Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. Layering is necessary because of increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity.
Network access points and systems are probed thousands of times each day in an attempt to exploit vulnerabilities. Modern blended/hybrid attacks use multiple and deceptive attack methodologies to gain unauthorized system access and control from outside and within organizations. The proliferation of worms, day-zero attacks, viruses, Trojan horses, spyware, and attack tools challenges even the most fortified infrastructures, resulting in shorter reaction time and costly remediation.
In addition to the number of servers and network devices, each security component offers isolated event log and alert features for anomaly detection, threat reaction, and forensics. Unfortunately, this isolation yields a tremendous amount of noise, alarms, log files, and false positives for operators to discern or effectively utilize. In addition, compliance legislature requires strict data privacy, improved operational security, and documented audit processes.
Cisco Security Monitoring, Analysis, and Response System (MARS)
Cisco Security Monitoring, Analysis, and Response System (MARS) provides security monitoring for network devices and host applications supporting both Cisco and other vendors. Security monitoring with MARS greatly reduces false positives by providing an end-to-end topological view of the network, which helps improve threat identification, mitigation responses, and compliance.
Other features and benefits of Cisco Security MARS:
"Learns" the topology, configuration and behavior of your environment
Provides simple access to audit compliance reports with more than 150 ready-to-use customizable reports
Makes precise recommendations for threat mitigation, including the ability to visualize the attack path and identify the source of the threat with detailed topological graphs that simplify security response at Layer 2 and Layer 3
Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event.
Juniper Networks SA Series SSL VPN Appliances
Juniper Networks STRM Series Security Threat Response Managers combine, analyze and manage an incomparable set of surveillance data—network behavior, security events, vulnerability profiles and threat information—to empower companies to efficiently manage business operations on their networks from a single console. With pre-installed software, a hardened operating system and a Web-based setup, the STRM Series lets you get your network security up and running quickly and easily. The bottom line of the STRM Series is simple deployment, fast implementation and improved security, at a low total cost of ownership.
STRM Series Security Threat Response Managers offer:
Centralized command and control console
Network, security, application, and identity awareness
Advanced threat and security incident detection
Compliance-driven reporting capabilities
Scalable distributed log collection and archive