Because of increased security attack frequency, security monitoring and correlation of network infrastructure is extremely crucial. The result is that each component within the infrastructure is enabled to generate various logs and alerts to yield essential information to aid forensic analysis, auditing, and threat mitigation. Unfortunately, this generates a tremendous amount of raw data for the end user to analyze and effectively utilize for security threat mitigation.
The Cisco Security Monitoring, Analysis, and Response System (CS-MARS) appliance-based security information management (SIM) system offers a comprehensive solution to address this issue.
The CS-MARS offers network intelligence to precisely identify and correlate events, pinpoint attack paths, and provide a comprehensive security threat control and mitigation solution.
This chapter provided an overview of the CS-MARS solution using various illustrations.
The chapter provided the core concepts of the CS-MARS appliance and its features and capabilities, and highlighted the key concepts necessary to understanding and implementing the CS-MARS solution.
The chapter provided an overview of CS-MARS deployment scenarios and a basic overview of configuring CS-MARS appliance. For more information on CS-MARS deployment setups and configurations, refer to the following:
Security Monitoring with Cisco Security MARS
http://www.ciscopress.com/title/1587052709
Security Threat Mitigation and Response: Understanding Cisco Security MARS, Adobe Reader