Cisco Security Monitoring Analysis and Response System (CS-MARS) 6.1 is an enterprise security management system that enables threat mitigation, monitoring of host applications and network security devices, and regulatory compliance.
Number of Days: 4
This course is offered as:
Security challenges and regulatory compliance are top concerns for enterprises. Implementing CS-MARS gives the information systems professional the knowledge needed to protect a networked environment and comply with privacy regulations using CS-MARS 6.0. Learn to employ the network intelligence capabilities of CS-MARS with its traditional security event monitoring to respond to immediate security threats such as cyber attacks and suspicious activities.
This course provides explanations of CS-MARS system architecture and event processing. Attendees will use CS-MARS to investigate security incidents and mitigate threats, monitor host applications and security devices, define custom devices and log parsers, create reports, and create rules for detecting dark internet space. Specific details are in the course content outlined below.
Cisco Security MARS System Overview
CS-MARS is an advanced information security threat mitigation system that is powered to work in enterprise network environments. This introduction to the course discusses security threat mitigation practices and network security concerns. Discussion includes the benefits of MARS processing and distribution of incoming data and the resulting increase in productivity. Coverage includes deployment of single and multiple MARS appliances and gives examples of network security schema.
The distributed architecture has both local controllers and global controllers which permits data privacy for local sites and a global view of the entire network. Chart the types of devices connected to local controllers and the global hierarchy. Coverage includes the scalability of multiple layers and the ability to isolate functions performed by one or more local controllers. Details covered are raw data handling, aggregating events into sessions, rules and reporting tools
Plan the supporting devices for CS-MARS deployment. Follow the initial configuration steps to activate user interfaces, license, prepare for network monitoring and communication and enable system administration. Create network topology of local control zones and add local controllers.
Add Devices to Implement Monitoring and Mitigation Strategies
Determine monitoring, mitigation and regulatory compliance goals and associated devices, including routers, switches, firewalls, VPNs, network and host IDSes, anti-virus servers, host operating systems, web servers and databases.
Controller Summary Pages
View incidents and events on the dashboard, read network status charts, see hotspots and access reports.
Evaluate network assets and determine attributes of threatening events. Use existing rules, modify or create new rules to detect incidents of concern and implement drop rule conditions. Manage alerts and rule reporting. Use queries, reports or the Real-time Event viewer.
Incident Investigation and Mitigation
Discuss incident generation in CS-MARS. View incidents and incident details. Manage false positive incidents. View incident path diagrams and network topology to plan mitigation. Use CS-MARS to identify mitigation points and enforcement devices. Manage cases created from existing data.
Define Custom Parsers for Devices
Devices that are not supported by CS-MARS can be monitored by creating custom parsers using device types and event types.
CS-MARS Administration and Management
Explore Cisco Security Manager integration with CS-MARS for complex deployments. Manage the increasing volume of security information, trends of more sophisticated threats, rapid rates of incidents, and fiscal constraints affecting security information departments. Leverage the local and global controller layering to identify true threats and focus efforts on containing actual risks. Discover Cisco ContextCorrelation, SureVector analysis, AutoMitigate and NetFlow.
Discuss the Cisco Security MARS Implementation Service to assist with a deployment that gives real results.
Use the CS-MARS 6.1 appliance in a practical lab. Work on actual Cisco equipment and experience the power of MARS live.
Make use of the network intelligence provided by CS-MARS with minimal impact on network performance. Make use of the topology map and the discovery features in MARS. View logs of events gathered from network routers, switches, security devices, applications, hosts, servers and traffic. Understand the benefit of sessionization for real-time analysis of network security. Tune MARS to respond accurately to network activity and correctly identify threats and events of interest. Make use of the graphic interfaces and built-in reporting features that gives administrators a sophisticated network security bird's-eye-view of a distributed network. Explore the stability of the MARS logging platform for handling a high volume of events. Watch MARS identify lines of attack paths and generate mitigation strategies which saves valuable time in the analysis and remediation of threats. Customize MARS reporting features and notifications. Deploy rapidly and easily scale networks to existing infrastructure.
Click here to get more information about this class!
Live, Online, Self-Paced, Classroom - contact us for details on each.
Base Course. Best for refresher courses
Most popular self-pace option.
Our top rated trainign experience
As close to the classroom from home
The instructor was the best teacher I have ever had at any level. I learned more in the last 7 days than I did studying on my own for the past 6 months. The material was presented in a way that was easy for everyone to understand. He by far had the most knowledge of anyone I have ever met in the subject and I hope to learn more from him in the future.
- Stephen Muma
I was very pleased with the class and instruction. All material provided was revelant to the course and will provide a good source of review at work.
- Kenneth W. Jones
The instructor was very informative and held a good pace through the material. The hands-on material is great.
- Leo Lee
Booz Allen Hamilton
The course material is excellent. This bootcamp was the best bootcamp I ever attended. I improved my skills tenfold.
- Cesar Culot
The instructors real world experience lent insight towards the material and helped us to apply or study beyond the textbooks. The prestudy material will help guide me as a reference resource in the future. The lab books provided endless excersises to master the skills being taught in the classroom.
- James Tillman
The course materials gave insight to ccna, but more importantly the real world situations.
- Justin Hopper
Cisco Press and Cisco Networking Academy books were excellent. The instructor was very knowledgable, fun, helpful, covered all of the material, clearly presented information and shared great ideas on calculating network size, masks, and hosts.
- Jeffrey L. Paulson
USAF - Schriever AFB
The course materials were great to follow along with in class. The instructor was EXTREMELY knowledgeable and conducted the class in such a way that the material was easy to learn.
- Michael Onan
Very good teacher. Knowledgeable, easy to understand, took the time to help you. Course material was very thorough and it was easy to find the answer to something if i needed too.
- Ryan DiAndrea
General Dynamics CM
The cisco press books are very nice and I am pleased with the way the material was presented. The instructor was extremely knowledgeable in all aspects of networkinga I cannot speak more highly of him.
- Jason Herren
The course work was well written, easy to follow and the instructor was willing to stay as late as anyone needed him.
- Matt Waechter
The material was up par with the course. The instructor was to teach, keep the classes attention and make the entire training experience very enjoyable.
- David F. Kosek
The instructor had an excellent demeanor and candor, very knowledgable about IT industry in general and many different fields in specific.
- Jose Rengel
Excellent instructor. One of the best I have had in over 27 years in the IT business. Genuinely cared about the students understanding the subject material and their success in passing the exam. She taught how to think and reason to pass the test. That is something not found in any text book.
- Craig Calder
A great instructor, very intelligent and well spoken and excellent course materials.
- Jeff Clemmons
My instructor is an excellent instructor. knowledgeable and good in the Net+, generally in computer training and other related area. he is very good. The quality of the course materials are perfect.
- Lucy Fakeye - Net+
Instructor was very intelligent and had lots of experience to draw on, outside of the written paterial that made it more interesting. I was very pleased with him.
- Sandra L. Speck
Sandra Speck Company
Incredible instructor. The coursework covered 300 topics in 10 domains, and he was able to speak intelligently on all of them. Better, his teaching style was relaxed and informal, which lessened the feelings of impending doom about the exam we were about to undertake. He knew exactly which sections of the material to emphasize, when we needed a break, and in many cases was speaking ahead of the slides (he knew exactly what was coming up before turning the slides). Rare gem.
- Thomas Dunn
Georgia Tech Research Institute
One of the most intelligent and well-spoken instructors I have ever had the privilege to work with. His in depth knowledge of the 10 domains in CISSP surpassed my expectations as well as the expectations of my classmates. His teaching style kept the otherwise dry information very memorable and exciting. I would HIGHLY recommend this course to my peers.
National Institutes of Health
Instructor was to the point, and stayed on topic. Appreciated that he doesn't get led off tangents by students questions.
- Mark Yu
The instructor was very knowledgeable about the pen testing and ethical hacking. He was great in delivering the lectures, lab and was very helpful in having us complete the capture the flag exercises. In addition, he provided valuable insight about security in general and pen testing in particular.
- Tijan Drammeh
University of Maryland University College
Instructor did a fantastic job of delivering a large set of very dense course material cogently to the class. She obviously had the material down cold and could easily break down elements of the different knowledge domains in clear explanations.
- Byron Caswell
My instructor is a freaking genius, however he really enjoys bringing the info and material to life so in a way you do catch a bit of genius by the end of the course.
- Samuel Angura
Instructor demonstrated advanced knowledge of the subject matter as well as INFOSEC in general. He provided us with all of the tools and reference materials we needed to perform the DIACAP process. The course materials are great!
- TR Piller
Fantastic instructor! Really knew the material, and was adept at communicating in an understandable manner to those without an IT background. I couldn't ask for a more genuine, concerned instructor who had her students successful learning as the main motivator for everything she did. Simply superb!
- Timothy Dalhouse
My instructor is a genius. He has the perfect combination of knowledge and humor. I learned so much this week and enjoyed every minute of it!
- Matthew Miller
Cisco Certified Network Associate Security (CCNA Security) certification required.
Cisco Certified Security Professional (CCSP) certification or equivalent required.
Experience in security engineering in networking environments using routers, switches, networking devices, firewalls, virtual private networks (VPNs), and intrusion identification systems (IDSes) recommended.
Experience using the Intrusion Prevention System (IPS) recommended.
Experience using Cisco ASA Series 5500 Adaptive Security Appliances recommended.