Thursday, November 05, 2009

No Updates for Non Cisco Devices?

There has been plenty of rumours recently regarding MARS, and its support for Non Cisco Devices, more so, over the last couple of days...

Whether its Gartner a few days ago, or MARS competitors, like Nitro putting out releases yesterday, (and I`d fully expect the others to follow)

I noticed an official Business Unit response, in the Netpro Forums......

"October 30, 2009
Cisco response to Gartner Research Memo entitled “Cisco MARS Is Becoming Less Viable as a General SIEM Solution”
• Gartner has alerted its customers that as Cisco continues to focus its security management efforts on Cisco devices, MARS appliances may become less viable for the broad set of “general” SIEM use cases.
• Gartner concludes that Cisco’s focus on native management capabilities for our devices is a positive direction.
• For customers with primarily Cisco event sources on their network, Gartner recommends that MARS still provides a strong platform for security threat management (STM) and network behavior analysis (NBA) capabilities.
On October 29th, 2009, Gartner released a research note titled “Cisco MARS Is Becoming Less Viable as a General SIEM Solution.” This note is in response to Cisco’s stated direction to focus CS-MARS development on supporting Cisco-built network security devices and critical host operating systems. Non-Cisco network device data and signature updates continue to be supported in CS-MARS for the current versions of these 3rd-party systems.
In the memo, Gartner concludes that “Cisco will focus its efforts on improving Cisco's native security management capabilities,” which they note as a positive direction for Cisco’s overall Security portfolio.

In the past, we have encouraged Gartner to break up this crowded space as it encompasses a vast array of use cases spanning compliance reporting, log aggregation, threat identification, and mitigation. While MARS has been placed in the SIEM market, it has never fully covered all aspects of the Gartner-defined space. Over the last year, as we have focused on the core Security Threat Management use cases for Cisco products, Cisco has de-emphasized compliance reporting and non-Cisco devices.

In particular for Cisco customers, it is important to note Gartner’s recommendation that MARS continues to provide strong STM and NBA capabilities for Cisco event sources
. "


1 comment:

Anonymous said...

I personally do not find this to be a big deal. It's to be expected that Cisco would support their own products better. Savvy users can write their own custom parser for third party devices.