Cisco Security MARS 110R CS-MARS-110R-K9 データシート
製品コード
CS-MARS-110R-K9
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 10
forwarding messages from existing syslog-ng or Kiwi syslog servers. This feature eliminates many
network and device changes required to insert Cisco Security MARS into an operational network.
Cisco Security MARS appliance is centrally managed through a secure Web-based interface that
supports role-based administration and authentication. The optional Global Controller appliance
centralizes expansive security operations to provide a single view of the entire enterprise and to
disseminate access privileges, configurations, updates, customized rules, and report templates, as
well as to coordinate complex investigations with accelerated queries and reports that are
processed locally.
As the local Cisco Security MARS appliances execute queries and rules across the enterprise, the
results are efficiently consolidated for rapid and centralized analysis at the system’s Global
Controller. This scalable architecture yields an additional level of distributed processing and
storage. The result is more cost-effective deployment and greater manageability, which addresses
the requirements of large and geographically dispersed organizations.
New Features in Release 4.3.1 and 5.3.1
Login Security
This feature set is focused on improving the security of the Cisco Security MARS system when
used in distributed environments. This feature set is made up of two categories of features, one
that is focused on the providing secure password management and off-box authentication of Cisco
Security MARS users and the second that is focused on providing session timeout control to the
administrator for individual Cisco Security MARS users. Off-MARS authentication is provided via
RADIUS support in Cisco Security MARS and allows Cisco Security MARS to authenticate with a
RADIUS server before allowing users to login to the appliance. This functionality inherently
provides Cisco Security MARS with additional capabilities such as the password aging and
minimum password requirements such as length and type of password used, all via RADIUS. The
session timeout features provide the administrator a means of enforcing policy on users who may
not log out of the Cisco Security MARS device over longer periods of time, therefore if an
administrator were to require a policy that stated Cisco Security MARS should log out users who
are inactive for 15 minutes, this feature set can enforce that policy.
Syslog Forwarding
Syslog Forwarding support in Cisco Security MARS will allow Cisco Security MARS to forward
syslog messages it receives from syslog sources to another syslog receiver. In earlier Cisco
Security MARS releases support for receiving syslog messages from a syslog Relay device was
added. Therefore the syslog forwarding feature set in this release enhances support for syslog
within Cisco Security MARS, and allows for the insertion of Cisco Security MARS into an already
established syslog architecture.
Cisco IPS 6.0 Dynamic Signature Updates
Dynamic Signature Update capability provides Cisco Security MARS with the ability to recognize
events that are generated by a Cisco IPS device versions 5.x and 6.x. Beginning in release 4.3.1
and 5.3.1, Cisco Security MARS can discover the new signatures and correctly process and
categorize received events that match those signatures. These updates provide event
normalization and event group mapping, and they enable the Cisco Security MARS to parse Day
Zero signatures from the Cisco IPS device. The downloaded update information is an XML file that
contains the Cisco IPS signatures. This feature set provides improved security by way of
automation and ease of use to the user.