The first point of having a MARS is to be able to store logs. Without MARS or another syslog server, you cannot go back in time to see what happened in your network.
Next point is that the MARS is very good at correlating syslog events from Cisco devices. Since you have IPS modules, you will get a lot of information.
Without a MARS or another SIEM system it is very difficult to get alerted when something goes wrong. But you still need to find the time to actually look at it once in a while and take action on the events you find. Otherwise you might as well send everything to something like syslog-ng.
So what I will do is point all my Cisco devices to it to record events and then the MARS software will look at those logs to see if there is any security issue on my network. I would then still have to take action on the problem.
It will correlate all my logs. It will be installed at a customer site to which I will have remote access.
I am guessing with the IPS that this would be the thing to get to correlate those events.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...