Cisco Security MARS is different from the conventional Security Information Management Solution (SIMS) or other traditional security monitoring products. Cisco Security MARS offers several advantages based upon the following features:
Cisco Security MARS is offered as a turnkey appliance. Cisco Security MARS includes an integrated Oracle database and can handle up to 10,000 events per second. The Cisco Security MARS product line also features different appliance form-factors including a lowend model that supports 500 events per second, excluding Netflow data. A turnkey appliance allows the Cisco Security MARS product to be up-and-running quickly without an extensive installation or tuning process. Cisco Security MARS displays a security incident during an attack, based upon input and events from devices within the selfdefending network. A partial list of the sources from which Cisco Security MARS can accept input and events includes the following:
Cisco Security MARS has the ability to see the entire self-defending network based upon input and events from the preceding sources. This diverse selection of input, combined with the network configurations and baseline traffic, allows Cisco Security MARS to report on specific, high-level, actionable security incidents rather than displaying and reporting based upon individual and voluminous firewall syslog and IPS Sensor events. Cisco Security MARS also supports a global controller functionality. The global controller provides a centralized management station for multiple Cisco Security MARS local controllers. |