MARS Replacement

Unanswered Question
May 18th, 2012

HI all

what would be the MARS replacement solution?

what Cisco tool, I need to correlate the different security alarms?

regards.                  

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
wallacem Sat, 05/19/2012 - 00:41

There are a number of third party products out there. Juniper strm, rsa envision and splunk to name a few.

Sent from Cisco Technical Support iPad App

mikecrowe4ICS_2 Sun, 05/20/2012 - 21:16

A couple of notes:

  • the Juniper STRM is an OEM version of QRadar, a SIEM product made by Q1 Labs
  • the same product (QRadar) is also OEM'd by Enterasys as their "Dragon Security Command Console"
mikecrowe4ICS_2 Sun, 05/20/2012 - 20:56

There is no CS-MARS replacement product offered by Cisco directly. They left that market segment when they killed MARS off. What they do instead is publish a list of "Technology Partners" that offer SIEM solutions recommended for use in Cisco environments.

The design guides for the partner products are posted in Cisco's "Design Zone" portion of their site, found here:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/ns1090/landing_siem.html

One of the linked documents linked, the "Lippis Report", explains the philosophy they've adopted now.

The program's "Cisco Developer Network" section also includes additional information on each of the partner products. 

Cisco Developer Network: Security Management Partners

For reference, these are the 6 recommended partners/products:

  • ArcSight
  • LogLogic
  • netForensics
  • RSA
  • SenSage
  • Splunk

There are other options that aren't mentioned here, but this would be a decent place to start.

Message was edited by: Michael Crowe (better CDN link)

DavidZC12 Thu, 06/21/2012 - 17:13

Anyone have any opinions on the various third party SIEMs? I still have MARS and haven't cared for the few I've looked at, so I'm clinging to MARS for now.

Sent from Cisco Technical Support iPad App

stojanr Sat, 03/09/2013 - 14:23

IBM's QRadar solution has a very similar user interface layout and user experience to what MARS used to have, while providing a modern, up-to-date SIEM solution.

wwvan Thu, 10/03/2013 - 07:37

Are there any experiences available with this Solarwinds Product...

Wehad a deep look for example at Arcsight, very good but this it's price (sure twice the MARS Costs)..

Actions

Login or Register to take actions

This Discussion

Posted May 18, 2012 at 12:07 PM
Stats:
Replies:8 Avg. Rating:
Views:12812 Votes:0
Shares:0
Tags: mars, replacement
+

Related Content

Discussions Leaderboard