You are here: Home / Blog / End of Life Notice for Cisco CS-MARS Questions Ciscoís Commitment to Security.

End of Life Notice for Cisco CS-MARS Questions CiscoíS Commitment to Security.

8th December 2010 by 11 Comments

Noticed this today:

Cisco announces the end-of-sale and end-of life dates for the Cisco Security Monitoring, Analysis, and Response System. The last day to order the affected product(s) is June 3, 2011

Cisco purchased CS-MARS to expand and deliver a full range Security Portfolio, there was much excitement that Cisco had finally committed to delivering a worthy security strategy and becoming a full service partner. It seems that this is no longer part of the plan.

If there is no SIEM in the portfolio then what does this means for Network Security.

Product Migration Options
There is no replacement available for the Cisco Security Monitoring, Analysis, and Response System at this time.
Customers are encouraged to migrate to the Cisco Security Manager or to the Security Information and Event Management ecosystem partners for their security management needs. For security managed services, customers are encouraged to evaluate Cisco Remote Management Services.

Although some functions have been integrated into Cisco Security Manager, I believe that most functionality has been ditched and Cisco is suggesting that customers consider other products for those use cases.

Other Questions

If Cisco’s commitment to security products is diminished, then I would also have to question the long term plan for other products such as NAC. Undeniably, Cisco’s partnership with Trend Micro for Content Security and the IronPort purchase may have given executives enough revenue from Security to turn elsewhere. Instead of growing all the security business they have elected that this is good enough. Given that Cisco is growing is too many directions, Security probably doesn’t matter compared to UCS, Teleconferencing, Flip videos and that home video thing (UMI?). Lets face it, not even corporates care that much about security, they aren’t spending much money on it.

I can also sense that the impact of virtualisation is part of the issue. It seems that vendors are moving away from appliances for network services to using virtual machines, and this change in strategy means a realignment in product focus.

Notwithstanding, it seems Cisco commitment to security practice is less than total. Which is odd for company that is desperately looking for the growth that is demanded by the shareholders.

You can find the EOL notice at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/eol_c51-636888.html

Filed Under: Blog, Opinion, Security Tagged With:
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • http://twitter.com/avalonhawk Ed W

    Ditching MARS I feel is a very troubling move for the Security portfolio. I’m also a bit annoyed at this given that we just deployed the appliance less than a year ago and it’s been doing just what I want it to. However, I’m sadly not surprised given they ditched support for 3rd party vendors back in January – that seemed like the first nail in the coffin. Oh well, in a year or two it’ll be time to upgrade our platforms and I’ll be looking else where… The steps Cisco are taking away from their core competencies is troubling to say the least. Juniper and other vendors are starting to look more and more interesting every day to me. Especially since I know we’re close to a network refresh in a lot of areas in the next 12 months.

  • http://companya.tumblr.com Josh Gant

    I totally agree. CSA was dropped, the XML firewall components of ACE are gone as well and now MARS. I still feel comfortable with Cisco’s packet firewall direction with the ASA, new ASA modules for 6500, and VSG for Nexus 1000v. I also think the Ironport WSA is a great product just that it is priced too high for many medium businesses.

    But I would steer clear of NAC or CSM at this point for exactly the reasons you mention – Cisco just isn’t committed to this space.

    • http://twitter.com/avalonhawk Ed W

      *blink* ASA modules for the 6500s? Damnit, and I just dropped the $$ on FWSMs.

      Of all, I think CSM will stick around or be integrated into LMS. For large security device deployment CSM is very handy to have. Of course that’s just and I could be insanely wrong.

      • http://companya.tumblr.com Josh Gant

        Maybe I wasn’t supposed to say that out loud… I’m pretty sure I heard about this recently (and it’s been on the radar forever).

        Does anyone use LMS anymore? I have been guiding customers toward Solarwinds for many years now. Has LMS improved?

        • http://twitter.com/avalonhawk Ed W

          Cisco just released LMS 4.0 – looks a lot more streamlined and *gasp* modern. That said, the little playing with it that I’ve done I’m not convinced it’s better than other products like Orion.

      • Leo Song

        You are not wrong.

        If you notice that Cisco hasn’t done much changes or improvements on specific hardware, then it might be a sign of possibly being replaced “soon”, like FWSM, NAC being mentioned in this post, the hardware hasn’t been changed much over years, still 1G bottleneck, Cisco has to introduce something new which is 10G capable, might be FWSM Gen2 or ASA Gen2, etc.

        • http://etherealmind.com Greg Ferro

          The FWSM sure looks at the end of its cycle. Rumours of an ASA module are around. However, the C6500 chassis doesn’t have much of a future given it has limited performance. Even the Cat4500 is faster than the C6500 in raw packet forwarding.

          Cisco has bet its future on the Nexus products and appear to be having plenty of problems with the product. Manufacturing delays, software delays, upgraded / next gnereation hardware is coming very slowly and the performance is a long way behind the other vendors.

          So we are stuck with five and ten year old technologies that don’t really cut it.

  • http://unroutable.blogspot.com jswan

    I can’t say I’m going to shed any tears for MARS… it was a difficult and cumbersome product that seemed to have little productive role beyond fulfilling a checkbox for a SIEM.

    I really wish that Cisco would come out with something that can do sophisticated log analysis of ASA and IDS/IPS logs. MARS certainly wasn’t it. CSM isn’t it.

  • http://www.globalconfig.net Brandon Carroll

    I’d watch for something to get bundled into the CSM line as far as SIEM goes. As for NAC, I don’t believe i’ts not going away, but I’d keep an ear out for a next gen product. Should be interesting to see what happens.

    • http://etherealmind.com Greg Ferro

      The features they ported to CSM are just configuration controls and some basic logging. All the true analysis tools got thrown away.

  • Barderless

    Don’t worry, they have Ironport and a VPN client. That’s all you apparently need, none of that silly host protection or logg aggregation/analysis, or DDoS protection or XML filtering or… well, anything:

    http://www.xtranormal.com/watch/7246841/