Guest

CiscoWorks Monitoring Center for Security

CiscoWorks Monitoring Center for Security 2.1

  • Viewing Options

  • PDF (46.7 KB)
  • Feedback
DATA SHEET

PRODUCT OVERVIEW

CiscoWorks Monitoring Center for Security benefits organizations experiencing information overload, resulting from too many security consoles and too many events to monitor. It allows the administrator to see beyond individual events and view security overall.
CiscoWorks Monitoring Center for Security is a tool to capture, store, view, correlate, and report on security events from:

• Cisco® Network Intrusion Prevention Systems (IPS)

• Cisco® Network Intrusion Detection Systems (IPS)

• Cisco Switch IDS

• Cisco IOS® routers with inline Intrusion Prevention System (IPS) functions

• Cisco IDS modules for routers

• Cisco PIX® firewalls

• Cisco Catalyst® 6500 Series Firewall Services Modules (FWSM)

• CiscoWorks Management Center for Cisco Security Agents

• CiscoWorks Monitoring Center for Security servers

CiscoWorks Monitoring Center for Security increases the accuracy of threat detection and lowers the operational costs for event monitoring. The software delivers event correlation to identify attacks that are not easily recognizable from a single event, a flexible notification scheme, and automated responses to critical events. By taking advantage of user-defined event correlation rules, the operator can:

• Monitor attacks against specific, high-visibility hosts (for example, a Web server)

• Monitor the traffic for patterns of attacks

• Correlate IPS information from multiple security devices (for example, firewall, network IDS, host IDS)

• Receive early notification of emerging threats

• Trigger an automated response, as a corrective action against an attack

• Schedule or produce reports on demand

CiscoWorks Monitoring Center for Security is a component of the CiscoWorks VPN/Security Management Solution (VMS). CiscoWorks VMS is an integral part of the SAFE Blueprint from Cisco and combines Web-based tools for configuring, monitoring, and troubleshooting:

• VPNs

• Firewalls

• Network IPSs

• Network IDSs

• Host-based IPSs

• Router-based IPSs

CiscoWorks VMS is an integrated security management solution that addresses the needs of both small- and large-scale VPN and security deployments by helping to protect productivity gains and reduce operating costs. Unlike point security products from multiple vendors that can leave vulnerable gaps, CiscoWorks VMS provides a comprehensive solution that ties separate security and VPN technologies into a single secure network.

New Features

CiscoWorks Monitoring Center for Security 2.1 includes several new features:

• A Security Device Event Exchange (SDEE) server that can be used for hierarchical event monitoring

• Support for Cisco IOS routers with inline intrusion prevention software

• Support for IPS 5.0, which allows the operator to monitor network IPS sensors that communicate using the Security Device Event Exchange (SDEE), allowing the operator to subscribe to specific IPS event types and better control which events are received

• New Action Types for IPS to include: Deny Attacker, Deny Flow, and Deny Packet

• New Risk Rating for IPS-The risk scaling algorithm is at the heart of increasing the confidence level of the analysis and allows the user to control the "paranoia" level at which they choose to take actions

• Filter Options-The ability to filter on: Severity, Locality, Signature Family, Signature Name, Source/Destination Port, Risk Rating, Alarm Trait, and Sensor Name

• Copy and Past form Event Viewer

• Enhancements in the event viewer include performance improvements for event deletions and an addition of a new interface graphing capability

• Icon bar and console notifications for completion of reports, error situations, and system messaging

• Persistence of the preferred column ordering in the event viewer

• Flexible storage options for reports, including to the database or a file

• Additional reports for firewalls and Cisco security agents

• An increase in the number of active events rules, which help identify critical events and automate responses to them

• The ability to import Cisco IPS Sensor configurations from a remote Management Center for IPS Sensors server

FEATURES AND BENEFITS

Comprehensive Reporting Options for Finding Information

• Web-based wizard for creating flexible security reports

• Reporting template system offering personalized list of common reports

• On-demand and scheduled reports

• Reports by top incidents, by IP address, by time, by signature, by event, etc.

• Notifications of reports sent by e-mail

Web-Based Event Viewer with Features to Easily Locate Attacks

Easily reorganize data by moving event field columns and sifting through thousands of events in seconds. The Event Viewer reads both real-time and historical events from the database.

Perform Event Correlation to Detect an Emerging Threat

• Create user-defined rules for establishing relationships between events (correlate by type of event, by time, across sensors, across source addresses, etc.). This helps to identify attacks that may not be apparent from a single event.

• The user can define thresholds and time periods when a rule should be triggered.

• If a rule is triggered, the user can be notified by e-mail and fine-tune what information from the suspicious packet is forwarded with the e-mail. Alternatively, the user automatically can execute a script as a corrective response.

Database Management

CiscoWorks Monitoring Center for Security provides a relational database to store event data. Various database management functions such as archiving and purging can be performed easily without database administration skills within CiscoWorks Monitoring Center for Security using the Web interface.

Table 1. Supported Devices

Devices Supported for Monitoring

Platforms Supported for Monitoring

Cisco Network IPS Sensors

Software Version Supported: Cisco IDS Sensor Software versions 4.0, 4.1, and 5.0 (Subject to change-see http://www.cisco.com/go/vms for most up-to-date information.)

Cisco Switch IDS (IDSM) Sensors

IDSM 4.0, 4.1, and 5.0

Cisco IPS Network Module for Cisco Routers
• Cisco IDS Sensor Software Version 4.1
• Cisco IPS Sensor Software Version 5.0
Cisco 1700, 2600, and 7200 Series Routers, Cisco 3725 and 3745 Multiservice Access Routers, and the Cisco 2691 Multiservice Platform

Cisco IOS Software Release 12.3(8)T4 and later with Inline Intrusion Prevention Software support

Cisco PIX Firewall

Cisco PIX Firewall OS 6.0(x), 6.1(x), 6.2(x), and 6.3.1

Cisco Firewall Services Modules

Release 1.1

Cisco Security Agents (Forwarded by Management Center for Cisco Security Agents)

Release 4.5

SYSTEM REQUIREMENTS

For comprehensive hardware and operating requirements see the CiscoWorks VMS Overview at http://www.cisco.com/go/vms.

ORDERING INFORMATION

CiscoWorks Monitoring Center for Security is a featured component of CiscoWorks VMS. For ordering details, click the CiscoWorks VMS Product Bulletin at http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_bulletins_list.html. To place an order, visit the Cisco Ordering Home Page.

SERVICE AND SUPPORT

Cisco Systems ® offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.

FOR MORE INFORMATION

For more information about the CiscoWorks Management Center for Security, visit http://www.cisco.com/go/vms, contact your local account representative, or send e-mail to ciscoworks@cisco.com.
Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205314.BN_ETMG_LF_6.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205314.BN_ETMG_LF_6.05Printed in the USA