MARS

Implementing Cisco Security Monitoring, Analysis, and Response System v3.0

The Implementing Monitoring, Analysis, and Response System (MARS) course extends the portfolio of learning solutions addressing security management products for the Cisco Self-Defending Network initiative. The Cisco Security MARS product offers a family of high-performance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices. The students will learn the components of the MARS system, identify the processes of security management and configure various features of the product - including reporting, rules and templates. The activities in the course enable the learners to use, monitor, troubleshoot and optimize the MARS product.

Objectives

Upon finishing this course, you will be able to:
Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management

  • Describe the software components of Cisco Security MARS architectural design
  • Configure the network reporting devices to work with the Cisco Security MARS appliance
  • Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance
  • Use the Summary page to view the security status of your network
  • Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior
  • Describe the process of generating queries and reports in a Cisco Security MARS appliance
  • Describe the process of incident investigation on a Cisco Security MARS appliance
  • Configure user-defined log parser templates on the Cisco Security MARS appliance
  • Integrate Cisco Security Manager and Cisco Security MARS
  • Perform system maintenance tasks on the Cisco Security MARS appliance
  • Identify common issues about Cisco Security MARS
  • Describe the features and functions of the Cisco Security MARS Global Controller
  • Summarize the key functionalities of Cisco Security MARS technologies at work

Importance

The course is highly recommended to network security engineers and network managers responsible to manage the security of the network using the MARS solution.

Audience

Engineers who support sales of Cisco security product solutions

 
  • Cisco channel partners who sell, implement, and maintain secure networks
  • Cisco customers who implement and maintain secure networks

Prerequisite Knowledge

Certified as a Cisco CCSP or the equivalent knowledge - at least passage of the Securing Cisco IOS Networks (SECUR) exam (642-501) or the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502) or both

  • At least six months of practical experience configuring Cisco routers and security products
  • Familiarity with implementing network security policies and these networking components and concepts:
    • Perimeter security system components: Perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
    • Servers: Syslog servers, web servers, and FTP servers
    • Protocols: Syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet

    Course Outline

    • Introducing Cisco Security Monitoring, Analysis, and Response System
    • Understanding the System Architecture
    • Configuring a Cisco Security MARS Appliance
    • Adding Reporting and Mitigation Devices
    • Viewing the Summary Page
    • Managing Rules
    • Understanding Queries and Reports
    • Investigating and Mitigating Incidents
    • Working with User-Defined Log Parser Templates
    • Integrating with Cisco Security Manager
    • Managing and Administering the System
    • Troubleshooting and Optimizing Cisco Security MARS
    • Using the Cisco Security MARS Global Controller
  • Course Review The Implementing Cisco Security Monitoring, Analysis, and Response System course is offered as 4-day course with hands-on exercises.