Cisco is no longer offering Cisco Security Monitoring, Analysis and Response System (MARS). Have you found an alternative solution? In this slideshare, we will showcase how SolarWinds Log & Event Manager might be the right choice for you.
2. Agenda
1. Why should you find a replacement now?
2. What to look for in a replacement tool?
3. Why SolarWinds could be the right alternative
a. Deployment
b. Event Correlation
c. Power of Search
d. Compliance Reporting
e. Incident Response
f. Device Support
4. Additional Security Recommendations
CISCO MARS REPLACEMENT- SOLARWINDS LEM
2
3. Why should find a replacement now?
» What’s up with Cisco MARS?
Cisco has decided it is right time for
the hardware to not be sold in the
market and it has been scrapped for
new purchases Do you have a plan B?
Cisco no longer sells Cisco Security We have one for you…
Monitoring, Analysis and Response
Check how SolarWinds Log and
System (MARS) Event Manager (LEM) can help?
Read the End-of-Life Notice to learn
more
CISCO MARS REPLACEMENT- SOLARWINDS LEM
3
4. What to look for in a replacement tool?
» Best-in-class SIEM technology provides:
All-in-one affordable log and event analysis
Active responses to react to real-time threats while complying with
regulatory policies
» Also a SIEM tool that has in-memory analytics that can capture, correlate
and respond to network attacks and insider abuse at network speed.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
4
5. Why SolarWinds could be your alternative
Let us consider the top 6 decisive factors:
1. Deployment
2. Event-Correlation functionality
3. Power of Search
4. Compliance Reporting
5. Incident Response
6. Device Support
» See how SolarWinds Log and Event Manager (LEM) compares to Cisco
MARS on all the above parameters.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
5
6. Deployment
» Cisco MARS » SolarWinds LEM
It is a hardware appliance which Its a virtual appliance which
requires physical setup and downloads and deploys in just
network connections to become under an hour.
fully operational.
It is not a standalone solution, LEM is all equipped own its
but part of Cisco Security own and needs no supporting
Management Suite which needs and add-on devices or modules
the support of Cisco Security to deliver its full service.
Manager (CSM) to deliver the
full extent of service.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
6
7. Event Correlation
» Cisco MARS » SolarWinds LEM
It comes with the complexity of As a standalone product, uses
defining and building its multi-dimensional
correlation rules to handle correlation engine to detect
multiple device and multiple behavioral anomalies in real-
events time.
Relies on Cisco CSM to perform It also employs a simple and
event correlation easy-to-use rule builder with
familiar drag and drop
interface, icon-based tool
panel and graphical object
selection panel.
LEM also comes with 700+ pre-built correlation rules that cover critical network
infrastructure, change management and network security functions.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
7
8. Event Correlation (Contd…)
» SolarWinds LEM can:
Correlate time-based and transaction-
based events
Send notifications and trigger actions
based on event correlation that
happens in-memory
Perform multiple event correlation
Ability to set independent thresholds
for activity per event, or group of
events
Leverage non-linear event correlation
Access to field-level data for event LEM’s Correlation Rule Builder Interface with Simple Drag &
Drop Options
correlation rules
Create user-defined groups and
variables for event correlation rules
CISCO MARS REPLACEMENT- SOLARWINDS LEM
8
9. Power of Search
» Cisco MARS » SolarWinds LEM
The scope of search in MARS is LEM is equipped with a powerful
basic and limited and intuitive search option with
which you can explore search log
The method of search is not data visually.
very simple
It also allows you to use search
tools like Word Clouds, Tree-
maps, Bubble Charts and
Histograms.
Notable here is the Word Clouds -
the first implementation ever in a log monitoring system.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
9
10. Power of Search (Contd…)
» Not just search, LEM allows you to
store log data in a centralized
repository.
» Compares original log data and
normalized event data side-by-side
and easily found with LEM’s
various search options.
» Eliminates the need for additional
hardware with a high compression
data model that stores data at up
to a 60:1 compression ratio. LEM’s Advanced & Intuitive IT Search Options
CISCO MARS REPLACEMENT- SOLARWINDS LEM
10
11. Compliance Reporting
» LEM comes with 300+ "audit-
proven" compliance reports to
comply with so many federal
policies like PCI DSS, GLBA, SOX,
NERC CIP, HIPAA and even more.
» You can run these policies
through LEM to get graphical
report summaries from the
extensive resource of log data
that were captured in real-time.
» Cisco MARS is not equipped with
Select Your Choice of Regulatory Compliance Policies and Run Reports Using LEM
such a store of compliance
reports
CISCO MARS REPLACEMENT- SOLARWINDS LEM
11
12. Incident Response
» With a library of built-in Active Responses LEM
executes the automated responses needed to
mitigate threats and respond to operational
issues, security breaches, malware and policy
violations immediately.
» LEM doesn’t need any integration with any
Incident Response system.
» Whereas Cisco MARS which requires
integration with Cisco Intrusion Prevention
System (IPS) to respond and take action on LEM’s Active Response Technology in Action
real-time security threats.
Some of LEM’s Active Responses include quarantining infected machines, blocking IP
addresses, disabling user accounts, killing unauthorized processes and restarting services.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
12
13. Device Support
» MARS is focused on Cisco networking devices
» SolarWinds LEM extends support to network devices from dozens of
manufacturers, hundreds of products, and thousands of models and
various operating systems and applications.
Supports Multiple Devices
CISCO MARS REPLACEMENT- SOLARWINDS LEM
13
14. Test Drive an Alternative for MARS
» SolarWinds’ best-in-class SIEM technology provides all-in-one affordable
log and event analysis and management software that also performs
active responses to react to real-time threats while complying with
regulatory policies.
Try out the fully-functional 30-day free trial to see LEM in action.
CISCO MARS REPLACEMENT- SOLARWINDS LEM
14
15. Additional Security Recommendations
» Some other key areas that you may need to equip yourself are:
Firewall Security Management
Network Change & Configuration Management
Endpoint Vulnerability Management
Endpoint Data Loss Preventions
» You can read more from this whitepaper
The Case for Security Information and
Event Management (SIEM) in Proactive
Network Defense
CISCO MARS REPLACEMENT- SOLARWINDS LEM
15