Layer 7 attacks Vs CS-MARS

Unanswered Question
Sep 18th, 2009

Does CS-MARS support mitigating layer 7 attacks ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Farrukh Haroon Sat, 09/26/2009 - 02:54

There are two pieces of the puzzle here. First 'detecting' L7 attacks and the second is 'mitigating' them.

MARS is not a device meant to 'detect' attacks, this is done by the reporting device (IPS, Firewall with Deep Packet Inspection etc). Once these devices report data (events) into MARS, MARS will parse/process these events into meaningful 'incidents'.

These 'incidents' are generated based on MARS rules. You can configure 'mitigation' (Layer 2) for these incidents/attacks using MARS.

HTH, Please rate if helpful.




This Discussion