The Cisco® Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. Part of Cisco's security management lifecycle, Cisco Security MARS empowers your security and network organizations to identify, manage, and counter security threats. It works with your existing network and security investments to identify, isolate, and recommend precise removal of offending elements. It also helps maintain internal policy compliance and can be an integral part of your overall regulatory compliance solution.
Security and network administrators face numerous challenges, including:
1. Security and network information overload
2. Poor attack and fault identification, prioritization, and response
3. Increases in attack sophistication, velocity, and remediation costs
4. Compliance and audit requirement adherence
5. Security staff and budget constraints
6. Cisco Security MARS addresses these challenges by:
7. Visualizing validated incidents and automating investigation
8. Mitigating attacks by taking full advantage of your existing network and security infrastructure
9. Monitoring systems, network, and security operations to aid in compliance
10.Delivering a scalable appliance that is easy to deploy and use with the lowest total cost of ownership (TCO)
Cisco Security MARS transforms raw network and security data into intelligence that can be used to subvert valid security incidents and maintain compliance. Cisco Security MARS enables operators to centralize, detect, mitigate, and report on priority threats using the network and security devices already deployed in your infrastructure.
Features and Benefits
Network Intelligent Event Aggregation and Performance Processing
Cisco Security MARS obtains network intelligence by understanding the topology and device configurations from routers, switches, and firewalls, and by profiling network traffic. The system's integrated network discovery function builds a topology map containing device configuration and current security policies, which enables it to model packet flows through your network. Since the appliance does not operate inline and makes minimal use of existing software agents, there is little impact on network or system performance.The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows,Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow).

Article source:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/product_data_sheet0900aecd80272e64.html
Article source: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/data_sheet_c78-458671.html