Datasheet
Data Sheet
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 9
Cisco SureVector analysis processes similar event sessions to determine if threats are valid or
have been countered by assessing the entire attack path, down to the endpoint MAC address. This
automated process is accomplished by analyzing device logs such as firewalls and intrusion
prevention applications, third-party vulnerability assessment data, and Cisco Security MARS
endpoint scans to eliminate false positives. Users can quickly fine-tune the system to further
reduce false positives.
The goal of any security program is to keep systems online and functioning properly—this is critical
for preventing security exposures, containing incidents, and facilitating remediation. With Cisco
Security MARS, operators have a rapid means to understand all of the components involved in an
attack, down to the offending and compromised system MAC address. Cisco AutoMitigate
capabilities identify available “chokepoint” devices along the attack path and automatically provide
the appropriate device commands that the user can employ to mitigate the threat. The results can
be used to quickly and accurately prevent or contain an attack.
Real-Time Investigation and Compliance Reporting
Cisco Security MARS features an easy-to-use analysis framework that simplifies the conventional
security workflow, providing automated case assignment, investigation, escalation, notification,
and annotation for daily operations and specialized audits. Cisco Security MARS can graphically
replay attacks and retrieve stored event data to analyze previous events. The system fully supports
spontaneous queries for real-time and subsequent data-mining efforts.
Cisco Security MARS offers numerous predefined reports to satisfy operational requirements and
assist in regulatory compliance efforts, including compliance with the Payment Card Industry Data
Security Standard (PCI-DSS), Sarbanes-Oxley, Gramm-Leach Bliley Act (GLBA), the Health
Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security
Management Act (FISMA) in the United States; the EU’s Revised Basel Capital Framework (Basel
II); and others. An intuitive report generator can modify the more than 100 standard reports or
generate new reports for an unlimited means to build action and remediation plans, incident and
network activity, security posture and audit, as well as departmental reports—in data, trend, and
chart formats. The system also provides for batch and e-mail reporting.
Rapid Deployment and Scalable Management
Cisco Security MARS is placed on a network, where it can send and receive syslog messages and
Simple Network Management Protocol (SNMP) traps and can establish secure sessions with
deployed network and security devices through standard secure or vendor-specific protocols. No
additional hardware, operating system patches, licensing, or lengthy professional service
engagements are required to install and deploy Cisco Security MARS. Simply configure your log
sources to point to Cisco Security MARS and define any network and source through the Web-
based GUI. Cisco Security MARS can also forward syslogs to an external syslog server to
integrate with existing network infrastructures.
Cisco Security MARS supports the optional Global Controller appliance which centralizes security
Local Controller reporting to provide a single view report aggregation of the enterprise Local
Controller environment.
Global Controller Capabilities include:
●
Aggregation of reports across the Local Controller deployment