Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Security and vulnerability assessment

Hi,

Is Cisco MARS able to do vulnerability and security assessment of host (server) and network devices like, for example, Nessus?

Thank you.

Best regards.

Massimiliano.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Security and vulnerability assessment

The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893

"Vulnerability Assessment

Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849

Regards

Farrukh

7 REPLIES

Re: Security and vulnerability assessment

The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893

"Vulnerability Assessment

Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "

http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849

Regards

Farrukh

Community Member

Re: Security and vulnerability assessment

I read the notes regarding the automated scan performed when IDS events are reported, but I'd like to know if the vulnerability scan can be manually triggered for the hosts/networks I'd like to check. There should be some method (at least from the command line)...

Re: Security and vulnerability assessment

There seems to be no such command:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/5.3/installation/guide/apcliref.html#wp1281764

Why don't you want to use Nessus (which is free and open source itself) instead? Just wondering?

Regards

Farrukh

Community Member

Re: Security and vulnerability assessment

Hi,

Some customers (who tend to put security ahead of costs) are generally more happy to allow Cisco boxes onto their premises compared to untrusted open-source stuff.

Regards,

Joe

Re: Security and vulnerability assessment

Well the trusted/untrusted debate is quite controversial and 'relative' from person to person, so I prefer not to delve into that :). Specially since Cisco is using the 'same' signatures in MARS.

Anyway thanks for the clarification.

Regards

Farrukh

Community Member

Re: Security and vulnerability assessment

Sorry, I forgot : cost is also a factor. I currently need more HW in order to run Nessus scans when I've already got it in the MARS appliance!

Regards, Joe

Gold

Re: Security and vulnerability assessment

My understanding is that MARS does very limited checks, and it's almost guaranteed to be way out of date. You can't even get updates to Nessus for free anymore.

264
Views
15
Helpful
7
Replies
CreatePlease to create content