Wednesday, January 28, 2009

Global Knowledge MARS Training

I see lots of visitors to the MARS blog, looking for training. Jim Thomas, MARS Course Director for Global Knowledge, gives us an insight into their offering below....

"In a truly Self Defending Network, detection and mitigation occur automatically. Alerts come in after the fact for forensic purposes, but all in all, we rest assured that when we leave our business day behind us, the network is protected. This assurance comes forth by acquiring the “best of the breed” software/hardware devices. But just because we have the best device does not necessarily mean we know how to use it, or better yet, use it to its’ maximum capability. MARS is no exception.

We have seen many, many students come through our MARS courses usually from three distinct backgrounds; (1) It’s a brand new install (2) The consultant who installed it came and left (3) We have this box on a rack with pretty blinky lights and need to know how to use it. Whatever the case is, at Global Knowledge being Cisco’s largest training partner for the past 10 years we understand the need to take students through the fundamental to advanced MARS topics and labs.

What sets us apart from other training partners? Mainly the labs and experience you’ll gain working on them. Although we always use Authorized Cisco Curriculum for Student Guides, our labs were designed around real world installations based on experience. We take pride in offering non-virtualized physical MARS appliances to accommodate our student needs.

We constantly enhance our labs by not just updating the MARS itself (we’re currently running 6.0.2), but by going beyond the standard course offerings. An example of this is our Software Reporting Lab, offering students the opportunity to install SNARE and the RPC method of pulling events from a Windows host. Or, by MARS incident generation by means of introducing a live virus to a host in the lab. As Chris has pointed out in this blog, Cisco has been expanding the cross-launch feature between MARS and CSM. We take it a step further in our classes to show the cross-launch with a Cisco IPS/CSM version 3.2 and MARS 6.0.2. These are just a few of our 15 MARS lab offerings we provide to our students.

If you are interested in knowing how to configure and maintain MARS to its maximum potential, please visit the Global Knowledge MARS webpage. If you are interested in learning more about the labs in the class please click here to see the Topology Diagram or here to see our video.

Thanks again,

Jim Thomas

Advanced Security Course Director"

1 comment:

Back2Boxes said...

I took the Global Knowledge MARS v3.0 training in September of 2008 (course books published July 2008, Lab Guide August 2008). The highlight of this course is the lab, but my instructor, Doug Notini completely exceeded my expectations.
I've always been picky about technical instructors having solid, real-world experience with the subjects or products that they cover. Doug doesn't have that in the case of MARS or even many of the products that can send messages to it. Nevertheless, Doug managed to (correctly) answer more technical questions about Cisco's MARS than a team of Cisco trainers were able to answer about Cisco's ACS. Not only did he care enough to research the answers during breaks and after class, he actually took the time to test them out in his lab!
The lab environment has lots of systems to use all of which are fast and well configured. The lab is designed to take you through all types of configurations, many of which appear easy when reading Cisco's documentation but turn out to be quite difficult when reality introduces you to the idiosyncrasies of the MARS user interface.
The only disappointment in the course was the lack of coverage of strategies for actually using the product in the context of real business policy and processes. Examples of tactical topics with strategic implications that I would have like to have had covered are: naming conventions for rules and alerts, documenting the configuration (false positive tuning in particular), compliance with ITIL-based change management processes, compliance with privacy standards, staff roles and responsibilities (network team vs. security team vs internal audit; 24x7 SOC vs 8x5 SOC), etc.