Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
15
Helpful
3
Replies

Difference between MARS LMS and IPS

Go to solution
ece344609_2
Level 1
Level 1

‎06-05-2008 07:23 AM

I am trying to understand the difference between MARS, LMS and IPS and why you would use one over the other.

Thank you all.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
clausonna
Level 3
Level 3

‎06-05-2008 09:29 AM

MARS is an appliance that aggregates/deduplicates syslog and netflow data from routers,switches,firewalls, and IPS sensors. In addition to Cisco devices it also supports things like Checkpoint Firewalls, Snort IPS, etc.

LMS (Ciscoworks LMS) is primarily a device configuration and IOS management platform that runs on your own Windows server (not sure if Unix is still supported.) We use it to maintain the configs of hundreds of Cisco routers and switches, easily push out config changes to said devices, and mass-deploy IOS upgrades.

IPS is sort of like anti-virus "on the wire" - it runs on dedicated IPS sensors, plug-in modules on firewalls or 6500's, and on routers via IOS IPS. Events can be forwarded to MARS for correlation, etc.

You didn't ask, but CSM (Cisco Security Manager) is the more appropriate tool for mass-configuration and 'group policy' for firewalls and IPS sensors.

Each product solves a particular problem; you wouldn't choose one over the other since they all work together to provide a cohesive solution. The specifics of your environment (particularly the number and type of devices) would dictate your choices here.

View solution in original post

3 Replies 3

Go to solution
clausonna
Level 3
Level 3

‎06-05-2008 09:29 AM

MARS is an appliance that aggregates/deduplicates syslog and netflow data from routers,switches,firewalls, and IPS sensors. In addition to Cisco devices it also supports things like Checkpoint Firewalls, Snort IPS, etc.

LMS (Ciscoworks LMS) is primarily a device configuration and IOS management platform that runs on your own Windows server (not sure if Unix is still supported.) We use it to maintain the configs of hundreds of Cisco routers and switches, easily push out config changes to said devices, and mass-deploy IOS upgrades.

IPS is sort of like anti-virus "on the wire" - it runs on dedicated IPS sensors, plug-in modules on firewalls or 6500's, and on routers via IOS IPS. Events can be forwarded to MARS for correlation, etc.

You didn't ask, but CSM (Cisco Security Manager) is the more appropriate tool for mass-configuration and 'group policy' for firewalls and IPS sensors.

Each product solves a particular problem; you wouldn't choose one over the other since they all work together to provide a cohesive solution. The specifics of your environment (particularly the number and type of devices) would dictate your choices here.

Go to solution
pmccubbin
Level 5
Level 5
In response to clausonna

‎06-05-2008 11:12 AM

Neil,

Very concise and accurate answer. You could have easily said go investigate on the Cisco web site but you didn't and I applaud you (I rate it a "5"). Thanks for taking the time to do things right.

Best,

Paul

0 Helpful

Go to solution
ece344609_2
Level 1
Level 1
In response to clausonna

‎06-06-2008 05:36 AM

Neil,

That was a great answer and excatly what I was looking for.

Thanks a bunch.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents