User name:


Copyright © 2006.
All Rights Reserved

Cisco Security Monitoring, Analysis & Response System

Course Details:

  • Days: 2
  • Course Code: CIMARS
  • Booking: Please ring 08450 504 505


Protego Networks offers the Mitigation and Response System (MARS) family of high performance, scalable appliances for threat management, monitoring and mitigation, enabling customers to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification and automated mitigation capabilities.


  • Certified as a CCSP or the equivalent knowledge.
  • Pass SECUR exam (642-501) and / or SNRS exam (642-502).
  • At least six months practical experience configuring Cisco routers and security products.
  • Familiarity with implementing network security policies and the following - Perimeter security system components: Perimeter router, firewall, IPS, VPN and DMZ host.
  • Servers: Syslog servers, web servers, and FTP servers.
  • Protocols: Syslog, SNMP, SSH, FTP, and Telnet.

Delegates will learn how to

  • Describe the MARS solution, features, and functions in context to the issues of security incidents and security information in an enterprise network.
  • Cover the basic physical installation process.
  • Add Cisco security and network devices into MARS appliance.
  • Add Non-Cisco security and network devices into MARS appliance.
  • Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the interesting events for incident investigation.
  • Discuss attack mitigation and false positive confirmation in context to MARS appliance.
  • Configure appliance to perform Incident Investigation and attack mitigation.
  • Explain how to create, view and save a long-duration query and reports on the MARS appliance.
  • Configure the MARS appliance to send an alert.
  • Describe and configure rules that detect interesting patterns of network activity.
  • Use management features in the MARS appliance to assign event, addressing, service, and user information.
  • Configure hardware maintenance chores like viewing audit trail, data archiving, hot swapping hard drives, upgrading software on MARS appliance.
  • Provide overview of MARS Global Controller.
  • Provide overview of Log Parser Templates.

Course Outline

  • MARS Introduction and Installation
  • Configuring MARS
  • MARS Incident Investigation
  • MARS Rules and Management
  • MARS Global Controller and User Defined Parser Templates


For more information or to apply please call 08450 50 45 05 or complete the form below;


* These fields are required