Cisco Security Manager Linkages


Cisco Security MARS supports integration or "linkages" with Cisco Security Manager. The ability to directly integrate between Cisco Security MARS and Cisco Security Manager enables security operators to cross-launch between the monitoring and configuration components. The ability to correlate or cross-launch between monitoring and configuration components can be especially useful in debugging or trouble-ticket situations.

Cisco Security MARS contains a feature that directly links an incident with a security policy in Cisco Security Manager. Specifically, Cisco Security MARS enables the user to select a syslog from a security incident and display the access control list (ACL) rule in Cisco Security Manager that generated the syslog.

Cisco Security MARS provides an incident to signify to the security operator that something of significance is occurring within the network. The incident is composed of various events that are reported by the devices within the self-defending network. Cisco Security MARS contains an entry under Reporting Devices in the Event entries for the incident. Figure 10-13 displays an example of how an incident can indicate that a reporting device has a policy link to Cisco Security Manager.

Figure 10-13. Incident with Cisco Security Manager Policy Entry


This policy entry is supported only for Cisco devices that are configured by Cisco Security Manager to deploy access list rules to these devices. Selecting this policy entry displays the access list configured by the Cisco Security Manager that generated the syslog in the security event. The ability to display the access list rules from the security event in Cisco Security MARS allows for quick debugging of many security situations and can allow the user to quickly address and rectify the security event that is reported by Cisco Security MARS.

The policy link in Cisco Security MARS displays a copy of the desired access list rules configured in Cisco Security Manager. Figure 10-14 displays an example of how to launch the policy link from the reporting device in Cisco Security MARS, and Figure 10-15 displays the resulting access control list (ACL) rule table from Cisco Security Manager.

Figure 10-14. Launch Policy Link from Cisco Security MARS


Figure 10-15. Access Control List (ACL) Rule Table Display


The linkages between Cisco Security MARS and Cisco Security Manager provide another example of how centralized management is the "coach" that allows the self-defending network to be deployed and managed in an integrated and holistic fashion.



Setf-Defending Networks(c) The Next Generation of network Security
Self-Defending Networks: The Next Generation of Network Security
ISBN: 1587052539
EAN: 2147483647
Year: N/A
Pages: 112

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net