Guest

CiscoWorks Monitoring Center for Security

CiscoWorks Monitoring Center for Security 2.2

  • Viewing Options

  • PDF (44.8 KB)
  • Feedback
Data Sheet

PRODUCT OVERVIEW

CiscoWorks Monitoring Center for Security is a software tool that allows network administrators to see beyond individual events and attain an overall view of security. This benefits organizations experiencing the information overload that results from too many security consoles and too many events to monitor. With CiscoWorks Monitoring Center for Security, organizations can capture, store, view, correlate, and report on security events from:

• Cisco® network intrusion prevention systems (IPSs)

• Cisco network intrusion detection systems (IDSs)

• Cisco switch IDSs

• Cisco IOS® routers with inline IPS functions

• Cisco IDS modules for routers

• Cisco PIX® security appliances

• Cisco Catalyst® 6500 Series firewall services modules (FWSMs)

• CiscoWorks Management Center for Cisco Security Agents

CiscoWorks Monitoring Center for Security helps to increase the accuracy of network threat detection and lower the operational costs associated with event monitoring. The software delivers event correlation to identify attacks that are not easily recognizable from a single event. It also provides a flexible notification scheme, and automated responses to critical events. By taking advantage of user-defined event correlation rules, operators can:

• Monitor attacks against specific, high-visibility hosts (for example, a Web server)

• Monitor traffic for patterns of attacks

• Correlate IPS information from multiple security devices (for example, firewalls, network IDSs, or host IDSs)

• Receive early notification of emerging threats

• Trigger an automated response as a corrective action against an attack

• Schedule or produce reports on demand

CiscoWorks Monitoring Center for Security is a component of the CiscoWorks VPN/Security Management Solution (VMS) [2.3?], which is an integral part of the SAFE Blueprint from Cisco. CiscoWorks VMS combines Web-based tools for configuring, monitoring, and troubleshooting:

• VPNs

• Firewalls

• Network IPSs

• Network IDSs

• Host-based IPSs

• Router-based IPSs

CiscoWorks VMS is an integrated security management solution that addresses the needs of both small- and large-scale VPN and security deployments by helping to protect productivity gains and reduce operating costs. Unlike point security products from multiple vendors that can leave vulnerable gaps, CiscoWorks VMS provides a comprehensive solution that ties separate security and VPN technologies into a single secure network.

FEATURES AND BENEFITS

Comprehensive Reporting Options

CiscoWorks Monitoring Center for Security offers:

• A Web-based wizard for creating flexible security reports

• A reporting template system that offers personalized lists of common reports

• The ability to create on-demand and scheduled reports

• Numerous report sorting options, including top incidents, IP addresses, time, signatures, and events

• Notifications of reports sent by e-mail

Web-Based Event Viewer to Easily Locate Attacks

With CiscoWorks Monitoring Center for Security, data can be easily reorganized by moving event field columns and sifting through thousands of events in seconds. The Event Viewer reads both real-time and historical events from the database.

Perform Event Correlation to Detect Emerging Threats

With CiscoWorks Monitoring Center for Security:

• Users can create and define rules for establishing relationships between events; for example, they can correlate by type of event, by time, across sensors, or across source addresses. This helps to identify attacks that may not be apparent from a single event.

• Users can define thresholds and time periods when certain rules should be triggered.

• If a rule is triggered, the user can be notified by e-mail and can specify the information from the suspicious packet that should be forwarded with the e-mail. Alternatively, the user can automatically execute a script as a corrective response.

Database Management

CiscoWorks Monitoring Center for Security provides a relational database to store event data. Using the software tool's Web interface, database management functions such as archiving and purging can be performed easily, even by users without database administration skills.
Table 1 lists the devices and platforms supported by CiscoWorks Monitoring Center for Security.

Table 1. Supported Devices and Platforms

Devices Supported for Monitoring

Platforms Supported for Monitoring

Cisco Network IPS Sensors

Cisco IDS Sensor Software Version 4.0 and 4.1; Cisco IPS Sensor Software Version 5.0 and 5.1 (subject to change; see http://www.cisco.com/go/vms for most up-to-date information)

Cisco Switch IDS Sensors

IDSM 4.0, 4.1, 5.0, and 5.1

Cisco IPS Network Module for Cisco Routers
• Cisco IDS Sensor Software Version 4.1
• Cisco IPS Sensor Software Version 5.0 and 5.1
Cisco 1700, 2600, and 7200 Series Routers; Cisco 3725 and 3745 Multiservice Access Routers; and the Cisco 2691 Multiservice Platform

Cisco IOS Software Release 12.3(8)T4 and later, with inline IPS support

Cisco PIX Security Appliances

Cisco PIX Security Appliance Software 6.0(x), 6.1(x), 6.2(x), and 6.3.1

Cisco firewall Services Modules

Cisco FWSM Software Release 1.1

Cisco Security Agents (forwarded by CiscoWorks Management Center for Cisco Security Agents)

Cisco Security Agent Version 4.5

SYSTEM REQUIREMENTS

For comprehensive hardware and operating requirements, see the CiscoWorks VMS overview at http://www.cisco.com/go/vms.

ORDERING INFORMATION

CiscoWorks Monitoring Center for Security is a featured component of CiscoWorks VMS. For ordering details, select the CiscoWorks VMS product bulletin at http://www.cisco.com/go/vms. To place an order, visit the Cisco Ordering Home Page.

TO DOWNLOAD THE SOFTWARE

To download CiscoWorks Monitoring Center for Security 2.2, visit the CiscoWorks VMS download page.

SERVICE AND SUPPORT

Cisco offers a wide range of services programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services.

FOR MORE INFORMATION

For more information about CiscoWorks Monitoring Center for Security, visit http://www.cisco.com/go/vms, contact your local account representative, or send e-mail to ciscoworks@cisco.com.
Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205524.R_ETMG_KL_12.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205524.R_ETMG_KL_12.05Printed in the USA