Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Security System Shuts Out Third-Party Tools

Posted by Soulskill on from the trouble-versus-worth dept.

alphadogg writes "Cisco has finally publicly acknowledged it won't add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Some claim it's the beginning of the end for MARS as a multi-vendor SIEM device. 'MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added,' Cisco declared in a statement, noting that 'Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation.' Cisco's SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, 'Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS].'"

10 of 37 comments (clear)

  1. Re:This isn't new. by Ironsides · · Score: 2, Insightful

    Cisco only supports Cisco. No Standard interfaces, nothing.

    So, they don't support IPv4, IPv6, RJ-45 or RS-232?

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  2. Thank Heavens for Competition by chill · · Score: 2, Interesting

    Try something that works WITH you as a SECURITY appliance, as opposed to yet another sales opportunity. There is lots of competition that easily beats MARS in functionality, ease of use and comprehensive support. TriGeo, for one.

    --
    Learning HOW to think is more important than learning WHAT to think.
  3. DMCA Borks Homeland Security, Film at 11 by girlintraining · · Score: 3, Insightful

    Since SIEM equipment is typically used to consolidate alert and event data from multiple vendor sources...

    Isn't that quaint! All these demands by the government to secure and protect critical "cyber"-resources, and here we have a major vendor basically giving the middle finger to that initative, making it more expensive and difficult to accomplish that objective. Once again two government initatives are at odds with each other: You have the DMCA and copyright advocates on one side, who have made overriding vendor lock-in by creating interoperability illegal, and national security interests on the other side asking ISPs and internet-connected networks to be secure.

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. Cisco won't allow legitimate owners to patch by overThruster · · Score: 3, Insightful

    Cisco doesn't allow legitimate owners of their hardware to apply security patches without an exorbitantly expensive software subscription. I found this out when I purchased some of their hardware on ebay for self-study purposes. Personally, I think that's a bigger issue. It means that many individuals and small businesses out there are probably running outdated, insecure versions of their software. Not good!

    Security patches should be freely available for the good of the whole Internet community.

    1. Re:Cisco won't allow legitimate owners to patch by jgasher · · Score: 2, Informative

      Very few vendors allow that. While the hardware can be resold by unauthorized resellers on what Cisco refers to as the "gray market," the software and OS licenses are non-transferable.
      Technically, anyone that buys equipment like that can't legally use it at all because they don't have a valid license for the OS.

    2. Re:Cisco won't allow legitimate owners to patch by Awptimus+Prime · · Score: 2, Insightful

      You didn't do a quick google before throwing down money on a used security device? This is similar to picking up a used spam appliance for $100 and demanding a free subscription to updated signatures.

      Sorry dude, those signatures aren't written by the signature writing security fairy on top of twinkle toe mountain. People are paid to do it and that money has to come from a stable business model.

      Don't like it? Build up something using open source and roll with it, nobody is going to stop you and you should probably work it into a distributable ISO and share with the rest of the world for free. But for the love of god, don't whine about companies who let you know up front what subscription rates are for their appliances. IF YOU DONT LIKE OR NEED IT DON'T FUCKING BUY IT.

      Apologies, but sometimes you have to type in caps to remind people everything on the goddamned planet isn't going to be free and served to them on a silver platter. :)

    3. Re:Cisco won't allow legitimate owners to patch by amorsen · · Score: 3, Informative

      Cisco doesn't allow legitimate owners of their hardware to apply security patches without an exorbitantly expensive software subscription.

      This is actually not true. Security patches are available without a subscription. Read the security advisories published by Cisco.

      Taking advantage of the offer is sufficiently inconvenient so I don't think very many do.

      --
      Finally! A year of moderation! Ready for 2019?
  5. Re:This isn't new. by Anonymous Coward · · Score: 2, Insightful

    What a bunch of wankers, shutting out third-party tools. Who do they think they are, Microsoft?? Apple?

  6. MARS is a joke by vvaduva · · Score: 4, Informative

    I've been a MARS admin/user for a few years and this is not a surprise at all. I have first generation hardware - right after the purchase, Cisco announced that they no longer provide software updates for 1st gen machines, trying to push new hardware down customers throats, so for about a year I was unable to patch or update my environment. Finally they gave in last year and started supporting both 1st and 2nd generation hardware again (I assume because customers were running away from their sinking MARS ship).

    This announcement is not a surprise at all since they've been pushing netflow like crazy, however a true event management solution should not be vendor centric to begin with. It's a pain to get MARS to take in events from Windows machines for example, or accept and manage events from other sources, so the announcement that that will no longer continue the non-existent support they had before is a non-sequitur.

    Apparently the mentality at Cisco now is that if they paint a box green and write Cisco on it, people will buy it.

  7. Re:Cisco is discontinuing MARS by DarkOx · · Score: 2, Interesting

    Right, its not a big deal and anyone who has been making purchase decisions in IT long enough to know what MARS does knows you don't EVER EVER consider a Cisco solution unless:

    They are giving you a sweat heart deal to run some other vendor off, so you don't care about scrapping it later.

    They have been selling the product for at least two years, otherwise it has a 50pct change of just disappearing

    Their offering still has the features that you are primarily interested in after they have existed in the product for two years, otherwise said product is likely to morph into something completely different in operational characteristics.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html