What is your alternative to Cisco MARS?
•
1 gostou•2,705 visualizações
Cisco is no longer offering Cisco Security Monitoring, Analysis and Response System (MARS). Have you found an alternative solution? In this slideshare, we will showcase how SolarWinds Log & Event Manager might be the right choice for you.
Recomendados
Recomendados
Mais conteúdo relacionado
Semelhante a What is your alternative to Cisco MARS?
Semelhante a What is your alternative to Cisco MARS? (20)
Mais de SolarWinds
Mais de SolarWinds (20)
Último
Último (20)
What is your alternative to Cisco MARS?
- 1. Have you planned your replacement for Cisco MARS? © 2013, SolarWinds Worldwide, LLC. All rights reserved. 1
- 2. Agenda 1. Why should you find a replacement now? 2. What to look for in a replacement tool? 3. Why SolarWinds could be the right alternative a. Deployment b. Event Correlation c. Power of Search d. Compliance Reporting e. Incident Response f. Device Support 4. Additional Security Recommendations CISCO MARS REPLACEMENT- SOLARWINDS LEM 2
- 3. Why should find a replacement now? » What’s up with Cisco MARS? Cisco has decided it is right time for the hardware to not be sold in the market and it has been scrapped for new purchases Do you have a plan B? Cisco no longer sells Cisco Security We have one for you… Monitoring, Analysis and Response Check how SolarWinds Log and System (MARS) Event Manager (LEM) can help? Read the End-of-Life Notice to learn more CISCO MARS REPLACEMENT- SOLARWINDS LEM 3
- 4. What to look for in a replacement tool? » Best-in-class SIEM technology provides: All-in-one affordable log and event analysis Active responses to react to real-time threats while complying with regulatory policies » Also a SIEM tool that has in-memory analytics that can capture, correlate and respond to network attacks and insider abuse at network speed. CISCO MARS REPLACEMENT- SOLARWINDS LEM 4
- 5. Why SolarWinds could be your alternative Let us consider the top 6 decisive factors: 1. Deployment 2. Event-Correlation functionality 3. Power of Search 4. Compliance Reporting 5. Incident Response 6. Device Support » See how SolarWinds Log and Event Manager (LEM) compares to Cisco MARS on all the above parameters. CISCO MARS REPLACEMENT- SOLARWINDS LEM 5
- 6. Deployment » Cisco MARS » SolarWinds LEM It is a hardware appliance which Its a virtual appliance which requires physical setup and downloads and deploys in just network connections to become under an hour. fully operational. It is not a standalone solution, LEM is all equipped own its but part of Cisco Security own and needs no supporting Management Suite which needs and add-on devices or modules the support of Cisco Security to deliver its full service. Manager (CSM) to deliver the full extent of service. CISCO MARS REPLACEMENT- SOLARWINDS LEM 6
- 7. Event Correlation » Cisco MARS » SolarWinds LEM It comes with the complexity of As a standalone product, uses defining and building its multi-dimensional correlation rules to handle correlation engine to detect multiple device and multiple behavioral anomalies in real- events time. Relies on Cisco CSM to perform It also employs a simple and event correlation easy-to-use rule builder with familiar drag and drop interface, icon-based tool panel and graphical object selection panel. LEM also comes with 700+ pre-built correlation rules that cover critical network infrastructure, change management and network security functions. CISCO MARS REPLACEMENT- SOLARWINDS LEM 7
- 8. Event Correlation (Contd…) » SolarWinds LEM can: Correlate time-based and transaction- based events Send notifications and trigger actions based on event correlation that happens in-memory Perform multiple event correlation Ability to set independent thresholds for activity per event, or group of events Leverage non-linear event correlation Access to field-level data for event LEM’s Correlation Rule Builder Interface with Simple Drag & Drop Options correlation rules Create user-defined groups and variables for event correlation rules CISCO MARS REPLACEMENT- SOLARWINDS LEM 8
- 9. Power of Search » Cisco MARS » SolarWinds LEM The scope of search in MARS is LEM is equipped with a powerful basic and limited and intuitive search option with which you can explore search log The method of search is not data visually. very simple It also allows you to use search tools like Word Clouds, Tree- maps, Bubble Charts and Histograms. Notable here is the Word Clouds - the first implementation ever in a log monitoring system. CISCO MARS REPLACEMENT- SOLARWINDS LEM 9
- 10. Power of Search (Contd…) » Not just search, LEM allows you to store log data in a centralized repository. » Compares original log data and normalized event data side-by-side and easily found with LEM’s various search options. » Eliminates the need for additional hardware with a high compression data model that stores data at up to a 60:1 compression ratio. LEM’s Advanced & Intuitive IT Search Options CISCO MARS REPLACEMENT- SOLARWINDS LEM 10
- 11. Compliance Reporting » LEM comes with 300+ "audit- proven" compliance reports to comply with so many federal policies like PCI DSS, GLBA, SOX, NERC CIP, HIPAA and even more. » You can run these policies through LEM to get graphical report summaries from the extensive resource of log data that were captured in real-time. » Cisco MARS is not equipped with Select Your Choice of Regulatory Compliance Policies and Run Reports Using LEM such a store of compliance reports CISCO MARS REPLACEMENT- SOLARWINDS LEM 11
- 12. Incident Response » With a library of built-in Active Responses LEM executes the automated responses needed to mitigate threats and respond to operational issues, security breaches, malware and policy violations immediately. » LEM doesn’t need any integration with any Incident Response system. » Whereas Cisco MARS which requires integration with Cisco Intrusion Prevention System (IPS) to respond and take action on LEM’s Active Response Technology in Action real-time security threats. Some of LEM’s Active Responses include quarantining infected machines, blocking IP addresses, disabling user accounts, killing unauthorized processes and restarting services. CISCO MARS REPLACEMENT- SOLARWINDS LEM 12
- 13. Device Support » MARS is focused on Cisco networking devices » SolarWinds LEM extends support to network devices from dozens of manufacturers, hundreds of products, and thousands of models and various operating systems and applications. Supports Multiple Devices CISCO MARS REPLACEMENT- SOLARWINDS LEM 13
- 14. Test Drive an Alternative for MARS » SolarWinds’ best-in-class SIEM technology provides all-in-one affordable log and event analysis and management software that also performs active responses to react to real-time threats while complying with regulatory policies. Try out the fully-functional 30-day free trial to see LEM in action. CISCO MARS REPLACEMENT- SOLARWINDS LEM 14
- 15. Additional Security Recommendations » Some other key areas that you may need to equip yourself are: Firewall Security Management Network Change & Configuration Management Endpoint Vulnerability Management Endpoint Data Loss Preventions » You can read more from this whitepaper The Case for Security Information and Event Management (SIEM) in Proactive Network Defense CISCO MARS REPLACEMENT- SOLARWINDS LEM 15
- 16. Thank You! CISCO MARS REPLACEMENT- SOLARWINDS LEM 16