Accountability Act (HIPAA), and the Federal Information Security
Management Act (FISMA) in the United States, and the EU's Revised
Basel Capital Framework (Basel II). An intuitive report generator
can modify the more than 80 standard reports or generate new reports
for an unlimited means to build action and remediation plans,
incident and network activity, security posture and audit, as well
as departmental reports-in data, trend, and chart formats. The
system also provides for batch and e-mail reporting.
|
Click Here for a Cisco MARS Demo |
