Cisco Security Monitoring, Analysis, and Response System

• Learns the topology, configuration and behavior of your environment
• Automatically updates knowledge of new Cisco IPS signatures, for up to the minute reporting on your environment
• Promotes awareness of environmental anomalies with network behavior analysis using NetFlow and syslog
• Provides simple access to audit compliance reports with more than 150 ready-to-use customizable reports
• Makes precise recommendations for threat mitigation, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2 and Layer 3
• Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event.

MARS centrally aggregates logs and events from a wide range of popular devices:

• network devices (such as routers and switches)
• security devices and applications (such as firewalls, intrusion detection systems vulnerability scanners, and antivirus software)
• hosts (such as Microsoft Windows, Sun Solaris, and Linux syslog)
• server-based applications (such as databases, Web servers, and authentication servers)
• network traffic (such as Cisco NetFlow).

1. Cisco Security Monitoring, Analysis and Response System product page
2. Cisco Security Management Suite
3. Cisco Security Monitoring, Analysis and Response System 4.2 Q&A
4. The Unofficial Cisco MARS Blog

--bswilson (talk) 20:16, 7 November 2008 (UTC)