Cisco Security MARS 20R CS-MARS-20R-K9 データシート
製品コード
CS-MARS-20R-K9
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 10
to mitigate the threat. The results can be used to quickly and accurately prevent or contain an
attack.
Real-Time Investigation and Compliance Reporting
Cisco Security MARS features an easy-to-use analysis framework that streamlines the
conventional security workflow, providing automated case assignment, investigation, escalation,
notification, and annotation for daily operations and specialized audits. It can graphically replay
attacks and retrieve stored event data to analyze previous events. The system fully supports ad-
hoc queries for real-time and subsequent data-mining efforts.
Cisco Security MARS offers numerous predefined reports to satisfy operational requirements and
assist in regulatory compliance efforts, including compliance with Sarbanes-Oxley, the Gramm-
Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the
Federal Information Security Management Act (FISMA) in the United States, and the EU’s Revised
Basel Capital Framework (Basel II). An intuitive report generator can modify the more than 100
standard reports or generate new reports for an unlimited means to build action and remediation
plans, incident and network activity, security posture and audit, as well as departmental reports—in
data, trend, and chart formats. The system also provides for batch and e-mail reporting.
Network Admission Control Support
Cisco Security MARS will parse, normalize, correlate, and report on 802.1x authentication events
from both Layer 2 switches and Cisco Secure Access Control Server (ACS). Cisco Security MARS
will do the same using the Extensible Authentication Protocol (EAP) protocol for Layer 3 routers
and for Cisco VPN 3000 Series concentrators. This allows customers to troubleshoot device
authentication methods by determining the chain of connections between the switch, the Cisco
Secure ACS, the endpoint being validated, and the external authentication source, such as Active
Directory or network information service (NIS). Cisco Security MARS also provides centralized
reporting for Network Admission Control (NAC) Phase 1 and Phase 2 parameters that highlight the
reason for device and posture authentication failure. Examples of such reports include:
●
User report
●
User detail
●
Endpoint detail
●
Rejected endpoints report
●
Endpoint status queries failure report
●
Application posture token distribution report
●
Top ten endpoints and top ten user violations report
●
Remediation time by endpoint report
Rapid Deployment and Scalable Management
Cisco Security MARS is placed on a TCP/IP network where it can send and receive syslog
messages and Simple Network Management Protocol (SNMP) traps, and can establish secure
sessions with deployed network and security devices through standard secure or vendor-specific
protocols. No additional hardware, operating system patches, licensing, or lengthy professional
service engagements are required to install and deploy the Cisco Security Monitoring, Analysis,
and Response System. Simply configure your log sources to point to the appliance and define
any network and source through the Web-based GUI. Rapidly deploy Cisco Security MARS by