Summary
Cisco Security Monitoring Analysis and Response System (CS-MARS) 6.1 is an enterprise security management system that enables threat mitigation, monitoring of host applications and network security devices, and regulatory compliance.
Number of Days
Four
Required Prerequisites
Cisco Certified Network Associate Security (CCNA Security) certification required.
Cisco Certified Security Professional (CCSP) certification or equivalent required.
Experience in security engineering in networking environments using routers, switches, networking devices, firewalls, virtual private networks (VPNs), and intrusion identification systems (IDSes) recommended.
Experience using the Intrusion Prevention System (IPS) recommended.
Experience using Cisco ASA Series 5500 Adaptive Security Appliances recommended.
Who Should Attend
Information security architects, engineers and managers or professionals who use CS-MARS
Cisco Channel Partners and resellers
Detailed Course Description
Security challenges and regulatory compliance are top concerns for enterprises. Implementing CS-MARS gives the information systems professional the knowledge needed to protect a networked environment and comply with privacy regulations using CS-MARS 6.0. Learn to employ the network intelligence capabilities of CS-MARS with its traditional security event monitoring to respond to immediate security threats such as cyber attacks and suspicious activities.
This course provides explanations of CS-MARS system architecture and event processing. Attendees will use CS-MARS to investigate security incidents and mitigate threats, monitor host applications and security devices, define custom devices and log parsers, create reports, and create rules for detecting dark internet space. Specific details are in the course content outlined below.
Cisco Security MARS System Overview
CS-MARS is an advanced information security threat mitigation system that is powered to work in enterprise network environments. This introduction to the course discusses security threat mitigation practices and network security concerns. Discussion includes the benefits of MARS processing and distribution of incoming data and the resulting increase in productivity. Coverage includes deployment of single and multiple MARS appliances and gives examples of network security schema.
CS-MARS Architecture
The distributed architecture has both local controllers and global controllers which permits data privacy for local sites and a global view of the entire network. Chart the types of devices connected to local controllers and the global hierarchy. Coverage includes the scalability of multiple layers and the ability to isolate functions performed by one or more local controllers. Details covered are raw data handling, aggregating events into sessions, rules and reporting tools
Configure CS-MARS
Plan the supporting devices for CS-MARS deployment. Follow the initial configuration steps to activate user interfaces, license, prepare for network monitoring and communication and enable system administration. Create network topology of local control zones and add local controllers.
Add Devices to Implement Monitoring and Mitigation Strategies
Determine monitoring, mitigation and regulatory compliance goals and associated devices, including routers, switches, firewalls, VPNs, network and host IDSes, anti-virus servers, host operating systems, web servers and databases.
Controller Summary Pages
View incidents and events on the dashboard, read network status charts, see hotspots and access reports.
Detect Activity
Evaluate network assets and determine attributes of threatening events. Use existing rules, modify or create new rules to detect incidents of concern and implement drop rule conditions. Manage alerts and rule reporting. Use queries, reports or the Real-time Event viewer.
Incident Investigation and Mitigation
Discuss incident generation in CS-MARS. View incidents and incident details. Manage false positive incidents. View incident path diagrams and network topology to plan mitigation. Use CS-MARS to identify mitigation points and enforcement devices. Manage cases created from existing data.
Define Custom Parsers for Devices
Devices that are not supported by CS-MARS can be monitored by creating custom parsers using device types and event types.
CS-MARS Administration and Management
Explore Cisco Security Manager integration with CS-MARS for complex deployments. Manage the increasing volume of security information, trends of more sophisticated threats, rapid rates of incidents, and fiscal constraints affecting security information departments. Leverage the local and global controller layering to identify true threats and focus efforts on containing actual risks. Discover Cisco ContextCorrelation, SureVector analysis, AutoMitigate and NetFlow.
Troubleshooting
Discuss the Cisco Security MARS Implementation Service to assist with a deployment that gives real results.
Practice
Use the CS-MARS 6.1 appliance in a practical lab. Work on actual Cisco equipment and experience the power of MARS live.
Review
Make use of the network intelligence provided by CS-MARS with minimal impact on network performance. Make use of the topology map and the discovery features in MARS. View logs of events gathered from network routers, switches, security devices, applications, hosts, servers and traffic. Understand the benefit of sessionization for real-time analysis of network security. Tune MARS to respond accurately to network activity and correctly identify threats and events of interest. Make use of the graphic interfaces and built-in reporting features that gives administrators a sophisticated network security bird's-eye-view of a distributed network. Explore the stability of the MARS logging platform for handling a high volume of events. Watch MARS identify lines of attack paths and generate mitigation strategies which saves valuable time in the analysis and remediation of threats. Customize MARS reporting features and notifications. Deploy rapidly and easily scale networks to existing infrastructure.
Click here to get more information about this class!
Testimonials:
"The instructor was excellent, his teaching style and re-enforcing the topics with examples worked well . It has been the best training I have ever had including location of the hotel to the training room, the food service (very good too) that saved many hours a day and the equipment was perfect for the tasks required of it. Getting out of class at 10:30pm and being able to walk over to the room and starting the studying at 10:45pm was such a big help. Was it easy? Not at all, it took discipline before the class (on-line sessions) 45+ hours and during the class. I went to bed at 1am or later each night and was up a going by 5:30am every day. Was I tired each day? Yeah but I signed up for a Boot Camp not a Skillpath Happy Hour. I got to catch up on my sleep Saturday PM AFTER I had the two exams passed!! Also the staff were exceptional; responsive and handled everything right away."
Peter Bartley, CCNA, CCENT
Sr. Information Systems Team Leader
General Physics Corporation (GP)
"I was pretty worried about taking the CCNA Boot Camp but thanks to the instructor and course work provided by Intense I found it fun and easy to further my career. I would recommend Intense to anyone serious about getting a certification. You can save a lot of time and aggravation by using Intense plus the entire experience is enjoyable. I would highly recommend this course as I already have to 2 of my friends"
Robert Zoppelt
US Army
"Great experience taking this class. Never thought I would be able to learn all this material in one week."
Thomas Horvath
US Army
"Great instructor, great class, great subject. I look forward to more."
Brian McMasters
US Army
"I enjoyed the CCNA course and was surprised at how well I picked up such a large amount of material in just a week."
AJ McQuay
Interface
"Great course..I am a repeat customer..would not go any place else..:)"
"Both the instructor and site administrator worked very hard to make sure that we had everything that we needed, both from a personal level as well as a professional level. If for some reason we did not have what we needed, they got it. Hats off to them for making my Cisco training a success!"
Jim
Martco
"Outstanding course that was relevent, to the point, and extremely useful."
"The instructor was very good in his presentations, and examples. He really knew the material!"
R. French
Huttig
“Intense School's Training went great and I just passed my CCENT/CCNA! I took the test for the first time this afternoon and passed with a score of 931. Thank you for all of your help!”
Micah Gaylor
CCNA Certified
"The class was great!"
Mike Reifsnyder
Abraxas Corporation
"The course provide a wealth of learning information and exposure. I was impressed with the instructors level of delivery as his experience in the field was made evident."
Robert Reid
Alcoa
"The course handouts, professionalism, expertise, and teaching methods of the instructor, The instructors were superb. One of the best courses I have ever had in my life."
Jim Bass
AOL
"Instructor was great. Site admin, Ernest, was SUPER."
Anthony Delanko
Booz Allen Hamilton
"All in all this class was a wonderful experience and I am very happy with Wes as our instructor. I would recommend this to anyone."
Kyle Belitz
Booz Allen Hamilton
" Great Course! Kept me going and really help to prepare me for the CCNA exam"
Stephen Martin
Booz Allen Hamilton
"I enjoyed the course and thought it was very informative. The instructor was very knowledgeable."
Timothy Muniz
Booz Allen Hamilton
"Great course..I am a repeat customer..would not go any place else..:)"
Bill Mixon
"The instructor was very good in his presentations, and examples. He really knew the material!"
"The class was great. Wes is extremely knowledgeable and was able to convey the materials effectively while keeping the class attention."
"This is a great class. this is a very effective method to learn the topic."
"Intense School becomes highly recommended to those seeking professional certification. Ive gained a lot more knowledge from participating in the CCNA Boot Camp which will improve my job performance/troubleshooting skills a great deal. The instrutor did an excellent job in conveying the course material during class"
"This is a great class. this is a very effective method to learn the topic."
“The course provided a wealth of learning information and exposure. I was impressed with the instructors level of delivery as his experience in the field was made evident.”
Click here to get more information about this class!
