From: Don Oxman (don_mcse@hotmail.com)
Date: Sun Jan 27 2008 - 14:28:27 ARST
Thanks Ian.
Again, CW-SIMS is using an older version of the netForensics software, to the
best of my knowledge. Currently, version 4.0 is out from netForensics and is
suited towards the MSP environment. CW-SIMS uses agents and engines, but they
are not software agents/engines running on the monitored devices. These
software pieces are running on servers that merely collect and process
events/logs that are sent from the monitored devices. In this regards it is
similar to MARS.
When considering deploying these types of solutions please consider the
reasons for deployment. In our case, it's mandated by the state government.
I know this might be considered inflammatory on this board, but sometimes a
Cisco product is not the best solution for your customer/client.
Feel free to contact me off-line if you want to talk some more about this.
--Don
> From: istong@stong.org> To: muhammad.nasim@gmail.com; don_mcse@hotmail.com>
CC: security@groupstudy.com; ccielab@groupstudy.com> Subject: RE: CW-SIM VS
CISCO MARS> Date: Sun, 27 Jan 2008 08:44:30 -0500> > The CW-SIMS product uses
the netForensics v3.1 software and is more vendor> neutral in that you can
load it's agents on various devices including non> cisco devices. Don was on
about that aspect. FYI the CW-SIMS has both native> agents and universal
agents whereas CS-MARS doesn't use agents. > > Supported products can be found
in the tables listed at > >
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps5209/product_dat>
a_sheet09186a008017dcb6.html> > It's similar to CS-MARS in that they both do
event correlation, aggregation> and reporting. CS-MARS is an appliance only
solution. > > CS-MARS accepts alerts and feeds from many products - but it's
built in> parsers deal mostly with cisco products and a few handful of
specific> security devices such as IDS's, firewalls and so on. There is the
ability to> build custom parsers but you are limited to the fields built into
the> database in terms of reporting on those customized parsers.> > CS-MARS is
an appliance-based product line and CW-SIMS is a software based> product line.
However, the two products have unique functions and> capabilities. Supposedly
they are not competing products. A Cisco sales rep> is your friend - find one
and grill them about it.> > I can answer questions relating to CS-MARS as I've
deployed that - but I> haven't had any hands on with the CW-SIMS so I can only
go by what the> manuals and whitepapers say regarding it's capabilities.> > >
Thanks,> > Ian> www.ccie4u.com> Discounted Lab Scenarios and Rack Rentals> > >
> -----Original Message-----> From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On Behalf Of> Muhammad Nasim> Sent: Saturday,
January 26, 2008 10:02 AM> To: Don Oxman> Cc: Cisco certification; Cisco
certification> Subject: Re: CW-SIM VS CISCO MARS> > Thanks Don,> > By CW-SIMS
I meant CiscoWorks Security Information Management Solution.> Further
information can be found here.> >
http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html> > I want to
compare both these offerings from CISCO> > > >
<http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html>> > On
26/01/2008, Don Oxman <don_mcse@hotmail.com> wrote:> >> > CW-SIMS is actually
a product from netForensics (www.netforensics.com)> > known as nFX SIM One. It
is not an appliance but software that needs to> be> > installed on several
servers depending on your deployment. Go to their> > website and read about
what it can do. It's expensive. For example, our> > current installation will
cost about $1,200,000 for monitoring 2000> devices.> >> > Cisco MARS is, in my
opinion, very similar to the netForensics product.> > However, MARS is geared
primarily towards Cisco products while nFX is> truly> > non-vendor specific. I
also think that MARS is less expensive. Again,> hit> > the Cisco site and read
more about it.> >> >> >> >> > ------------------------------> >> > > Date:
Sat, 26 Jan 2008 11:54:56 +0300> > > From: muhammad.nasim@gmail.com> > > To:
security@groupstudy.com; ccielab@groupstudy.com> > > Subject: CW-SIM VS CISCO
MARS> > >> > > Dear All,> > >> > > I want to know difference b/w Cisco Works
Systems Information Management> > &> > > Cisco Mars?.> > >> > > It seems to me
that both are same almost identical.> > >> > > Detailed explanation will be
help> > >> > > Thanks in advance> > >> > >> > > --> > > Muhammad Nasim> > >
Network Engineer> > > Saudi Arabia> > >> >> >> >
------------------------------> > Climb to the top of the charts! Play the
word scramble challenge with star> > power. Play>
now!<http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_>
jan>> >> > > > -- > Muhammad Nasim> Network Engineer> Saudi Arabia> >
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST