So here at the city, we've a CS-MARS 100. If you don't know what CS-MARS is, it's a little box made by Cisco Systems (<3) that does various things relating to security monitoring, mitigation, and response.
Basically, you have a topology that includes network devices and netflow enabled intermediaries, and you ether point them at CS-MARS or you point CS-MARS at them. Since it can operate ether in passive or active modes, they both work. You just lose a bit of the features with passive mode. Active mode isn't right for every topology, so there's no worrying. CS-MARS then monitors the traffic flowing through your network and picks out things that firewalls may have missed.
It can then take steps to mitigate it by asking for rate limits or instructing the devices to drop packets, etc... It is a really powerful part of the Cisco Self Defending Network, and crucial to the Defense In Depth design methodology. You can read more about it at Cisco.com/go/MARS
0 comments:
Post a Comment