Cisco Security Monitoring Analysis and Response System (CS-MARS) 6.1 is an enterprise security management system that enables threat mitigation, monitoring of host applications and network security devices, and regulatory compliance.
Number of Days: 4
This course is offered as:
Security challenges and regulatory compliance are top concerns for enterprises. Implementing CS-MARS gives the information systems professional the knowledge needed to protect a networked environment and comply with privacy regulations using CS-MARS 6.0. Learn to employ the network intelligence capabilities of CS-MARS with its traditional security event monitoring to respond to immediate security threats such as cyber attacks and suspicious activities.
This course provides explanations of CS-MARS system architecture and event processing. Attendees will use CS-MARS to investigate security incidents and mitigate threats, monitor host applications and security devices, define custom devices and log parsers, create reports, and create rules for detecting dark internet space. Specific details are in the course content outlined below.
Cisco Security MARS System Overview
CS-MARS is an advanced information security threat mitigation system that is powered to work in enterprise network environments. This introduction to the course discusses security threat mitigation practices and network security concerns. Discussion includes the benefits of MARS processing and distribution of incoming data and the resulting increase in productivity. Coverage includes deployment of single and multiple MARS appliances and gives examples of network security schema.
The distributed architecture has both local controllers and global controllers which permits data privacy for local sites and a global view of the entire network. Chart the types of devices connected to local controllers and the global hierarchy. Coverage includes the scalability of multiple layers and the ability to isolate functions performed by one or more local controllers. Details covered are raw data handling, aggregating events into sessions, rules and reporting tools
Plan the supporting devices for CS-MARS deployment. Follow the initial configuration steps to activate user interfaces, license, prepare for network monitoring and communication and enable system administration. Create network topology of local control zones and add local controllers.
Add Devices to Implement Monitoring and Mitigation Strategies
Determine monitoring, mitigation and regulatory compliance goals and associated devices, including routers, switches, firewalls, VPNs, network and host IDSes, anti-virus servers, host operating systems, web servers and databases.
Controller Summary Pages
View incidents and events on the dashboard, read network status charts, see hotspots and access reports.
Evaluate network assets and determine attributes of threatening events. Use existing rules, modify or create new rules to detect incidents of concern and implement drop rule conditions. Manage alerts and rule reporting. Use queries, reports or the Real-time Event viewer.
Incident Investigation and Mitigation
Discuss incident generation in CS-MARS. View incidents and incident details. Manage false positive incidents. View incident path diagrams and network topology to plan mitigation. Use CS-MARS to identify mitigation points and enforcement devices. Manage cases created from existing data.
Define Custom Parsers for Devices
Devices that are not supported by CS-MARS can be monitored by creating custom parsers using device types and event types.
CS-MARS Administration and Management
Explore Cisco Security Manager integration with CS-MARS for complex deployments. Manage the increasing volume of security information, trends of more sophisticated threats, rapid rates of incidents, and fiscal constraints affecting security information departments. Leverage the local and global controller layering to identify true threats and focus efforts on containing actual risks. Discover Cisco ContextCorrelation, SureVector analysis, AutoMitigate and NetFlow.
Discuss the Cisco Security MARS Implementation Service to assist with a deployment that gives real results.
Use the CS-MARS 6.1 appliance in a practical lab. Work on actual Cisco equipment and experience the power of MARS live.
Make use of the network intelligence provided by CS-MARS with minimal impact on network performance. Make use of the topology map and the discovery features in MARS. View logs of events gathered from network routers, switches, security devices, applications, hosts, servers and traffic. Understand the benefit of sessionization for real-time analysis of network security. Tune MARS to respond accurately to network activity and correctly identify threats and events of interest. Make use of the graphic interfaces and built-in reporting features that gives administrators a sophisticated network security bird's-eye-view of a distributed network. Explore the stability of the MARS logging platform for handling a high volume of events. Watch MARS identify lines of attack paths and generate mitigation strategies which saves valuable time in the analysis and remediation of threats. Customize MARS reporting features and notifications. Deploy rapidly and easily scale networks to existing infrastructure.
Click here to get more information about this class!
Live, Online, Self-Paced, Classroom - contact us for details on each.
Base Course. Best for refresher courses
Most popular self-pace option.
Our top rated trainign experience
As close to the classroom from home
The instructor was the best teacher I have ever had at any level. I learned more in the last 7 days than I did studying on my own for the past 6 months. The material was presented in a way that was easy for everyone to understand. He by far had the most knowledge of anyone I have ever met in the subject and I hope to learn more from him in the future.
- Stephen Muma
I was very pleased with the class and instruction. All material provided was revelant to the course and will provide a good source of review at work.
- Kenneth W. Jones
The instructor was very informative and held a good pace through the material. The hands-on material is great.
- Leo Lee
Booz Allen Hamilton
The course material is excellent. This bootcamp was the best bootcamp I ever attended. I improved my skills tenfold.
- Cesar Culot
The instructors real world experience lent insight towards the material and helped us to apply or study beyond the textbooks. The prestudy material will help guide me as a reference resource in the future. The lab books provided endless excersises to master the skills being taught in the classroom.
- James Tillman
The course materials gave insight to ccna, but more importantly the real world situations.
- Justin Hopper
Cisco Press and Cisco Networking Academy books were excellent. The instructor was very knowledgable, fun, helpful, covered all of the material, clearly presented information and shared great ideas on calculating network size, masks, and hosts.
- Jeffrey L. Paulson
USAF - Schriever AFB
The course work was well written, easy to follow and the instructor was willing to stay as late as anyone needed him.
- Matt Waechter
This was the best professor I have had. He is extremely knowledgeable of the material and concepts of the material and of more advances topics.
- Charles Mulcahy
Excellent course!!! Far exceeded my expectations.
- James Key
The class experience was amazing. This is definitely the best instructor I have ever had!!!!
- Brent Cauthen
The instructor for this course was very knowledgeable of the material and real world experiences to draw from. Couldn't have asked for any more material. The lab simulator (Cisco's packet tracer) was quick and easy to obtain.
- Jeffrey Mattson
My instructor is a freaking genius, however he really enjoys bringing the info and material to life so in a way you do catch a bit of genius by the end of the course.
- Samuel Angura
Instructor was to the point, and stayed on topic. Appreciated that he doesn't get led off tangents by students questions.
- Mark Yu
Fantastic instructor! Really knew the material, and was adept at communicating in an understandable manner to those without an IT background. I couldn't ask for a more genuine, concerned instructor who had her students successful learning as the main motivator for everything she did. Simply superb!
- Timothy Dalhouse
One of the most intelligent and well-spoken instructors I have ever had the privilege to work with. His in depth knowledge of the 10 domains in CISSP surpassed my expectations as well as the expectations of my classmates. His teaching style kept the otherwise dry information very memorable and exciting. I would HIGHLY recommend this course to my peers.
National Institutes of Health
My instructor is a genius. He has the perfect combination of knowledge and humor. I learned so much this week and enjoyed every minute of it!
- Matthew Miller
Instructor did a fantastic job of delivering a large set of very dense course material cogently to the class. She obviously had the material down cold and could easily break down elements of the different knowledge domains in clear explanations.
- Byron Caswell
Incredible instructor. The coursework covered 300 topics in 10 domains, and he was able to speak intelligently on all of them. Better, his teaching style was relaxed and informal, which lessened the feelings of impending doom about the exam we were about to undertake. He knew exactly which sections of the material to emphasize, when we needed a break, and in many cases was speaking ahead of the slides (he knew exactly what was coming up before turning the slides). Rare gem.
- Thomas Dunn
Georgia Tech Research Institute
Instructor was very intelligent and had lots of experience to draw on, outside of the written paterial that made it more interesting. I was very pleased with him.
- Sandra L. Speck
Sandra Speck Company
The instructor was very knowledgeable about the pen testing and ethical hacking. He was great in delivering the lectures, lab and was very helpful in having us complete the capture the flag exercises. In addition, he provided valuable insight about security in general and pen testing in particular.
- Tijan Drammeh
University of Maryland University College
A great instructor, very intelligent and well spoken and excellent course materials.
- Jeff Clemmons
The instructor had an excellent demeanor and candor, very knowledgable about IT industry in general and many different fields in specific.
- Jose Rengel
Excellent instructor. One of the best I have had in over 27 years in the IT business. Genuinely cared about the students understanding the subject material and their success in passing the exam. She taught how to think and reason to pass the test. That is something not found in any text book.
- Craig Calder
Instructor demonstrated advanced knowledge of the subject matter as well as INFOSEC in general. He provided us with all of the tools and reference materials we needed to perform the DIACAP process. The course materials are great!
- TR Piller
My instructor is an excellent instructor. knowledgeable and good in the Net+, generally in computer training and other related area. he is very good. The quality of the course materials are perfect.
- Lucy Fakeye - Net+
Cisco Certified Network Associate Security (CCNA Security) certification required.
Cisco Certified Security Professional (CCSP) certification or equivalent required.
Experience in security engineering in networking environments using routers, switches, networking devices, firewalls, virtual private networks (VPNs), and intrusion identification systems (IDSes) recommended.
Experience using the Intrusion Prevention System (IPS) recommended.
Experience using Cisco ASA Series 5500 Adaptive Security Appliances recommended.