One topic causing considerable “buzz” among my students is what product will eventually replace the Cisco MARS appliance, declared End-Of-Sale late in 2010. The need for effective Security Information and Event Management (SIEM) solutions increased, if anything, over the approximate 5-year time span MARS was offered. This post presents some alternative solutions.

I would be remiss in not commenting on the very recent (at the time at which this article is being “penned”) End-of-Sale/End-of-Life announcement for the Cisco MARS product line. I have been told by a number of my students over the past 6 months that the appliance was “going away”; they no doubt were told of […]

Cisco Systems has announced yet another new MARS code release, version 6.0.7. This post will briefly mention the implications of the new features of this revision, as well as explore the usefulness of an often-received and oft-maligned message known as “Inactive CS-MARS Reporting Device”. Further examination of the release notes for OS 6.0.7 shows not […]

A powerful feature embedded in the Cisco MARS (Monitoring Analysis and Reporting System) appliances is Distributed Threat Mitigation (DTM). This is one of three device-related actions that a MARS appliance can take when either a system-defined or user-defined rule is triggered, the other two being syslog and SNMP. This post will briefly explore the background […]

One of the both noteworthy and valuable features of the Cisco MARS appliance is its ability to do resource monitoring via SNMP. With this component active, a network administrator can be alerted to conditions indicating the over-utilization of a device from either excessive traffic, denial-of-service attempts, or both. Until just recently, the SNMP monitoring was […]

A new feature introduced in Cisco MARS OS6.0 is the ability of having the appliance relay syslog messages to another server. The set of commands used to accomplish this task are shown below: [pnadmin]$ syslogrelay Usage: syslogrelay list [all | collector | src] syslogrelay {setcollector | unsetcollector} IP syslogrelay src reset syslogrelay src {include | exclude} […]

In an earlier post I wrote about Sexy Space, the cell phone bot that was recently discovered.  Just the other week, news had been released that this piece of malware is actually from several companies in China.  The interesting part is that the code was actually approved by Symbian.  The Symbian foundation requires mobile application […]

I’m teaching a MARS course in Houston this week and decided to throw out there one of the most difficult subject matters that students get hung up on: the rules. So, in this blog we’ll walk through a rule created on a MARS 6.0.3. To begin, I’ve installed SNARE from IntersectAlliance on a Windows 2003 server. […]

[youtube=http://www.youtube.com/watch?v=7T3_Sbkp_dg] Global Knowledge instructor, and author on this blog, Jim Thomas reviews the top three Cisco Security technologies found in standard networks: the MARS appliance, Cisco Security Manager, and the NAC appliance.