Previous Page Next Page

Chapter 23. Security Monitoring and Correlation

The monitoring and correlation of network security infrastructure in the modern day network is becoming a challenge because each network component generates its own set of logs, events, alerts, and various notification messages, thereby creating a massive collection of event logs for analysis and investigation.

Cisco Security Monitoring, Analysis, and Response System (CS-MARS) is a comprehensive appliance-based solution providing security information and event management. CS-MARS offers network intelligence to identify and correlate events, pinpoint attack paths, and provide comprehensive security threat control and mitigation.

This chapter provides details of the appliance-based security information management (SIM) system that uses the industry standard CS-MARS solution.

The chapter takes a closer look at the core concepts of the CS-MARS appliance and its features and capabilities, and highlights the key concepts such as events, sessions, rules, and incidents.

The chapter gives an overview of the various deployment scenarios and implementation of the CS-MARS solution using the Standalone, Local Controllers (LC), and Global Controllers (GC) options. The chapter provides an overview of the CS-MARS web-based management interface and a basic overview of configuring CS-MARS appliance.

Security Information and Event Management

Security information and event management systems provide network intelligence by aggregating security events and logs from various network devices, analyzing the logs through various querying and correlation technology techniques, and generating meaningful reports regarding network anomalies and security events occurring within the network.

CS-MARS is a comprehensive security information and event management solution that identifies, manages, and mitigates security threats. CS-MARS integrates with the existing network and security infrastructure and is capable of discovering the existing network. CS-MARS can be an integral part of maintaining and enforcing the overall security policy and regulatory compliance solution.

Previous Page Next Page