Cisco Security Monitoring, Analysis and Response System (MARS)
PDF(219.2 KB) View with Adobe Reader on a variety of devices
Updated:March 2, 2010
Strongly defended perimeters are no longer sufficient to address the security needs of today's organizations. Increasing sophistication on the part of attackers requires globally shared threat identification platforms, and companies whose borders are dissipating in the face of new trends in mobility and collaboration need cloud-based security solutions that protect their users and assets no matter where they are. With our recent announcements of Global Correlation for IPS, Hosted Email Security, and the acquisition of ScanSafe, Cisco® continues to lead the way in meeting our customers' current and emerging security needs.
Managing security solutions has always been a complex challenge, and these new realities only make it more difficult. The Cisco
® Security Management Suite, comprised of Cisco Security Manager and Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS), provides the policy, configuration, event management, reporting, correlation, and monitoring capabilities necessary to effectively visualize, configure, and control a Cisco security deployment.
In order to provide the best-in-class security management our customers demand, we must focus on these core operational use cases. Importantly, in Security MARS, Cisco will not be enhancing the support for generalized SIEM use cases, such as reporting for compliance, long-term log storage, or heterogeneous event correlation, beyond what is already supported. The Cisco Security MARS Device Support Framework will continue to allow customers to write parsers for any device they choose; however, with limited exceptions for host operating system sources, we will not be authoring new support modules for non-Cisco sources, or for new version releases of currently supported third-party devices. Moving forward, the focus for Cisco Security MARS is to provide operational security visibility for Cisco networks.
Across the board, Cisco is making substantial investments in the Cisco Security Management Suite to streamline and extend its capabilities. Major enhancements to Cisco Security Manager will provide integrated configuration, event management, and reporting capabilities for customers, giving enterprise administrators a "single pane of glass" for their security management needs. Alongside, Cisco Security MARS will continue to provide critical enterprise-class reporting and event management tools for Cisco IOS
® Intrusion Prevention Systems (IPS) and firewall deployments. Enhancements to Cisco Security MARS will focus on support for new Cisco security device features, such as reporting for the recently introduced Botnet Traffic Filters and Global Correlation capabilities in Cisco ASA 5500 Series Adaptive Security Appliances (ASA) firewalls and Cisco IOS IPS, respectively.