CiscoWorks Monitoring Center for Security is a software tool that allows network administrators to see beyond individual events and attain an overall view of security. This benefits organizations experiencing the information overload that results from too many security consoles and too many events to monitor. With CiscoWorks Monitoring Center for Security, organizations can capture, store, view, correlate, and report on security events from:
• Cisco® network intrusion prevention systems (IPSs)
• Cisco network intrusion detection systems (IDSs)
• Cisco switch IDSs
• Cisco IOS® routers with inline IPS functions
• Cisco IDS modules for routers
• Cisco PIX® security appliances
• Cisco Catalyst® 6500 Series firewall services modules (FWSMs)
• CiscoWorks Management Center for Cisco Security Agents
CiscoWorks Monitoring Center for Security helps to increase the accuracy of network threat detection and lower the operational costs associated with event monitoring. The software delivers event correlation to identify attacks that are not easily recognizable from a single event. It also provides a flexible notification scheme, and automated responses to critical events. By taking advantage of user-defined event correlation rules, operators can:
• Monitor attacks against specific, high-visibility hosts (for example, a Web server)
• Monitor traffic for patterns of attacks
• Correlate IPS information from multiple security devices (for example, firewalls, network IDSs, or host IDSs)
• Receive early notification of emerging threats
• Trigger an automated response as a corrective action against an attack
• Schedule or produce reports on demand
CiscoWorks Monitoring Center for Security is a component of the CiscoWorks VPN/Security Management Solution (VMS) [2.3?], which is an integral part of the SAFE Blueprint from Cisco. CiscoWorks VMS combines Web-based tools for configuring, monitoring, and troubleshooting:
• Network IPSs
• Network IDSs
• Host-based IPSs
• Router-based IPSs
CiscoWorks VMS is an integrated security management solution that addresses the needs of both small- and large-scale VPN and security deployments by helping to protect productivity gains and reduce operating costs. Unlike point security products from multiple vendors that can leave vulnerable gaps, CiscoWorks VMS provides a comprehensive solution that ties separate security and VPN technologies into a single secure network.
FEATURES AND BENEFITS
Comprehensive Reporting Options
CiscoWorks Monitoring Center for Security offers:
• A Web-based wizard for creating flexible security reports
• A reporting template system that offers personalized lists of common reports
• The ability to create on-demand and scheduled reports
• Numerous report sorting options, including top incidents, IP addresses, time, signatures, and events
• Notifications of reports sent by e-mail
Web-Based Event Viewer to Easily Locate Attacks
With CiscoWorks Monitoring Center for Security, data can be easily reorganized by moving event field columns and sifting through thousands of events in seconds. The Event Viewer reads both real-time and historical events from the database.
Perform Event Correlation to Detect Emerging Threats
With CiscoWorks Monitoring Center for Security:
• Users can create and define rules for establishing relationships between events; for example, they can correlate by type of event, by time, across sensors, or across source addresses. This helps to identify attacks that may not be apparent from a single event.
• Users can define thresholds and time periods when certain rules should be triggered.
• If a rule is triggered, the user can be notified by e-mail and can specify the information from the suspicious packet that should be forwarded with the e-mail. Alternatively, the user can automatically execute a script as a corrective response.
CiscoWorks Monitoring Center for Security provides a relational database to store event data. Using the software tool's Web interface, database management functions such as archiving and purging can be performed easily, even by users without database administration skills.
Table 1 lists the devices and platforms supported by CiscoWorks Monitoring Center for Security.
Table 1. Supported Devices and Platforms
Devices Supported for Monitoring
Platforms Supported for Monitoring
Cisco Network IPS Sensors
Cisco IDS Sensor Software Version 4.0 and 4.1; Cisco IPS Sensor Software Version 5.0 and 5.1 (subject to change; see http://www.cisco.com/go/vms for most up-to-date information)
Cisco Switch IDS Sensors
IDSM 4.0, 4.1, 5.0, and 5.1
Cisco IPS Network Module for Cisco Routers
• Cisco IDS Sensor Software Version 4.1
• Cisco IPS Sensor Software Version 5.0 and 5.1
Cisco 1700, 2600, and 7200 Series Routers; Cisco 3725 and 3745 Multiservice Access Routers; and the Cisco 2691 Multiservice Platform
Cisco IOS Software Release 12.3(8)T4 and later, with inline IPS support
Cisco PIX Security Appliances
Cisco PIX Security Appliance Software 6.0(x), 6.1(x), 6.2(x), and 6.3.1
Cisco firewall Services Modules
Cisco FWSM Software Release 1.1
Cisco Security Agents (forwarded by CiscoWorks Management Center for Cisco Security Agents)
To download CiscoWorks Monitoring Center for Security 2.2, visit the CiscoWorks VMS download page.
SERVICE AND SUPPORT
Cisco offers a wide range of services programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services.