Toll Free: 1.877.290.9507 | Direct:708.689.0131

Implementing Cisco Security Monitoring, Analysis and Response System

Implementing Cisco Security Monitoring,
Analysis and Response System

Cisco Security Monitoring Analysis and Response System (CS-MARS) 6.1 is an enterprise security management system that enables threat mitigation, monitoring of host applications and network security devices, and regulatory compliance.

Number of Days: 4

Total Price: $-,---

Click to Show Course Pricing

Information about this course:

This course is offered as:

  • Classroom Instructor-led Boot Camp
  • Live Online Instructor-led Boot Camp
  • Mentored Self-Paced Online
  • Streaming-Only Self-Paced Online

Course Highlights
  • Expert Instructor - Extended availability
  • Highest Certification Pass Rates
  • Complex sims & exercises, gives you practical hands-on experience
Who should attend:
  • Information security architects
  • engineers and managers or professionals who use CS-MARS
  • Cisco Channel Partners
  • resellers

Detailed Course Description:

Security challenges and regulatory compliance are top concerns for enterprises. Implementing CS-MARS gives the information systems professional the knowledge needed to protect a networked environment and comply with privacy regulations using CS-MARS 6.0. Learn to employ the network intelligence capabilities of CS-MARS with its traditional security event monitoring to respond to immediate security threats such as cyber attacks and suspicious activities.

This course provides explanations of CS-MARS system architecture and event processing. Attendees will use CS-MARS to investigate security incidents and mitigate threats, monitor host applications and security devices, define custom devices and log parsers, create reports, and create rules for detecting dark internet space. Specific details are in the course content outlined below.

Course Outline:

Cisco Security MARS System Overview
CS-MARS is an advanced information security threat mitigation system that is powered to work in enterprise network environments. This introduction to the course discusses security threat mitigation practices and network security concerns. Discussion includes the benefits of MARS processing and distribution of incoming data and the resulting increase in productivity. Coverage includes deployment of single and multiple MARS appliances and gives examples of network security schema.

CS-MARS Architecture
The distributed architecture has both local controllers and global controllers which permits data privacy for local sites and a global view of the entire network. Chart the types of devices connected to local controllers and the global hierarchy. Coverage includes the scalability of multiple layers and the ability to isolate functions performed by one or more local controllers. Details covered are raw data handling, aggregating events into sessions, rules and reporting tools

Configure CS-MARS
Plan the supporting devices for CS-MARS deployment. Follow the initial configuration steps to activate user interfaces, license, prepare for network monitoring and communication and enable system administration. Create network topology of local control zones and add local controllers.

Add Devices to Implement Monitoring and Mitigation Strategies
Determine monitoring, mitigation and regulatory compliance goals and associated devices, including routers, switches, firewalls, VPNs, network and host IDSes, anti-virus servers, host operating systems, web servers and databases.

Controller Summary Pages
View incidents and events on the dashboard, read network status charts, see hotspots and access reports.

Detect Activity
Evaluate network assets and determine attributes of threatening events. Use existing rules, modify or create new rules to detect incidents of concern and implement drop rule conditions. Manage alerts and rule reporting. Use queries, reports or the Real-time Event viewer.

Incident Investigation and Mitigation
Discuss incident generation in CS-MARS. View incidents and incident details. Manage false positive incidents. View incident path diagrams and network topology to plan mitigation. Use CS-MARS to identify mitigation points and enforcement devices. Manage cases created from existing data.

Define Custom Parsers for Devices
Devices that are not supported by CS-MARS can be monitored by creating custom parsers using device types and event types.

CS-MARS Administration and Management
Explore Cisco Security Manager integration with CS-MARS for complex deployments. Manage the increasing volume of security information, trends of more sophisticated threats, rapid rates of incidents, and fiscal constraints affecting security information departments. Leverage the local and global controller layering to identify true threats and focus efforts on containing actual risks. Discover Cisco ContextCorrelation, SureVector analysis, AutoMitigate and NetFlow.

Discuss the Cisco Security MARS Implementation Service to assist with a deployment that gives real results.

Use the CS-MARS 6.1 appliance in a practical lab. Work on actual Cisco equipment and experience the power of MARS live.

Make use of the network intelligence provided by CS-MARS with minimal impact on network performance. Make use of the topology map and the discovery features in MARS. View logs of events gathered from network routers, switches, security devices, applications, hosts, servers and traffic. Understand the benefit of sessionization for real-time analysis of network security. Tune MARS to respond accurately to network activity and correctly identify threats and events of interest. Make use of the graphic interfaces and built-in reporting features that gives administrators a sophisticated network security bird's-eye-view of a distributed network. Explore the stability of the MARS logging platform for handling a high volume of events. Watch MARS identify lines of attack paths and generate mitigation strategies which saves valuable time in the analysis and remediation of threats. Customize MARS reporting features and notifications. Deploy rapidly and easily scale networks to existing infrastructure.

Click here to get more information about this class!

Instantly View Course Syllabus and price

Select the type of training that best fits your schedule and learning style!

Live, Online, Self-Paced, Classroom - contact us for details on each.


Streaming Only

Base Course. Best for refresher courses

  • Easy Online Access
  • Expert Cisco Instructor
  • Exam Review
  • Highest Quality Content - 90% Pass
  • Self-Paced Training

Mentored Online

Most popular self-pace option.

  • Online & Offline Playback (DVD,mobile)
  • Expert Cisco Instructor
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Mentored Training
  • Mentor & Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files


Our top rated trainign experience

  • Live Classroom
  • Expert Instructor constantly available
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Our highest pass rate course version
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files

Live Online

As close to the classroom from home

  • Live Classroom
  • Expert Instructor constantly available
  • Intense Proprietary Exam Prep
  • Highest Quality Content - 90% Pass
  • Self-Paced Training (optional add-on)
  • Extensive Live Instructor Support
  • Text books, Pre-Study, and Lab books
  • Complex Sims and Exercise Files

See what our students are saying about our training:

The instructor was the best teacher I have ever had at any level. I learned more in the last 7 days than I did studying on my own for the past 6 months. The material was presented in a way that was easy for everyone to understand. He by far had the most knowledge of anyone I have ever met in the subject and I hope to learn more from him in the future.

- Stephen Muma
Not Provided

I was very pleased with the class and instruction. All material provided was revelant to the course and will provide a good source of review at work.

- Kenneth W. Jones
US Army

The instructor was very informative and held a good pace through the material. The hands-on material is great.

- Leo Lee
Booz Allen Hamilton

The course material is excellent. This bootcamp was the best bootcamp I ever attended. I improved my skills tenfold.

- Cesar Culot
Hewlett Packard

The instructors real world experience lent insight towards the material and helped us to apply or study beyond the textbooks. The prestudy material will help guide me as a reference resource in the future. The lab books provided endless excersises to master the skills being taught in the classroom.

- James Tillman
[not provided]

The course materials gave insight to ccna, but more importantly the real world situations.

- Justin Hopper
Justin Hopper

Cisco Press and Cisco Networking Academy books were excellent. The instructor was very knowledgable, fun, helpful, covered all of the material, clearly presented information and shared great ideas on calculating network size, masks, and hosts.

- Jeffrey L. Paulson
USAF - Schriever AFB

The course materials were great to follow along with in class. The instructor was EXTREMELY knowledgeable and conducted the class in such a way that the material was easy to learn.

- Michael Onan
Not Provided

Very good teacher. Knowledgeable, easy to understand, took the time to help you. Course material was very thorough and it was easy to find the answer to something if i needed too.

- Ryan DiAndrea
General Dynamics CM

The cisco press books are very nice and I am pleased with the way the material was presented. The instructor was extremely knowledgeable in all aspects of networkinga I cannot speak more highly of him.

- Jason Herren
[not provided]

The course work was well written, easy to follow and the instructor was willing to stay as late as anyone needed him.

- Matt Waechter

The material was up par with the course. The instructor was to teach, keep the classes attention and make the entire training experience very enjoyable.

- David F. Kosek
[not provided]

The instructor had an excellent demeanor and candor, very knowledgable about IT industry in general and many different fields in specific.

- Jose Rengel

Excellent instructor. One of the best I have had in over 27 years in the IT business. Genuinely cared about the students understanding the subject material and their success in passing the exam. She taught how to think and reason to pass the test. That is something not found in any text book.

- Craig Calder

A great instructor, very intelligent and well spoken and excellent course materials.

- Jeff Clemmons
Blood Systems

My instructor is an excellent instructor. knowledgeable and good in the Net+, generally in computer training and other related area. he is very good. The quality of the course materials are perfect.

- Lucy Fakeye - Net+
[not provided]

Instructor was very intelligent and had lots of experience to draw on, outside of the written paterial that made it more interesting. I was very pleased with him.

- Sandra L. Speck
Sandra Speck Company

Incredible instructor. The coursework covered 300 topics in 10 domains, and he was able to speak intelligently on all of them. Better, his teaching style was relaxed and informal, which lessened the feelings of impending doom about the exam we were about to undertake. He knew exactly which sections of the material to emphasize, when we needed a break, and in many cases was speaking ahead of the slides (he knew exactly what was coming up before turning the slides). Rare gem.

- Thomas Dunn
Georgia Tech Research Institute

One of the most intelligent and well-spoken instructors I have ever had the privilege to work with. His in depth knowledge of the 10 domains in CISSP surpassed my expectations as well as the expectations of my classmates. His teaching style kept the otherwise dry information very memorable and exciting. I would HIGHLY recommend this course to my peers.

- Student
National Institutes of Health

Instructor was to the point, and stayed on topic. Appreciated that he doesn't get led off tangents by students questions.

- Mark Yu
MBL Technologies

The instructor was very knowledgeable about the pen testing and ethical hacking. He was great in delivering the lectures, lab and was very helpful in having us complete the capture the flag exercises. In addition, he provided valuable insight about security in general and pen testing in particular.

- Tijan Drammeh
University of Maryland University College

Instructor did a fantastic job of delivering a large set of very dense course material cogently to the class. She obviously had the material down cold and could easily break down elements of the different knowledge domains in clear explanations.

- Byron Caswell

My instructor is a freaking genius, however he really enjoys bringing the info and material to life so in a way you do catch a bit of genius by the end of the course.

- Samuel Angura
World Bank

Instructor demonstrated advanced knowledge of the subject matter as well as INFOSEC in general. He provided us with all of the tools and reference materials we needed to perform the DIACAP process. The course materials are great!

- TR Piller

Fantastic instructor! Really knew the material, and was adept at communicating in an understandable manner to those without an IT background. I couldn't ask for a more genuine, concerned instructor who had her students successful learning as the main motivator for everything she did. Simply superb!

- Timothy Dalhouse
Spectrum Training

My instructor is a genius. He has the perfect combination of knowledge and humor. I learned so much this week and enjoyed every minute of it!

- Matthew Miller
Waste Connections


Cisco Certified Network Associate Security (CCNA Security) certification required.

Cisco Certified Security Professional (CCSP) certification or equivalent required.

Experience in security engineering in networking environments using routers, switches, networking devices, firewalls, virtual private networks (VPNs), and intrusion identification systems (IDSes) recommended.

Experience using the Intrusion Prevention System (IPS) recommended.

Experience using Cisco ASA Series 5500 Adaptive Security Appliances recommended.


Security Monitoring