Cisco Security MARS - An Introduction

Welcome Friends !

This blog is about the Security Information Management system CS-MARS from Cisco. This blog will contain the information about the product, updates, working techniques and queries.

I hope that I can make the posts useful to all the Security analyst and the users of the product. Add your comments and queries to make this blog more useful.

To start with, everyone should know what is MARS. MARS stands for Monitoring, Analyzing and Response System.

To say in simple terms, this appliance MARS will collect all the event logs from your network devices, security devices and hosts. It correlates all the raw logs and gives you a valuable information about your traffic. It differs from a Syslog server by this correlating behaviour and its threat mitigation recommendations.

Technical Specifications

• It is an Appliance
• Pre-hardened Linux based OS
• Oracle database
• Hot swappable Raid 10 HDD in the latest models
  
• Disk Space depends on the model of the appliance. Minimum is 500 GB
• 2 x RJ-45 10/100/1000Base-T LAN
• Collects 1500 events per second in the lower end model

Major Benefits of using MARS

• MARS has a wonderful reporting option which can be used effectively to generate reports from all the devices and to generate Audit compliance reports.
• Lots of Predefined reports are available and reports are customizable.
• All the events which are collected in MARS can be viewed real-time.
  
• Threats for the network can be analyzed and the mitigation methods can be derived using MARS.
• Logs from all the devices can be stored for a long time and can be used whenever needed.
• Network traffic can be drilled down and analyzed for the incident investigation.
• MARS can be used as a single point interface to monitor all your network device events.
  
• Alerts the users for incidents through e-mail, sms etc.

I hope the post will describe the product clearly and my presentation is clear. Kindly type down your comments to improve and to rectify my mistakes.