Cisco Security MARS 110R CS-MARS-110R-K9 数据表
产品代码
CS-MARS-110R-K9
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 10
detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as
Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and
authentication servers), and network traffic (such as Cisco NetFlow).
Cisco ContextCorrelation
As events and data are received, the information is normalized against the topology, discovered
device configurations, same source and destination applications across Network Address
Translation [NAT] boundaries. Corresponding events are grouped into sessions in real time.
System- and user-defined correlation rules are then applied to multiple sessions to identify
incidents. Cisco Security MARS ships with a full complement of predefined rules, frequently
updated by Cisco, that identify a majority of blended attack scenarios, day-zero attacks, and
worms. A graphical rule definition framework simplifies the creation of user-defined custom rules
for any application. ContextCorrelation significantly reduces raw event data, facilitates response
prioritization, and maximizes results from deployed countermeasures.
High-Performance Aggregation and Consolidation
Cisco Security MARS captures millions of raw events, efficiently classifies incidents with
unprecedented data reduction, and compresses this information for archive. Managing this high
volume of security events requires a secure and stable centralized logging platform. Cisco Security
MARS appliances are security-hardened and optimized for receiving extremely high levels of event
traffic—more than 15,000 events per second or more than 300,000 Cisco NetFlow events per
second. This high-performance correlation is made possible through inline processing logic and
the use of embedded high-performance database system. All database functions and tuning are
transparent to the user. Onboard storage and continual compression of historical data archives to
network file system (NFS) secondary storage devices makes Cisco Security MARS a reliable
security log aggregation solution.
Incident Visualization and Mitigation
Cisco Security MARS helps to accelerate and simplify the process of threat identification,
investigation, validation, and mitigation. Security staff are often confronted with escalated events
that require time-consuming analysis for resolution and remediation. Cisco Security MARS
provides a powerful, interactive security management dashboard. The operator GUI provides a
topology map that comprises real-time hotspots, incidents, attack paths, and detailed investigation
with full incident disclosure, allowing immediate verification of valid threats.
Cisco SureVector analysis processes similar event sessions to determine if threats are valid or
have been countered by assessing the entire attack path, down to the endpoint mandatory access
conrol (MAC) address. This automated process is accomplished by analyzing device logs such as
firewalls and intrusion prevention applications, third-party vulnerability assessment data, and
through Cisco Security MARS endpoint scans to eliminate false positives. Users can quickly fine-
tune the system to further reduce false positives.
The goal of any security program is to keep systems online and functioning properly—this is critical
for preventing security exposures, containing incidents, and facilitating remediation. With the Cisco
Security Monitoring, Analysis, and Response System, operators have a rapid means to understand
all of the components involved within an attack, down to the offending and compromised system
MAC address. Cisco AutoMitigate capabilities identify available “choke-point” devices along the
attack path and automatically provide the appropriate device commands that the user can employ