December 13th, 2010
In an effort to offer a multi-vendor SIEM (Security Information and Event Management) solution, Cisco is placing its SIEM product, CS-MARS, in end-of-life and in its place, offering the industry its first SIEM ecosystem. Cisco acquired MARS six years ago in December 2004. MARS provided traditional event management and security monitoring along with limited forensic capabilities and compliance reporting. But the market demanded a broader cross-vendor SIEM solution rather than a SIEM focused primarily on Cisco products. In response Cisco has launched a SIEM ecosystem to support deep event monitoring, forensics and compliance reporting across a heterogeneous enterprise network. IT has also expanded the role of its Cisco Security Manager or CSM to support policy management and troubleshooting across a wider range of Cisco products. In this Lippis Report Research Note, we examine the new distribution of security responsibilities that now stretch across Cisco CSM and its new SIEM ecosystem with an eye toward stronger defense of IT assets.