cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
792
Views
15
Helpful
7
Replies

Security and vulnerability assessment

Hi,

Is Cisco MARS able to do vulnerability and security assessment of host (server) and network devices like, for example, Nessus?

Thank you.

Best regards.

Massimiliano.

1 Accepted Solution

Accepted Solutions

Farrukh Haroon
VIP Alumni
VIP Alumni

The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893

"Vulnerability Assessment

Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849

Regards

Farrukh

View solution in original post

7 Replies 7

Farrukh Haroon
VIP Alumni
VIP Alumni

The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893

"Vulnerability Assessment

Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849

Regards

Farrukh

I read the notes regarding the automated scan performed when IDS events are reported, but I'd like to know if the vulnerability scan can be manually triggered for the hosts/networks I'd like to check. There should be some method (at least from the command line)...

There seems to be no such command:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.3/installation/guide/apcliref.html#wp1281764

Why don't you want to use Nessus (which is free and open source itself) instead? Just wondering?

Regards

Farrukh

Hi,

Some customers (who tend to put security ahead of costs) are generally more happy to allow Cisco boxes onto their premises compared to untrusted open-source stuff.

Regards,

Joe

Well the trusted/untrusted debate is quite controversial and 'relative' from person to person, so I prefer not to delve into that :). Specially since Cisco is using the 'same' signatures in MARS.

Anyway thanks for the clarification.

Regards

Farrukh

Sorry, I forgot : cost is also a factor. I currently need more HW in order to run Nessus scans when I've already got it in the MARS appliance!

Regards, Joe

My understanding is that MARS does very limited checks, and it's almost guaranteed to be way out of date. You can't even get updates to Nessus for free anymore.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: