I am going to do a small install (less than 300 users) with some very high end servers. All the traffic will be going through my redundant 6513s with Firewall and Intrusion Detection modules.
I will NOT be running CSA on the 200 workstations.
How beneficial will something like MARS be for me? What sort of things can I track that will help me mitigate/diagnose/and predict threats?
Thanks in advance. I haven't used MARS before and need as much info as possible- not from the sales staff.