Wednesday, January 28, 2009

Global Knowledge MARS Training

I see lots of visitors to the MARS blog, looking for training. Jim Thomas, MARS Course Director for Global Knowledge, gives us an insight into their offering below....

"In a truly Self Defending Network, detection and mitigation occur automatically. Alerts come in after the fact for forensic purposes, but all in all, we rest assured that when we leave our business day behind us, the network is protected. This assurance comes forth by acquiring the “best of the breed” software/hardware devices. But just because we have the best device does not necessarily mean we know how to use it, or better yet, use it to its’ maximum capability. MARS is no exception.

We have seen many, many students come through our MARS courses usually from three distinct backgrounds; (1) It’s a brand new install (2) The consultant who installed it came and left (3) We have this box on a rack with pretty blinky lights and need to know how to use it. Whatever the case is, at Global Knowledge being Cisco’s largest training partner for the past 10 years we understand the need to take students through the fundamental to advanced MARS topics and labs.

What sets us apart from other training partners? Mainly the labs and experience you’ll gain working on them. Although we always use Authorized Cisco Curriculum for Student Guides, our labs were designed around real world installations based on experience. We take pride in offering non-virtualized physical MARS appliances to accommodate our student needs.

We constantly enhance our labs by not just updating the MARS itself (we’re currently running 6.0.2), but by going beyond the standard course offerings. An example of this is our Software Reporting Lab, offering students the opportunity to install SNARE and the RPC method of pulling events from a Windows host. Or, by MARS incident generation by means of introducing a live virus to a host in the lab. As Chris has pointed out in this blog, Cisco has been expanding the cross-launch feature between MARS and CSM. We take it a step further in our classes to show the cross-launch with a Cisco IPS/CSM version 3.2 and MARS 6.0.2. These are just a few of our 15 MARS lab offerings we provide to our students.

If you are interested in knowing how to configure and maintain MARS to its maximum potential, please visit the Global Knowledge MARS webpage. If you are interested in learning more about the labs in the class please click here to see the Topology Diagram or here to see our video.

Thanks again,

Jim Thomas

Advanced Security Course Director"

Monday, January 05, 2009

NetFlow Secure Event Logging (NSEL) with MARS

Happy new Year!

You may of heard that the newer ASA 5580`s supported Netflow Secure Event Logging.

Now i`ve never seen this in action, but it may be of interest to see this is supported by MARS..

Check out the links Below...

Configuring NSEL for MARS on the ASA 5580

Configuring and Using NetFlow Secure Event Logging (NSEL)


Cisco ASA 5580 Implementation Note for NetFlow Collectors


On a further note, i believe NetFlow v9 support is limited to parsing and storing only the fields that Cisco Security MARS already parses and stores for NetFlow v5/v7.