|
The sheer quantity of information generated by modern security appliances can be overwhelming.
But it is precisely this information which can put IT managers in a position to
effectively manage a company wide security policy, protecting company assets from unauthorised
intrusion and network infrstructure from down time due to security compromises.
The problem for IT managers is how to organise this huge amount of data so that a coherent,
manageable picture of the network emerges. Information can be the most effective weapon a modern
IT manager has in the security wars.
Cisco Security MARS provides centralised security monitoring which puts all this information at
your fingertips, but it goes several steps further than just reporting. In addition to providing
timely information on security threats, Cisco Security MARS combines event monitoring with network
intelligence,vector analysis, anomaly correlation, and most importantly, automated threat
mitigation capabilities.
- Centralised Monitoring
Routers, switches, VPN concentrators and endpoint devices all produce a bewildering
array of syslog information, alerts and NetFlow communication. But all this important information
is useless unless it can be simply correlated, accessed and assessed.
Cisco Security MARS correlates
and manages all this information automaticaly, allowing it to pin threat information down to the
IP address or MAC address of the closest attached switch port, providing IT managers with a clear
picture of what is happening where on the network.
- Central Event Repository
A central event repository collates all security event information generated by all security
devices on the network. Network device events as well as workstation and server logs are also
collected, all event information being cross-correlated in real time. Never before have IT
managers had single point access to such detailed information from so many areas of the
network.
- Data Reduction
Information overload. The best security information is useless unless it is effectively managed,
and reduced down to the most important essentials. The Cisco Security MARS appliances can reduce
millions of messages down to the handfull that really count for effective threat defense.
- Attack Mitigation
Not only do the CS MARS appliances collect, collate and manage information on network security
events, they also recognize the nature of the threat and recommend mitigation proceedures before
the problems can get out of control. By reducing network down time, this feature also cuts
infrastructure running costs.
- Network Awareness
By integrating Network Address Translation/Port Address Translation (NAT/PAT),
CS MARS allows IT managers to identify attacks, targets, and security hot spots on the network
in graphical format.
- Integrated Vulnerability Assessment
False positives, the bane of many other security information management and reporting
products, is greatly reduced with Cisco Security MARS. No more wasting of network
administration staff's time following up problems which don't exist.
- Reduced Deployment and Operational Costs
With stretched IT budgets, cost is always a factor. CS MARS automatically discovers and
maps network topology, greatly reducing implementation time.
- Automatic Threat Mitigation
Automatic threat mitigation capabilities set the Cisco Security MARS suite of appliances
head and shoulders above the competition. By identifying choke-point devices and identifying MAC
address, workstation name, VPN user-name and initial point of attack, attacks can be quickly
mitigated and damage and resultant network down-time reduced.
All the above, coupled with a high performance and highly scalable architecture make Cisco
Security MARS the industry leader in security information management and reporting and threat
mitigation.
To find out more about the Cisco Security MARS appliances, please e-mail
sales@cisilion.com
or call us on +44 (0)870 15 25 750.
|
