Home :: Content

Cisco MARS (Monitoring, Analysis, Response System) Version 1.0


mars.jpg
Quick View
Summary: 

Cisco Security Monitoring, Analysis, and Response System (MARS) provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with MARS greatly reduces false positives by providing an end-to-end topological view of the network, which helps improve threat identification, mitigation responses, and compliance.

This project is an initial deployment into the ASU network.  From this project a larger deployment that encompasses the entire university will be designed for future deployment.

The capability of this appliance is to correlate a number of security logs from the ASU network, servers, and possibly personal computers.  The initial deployment for the system is in the UTO Data Center. 

Other features and benefits of Cisco Security MARS:

  • "Learns" the topology, configuration and behavior of the environment
  • Automatically updates knowledge of new Cisco IPS signatures, for up to the minute reporting on the environment
  • Promotes awareness of environmental anomalies with network behavior analysis using NetFlow and syslog
  • Provides simple access to audit compliance reports
  • Makes precise recommendations for threat mitigation, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2 and Layer 3
  • Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event.
Start Date: 
November 13, 2008
Go Live: 
April 1, 2009
End Date: 
May 22, 2009
Current Milestone: 
Project complete.
Stage: 
Recently Released - Completed in last 3 months.
People
Sponsor/Champion: 
Adrian Sannier, Vice President and University Technology Officer
Lead Customer: 
Scott Banks
Project Manager: 
Sharan Johnson
Contact for more information: 
marvin.simkin@asu.edu
Associate VP University Technology: 
Scott Banks
University Technology Director: 
Dave McKee
More Info
Source: 
Internal
Priority: 
Medium
Scope: 

 The scope of information being analyzed will be limited to the ASU Data Center and the two core routers.   

  • Correlate security related information from the ASU Data Center into one location.
  • Analyze security, network, and server logs to triangulate on important security risks.
  • Provide the Security Office with the ability to assess the security status of the ASU Data Center.

 

 

All Milestones and Schedule: 
  • Kick Off meeting -- Completed
  • Determine the resources required for implementation. -- Completed
  • Installation of the MARS appliance into the desginated network -- Completed
  • Upgrade to version 6.0 -- Completed
  • Creation of Architectual drawings -- Completed
  • Architectual review board -- Completed
  • Determine placement and logs that the initial system will analyze -- Completed
  • Configuration of external system logging -- Completed
  • Initial Configuration of the MARS appliance -- Completed
  • Soft Launch - Initial Go Live (Installed and Running) -- Completed
  • Add netflow information -- Completed
  • Preliminary evaluation of data and filters -- Completed
  • Go Live Enhanced Configuration -- Milestone to be met by May 22, 2009
  • Post Implementation Review - on project & next steps. -- Milestone to be met by May 22, 2009
Deliverables: 

Implementation of the MARS appliance into the UTO Data Center.

Risk & Threats: 
  • Non-implementation continues to leave the ASU Data Center vulnerabilities and threats virtually unknown until after an incident.
  • In ability to reach complete compliance for a number of security compliance requirements.
Links
Cisco MARS Information
Syndicate content