0 Artikler | 0,00
Go

Global Knowledge | Kurs & Sertifiseringer | Startside Søk Kurs | Kursoversikt


Implementing Cisco Security Monitoring : Analysis and Response System

Kurskode: MARS
Varighet: 4
Pris: NOK25 000,00 

Legg til favoritter | Skriv ut
Oversikt 

Cisco Security Monitoring, Analysis, and Response System (MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance.

Why Take MARS from Global Knowledge?

We've enhanced our labs well beyond what you'll find in the standard Cisco MARS training course, and we incorporate more real-world labs, network devices, and software applications. The standard Cisco MARS course uses preconfigured virtual devices where we use real equipment to prepare you for real-world scenarios. You'll benefit from the expertise of our skilled instructors, who have experience deploying this appliance in the field going back to the days when this was a Perfigo™ appliance.

With our approach to MARS training, you'll gain confidence in your familiarity with the MARS appliance as well as its integration with most Cisco equipment, Windows Servers, and other common software applications. Our enhanced labs provide access to the latest MARS software, while the standard course is based on the older 4.3.1 code. Also, our course includes a lab on configuring Cisco Security Manager (CSM) with a Cisco IPS and performing an attack scenario to cross-launch the incident from MARS to CSM.


Forkunnskaper
  • Fundamental knowledge of implementing network security
  • CCSP or Security CQS and working knowledge of routing and switching
  • CCNA Certification


Neste kursdato

Tilgjengelige dager ved forespørsel. Vennligst kontakt oss





    Mer informasjon

    • Cisco Customer
    • Channel Partner
    • MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network
    • Basic physical installation process
    • Add Cisco security and network devices into the MARS appliance
    • Add Non-Cisco security and network devices into MARS appliance
    • Configure network devices including ASAs, Routers, Switches, and an IPS to generate events that constitute an attack scenario and have MARS collect the events for incident investigation
    • Attack mitigation and false positive confirmation in context of MARS appliance
    • Configure appliance to perform Incident Investigation and Mitigation
    • Create, view, and save a long-duration query and reports on the MARS appliance
    • Configure the MARS appliance to send alerts
    • Configure rules that detect interesting patterns of network activity
    • Use Case Management features in the MARS appliance to assign incidents to specific MARS users for follow up
    • Configure hardware maintenance chores such as viewing audit trails, data archiving, and upgrading software on MARS appliance
    • Overview of MARS Global Controller
    • Overview and configuration of Log Parser Templates
    • Overview of Distributed Threat Mitigation using the Cisco IOS IPS
    • Configure antivirus software to report a live virus
    • MARS Interaction with Cisco Security Manager
    • Basic configuration of a Cisco IPS in Cisco Security Manager
    • Configure various Windows Servers (2003 and 2000) to use SNARE and RPC to report loevents to MARS

    1. Cisco Security MARS Overview and STM Task Flow

    • Cisco Security MARS solution and its role in Cisco Threat Defense System management
    • Deploy Cisco Security MARS as an STM system in your network

    2. Cisco Security MARS Configuration

    • Configure the network reporting devices to work with the Cisco Security MARS appliance
    • Configure Cisco reporting devices to work with the Cisco Security MARS appliance
    • Configure reporting devices from other vendors to work with the Cisco Security MARS appliance
    • Configure user-defined log parser templates on the Cisco Security Mars appliance

    3. Cisco Security MARS Incident Investigation

    • Use the Summary page menu to get an overview of your network Examine case management features that can capture, combine, and preserve user-selected Cisco Security MARS date within a specialized report called a case
    • Explore the process of incident investigation and attack mitigation in a Cisco Security MARS appliance
    • Configure the Cisco Security MARS appliance to send a notification

    4. Cisco Security MARS Rules and Management

    • Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
    • Use the management features in the Cisco Security MARS appliance to add, edit, and delete event, IP addressing, service, and user information
    • Perform system maintenance tasks on the Cisco Security MARS appliance
    • Features and functions of the Cisco Security MARS Global Controller

    This course is part of the following programs or tracks:

    There are no follow-ons for this course.


     

    Anbefal denne siden

    Copyright © 2012 Global Knowledge Norway AS. Registrert i Norge med Org. Nr 988943355.
    Innhold, Vår tilgjengelighet, Privacy Policy, Generelle betingelser, Juridisk info.
    RSS. (Srv: 222)