Is Cisco freezing support for any new non-Cisco security devices in the Cisco Security Monitoring, Analysis and Response System (MARS) appliance? Since the SIEM market consists of equipment aimed at consolidating and correlating event information from multiple vendor equipment, several of Cisco's rivals, including NitroSecurity and Q1 Labs, contend Cisco MARS will lose its relevance if Cisco freezes support for non-Cisco appliances. "As of a certain timeframe, they'll support what they support, and that's it," claims Jerry Skrula, vice president of marketing at SIEM vendor NitroSecurity. Cisco isn't confirming it or denying it, but Cisco rivals claim they're hearing from Cisco customers that Cisco won't add support for additional non-Cisco security devices to MARS, a security information and event monitoring (SIEM) appliance used by about 4,000 Cisco customers.
The SIEM vendor claims to be hearing this from Cisco customers and others in industry. NitroSecurity states "industry sources have confirmed that Cisco has begun informing its customers of a freeze on MARS support for most non-Cisco event sources and is encouraging customers to find an alternative for log collection and event analysis for non-Cisco event sources," though NitroSecurity declined to reveal these sources specifically, merely noting they were Cisco customers and others in industry. Skrula admits he doesn't know the specific timeframe but NitroSecurity yesterday kicked off a so-called "MARS Migration Program" targeting Cisco SIEM customers. As part of its push to get MARS users, NitroSecurity is offering its own NitroView product, promising Cisco MARS customers "custom-tailored financial incentives" to switch. As for Cisco itself, spokesman David Oro, said "We are not going to address competitive rumors, but what I can tell you is that any decisions about MARS are future roadmap discussions that are internal and subject to change depending on market conditions and customer needs." He notes that Cisco continues to release "new versions of MARS that include support for new device features (like Botnet Traffic Filter and Global Correlation reporting in 6.04), new MARS application features (numerous improvements for operational features in the past couple of releases), and signature updates for Cisco and non-Cisco devices. At Q1 Labs, another Cisco SIEM rival, Brendan Hannigan, president and COO, and John Burnham, vice president of corporate marketing there, also say they believe Cisco won't be supporting new non-Cisco devices in MARS. And evidence this week of glee in that prospect is abounding, with rival ArcSight sponsoring a Google link that turns up "Worried about Cisco MARS?" when a search is done for "Cisco MARS" and another competitor, CorreLog, sponsoring "Cisco MARS Alternatives." But is it all just fear-mongering?
There is no internal or external end-of-service plan at this time, and MARS is available from Cisco and our partners." MARS 6.0.4 currently supports several non-Cisco security products, including McAfee IntruShield and Entercept, the NetScreen IDP, Symantec, NIDS, Enterasys Dragon, Qualys Guard and eEye Retina products for scanning and vulnerability assessment.
0 comments:
Post a Comment