When Cisco acquired the CS-MARS platform, there was a lot of buzz in the Security community that we would finally be able to have a single platform that could manage all of the our firewalls. I managed to be involved in a couple of deployments and was impressed by the product that what it could do.
One of the best features of the product was the ability to manage multiple vendors products. That is, CS-MARS has the capability to manage Checkpoint, Juniper and a few other mainstream products. For many customers, this was a clear advantage of the product since it offered a single security analysis platform for the entire security estate.
It’s common security practice in larger networks to always use two firewalls in highly untrusted connections such as the Internet. Especially in networks where Checkpoint firewalls were the primary vendor, the CS-MARS made the Cisco ASA products possible. That is, better management and control using CS-MARS would have generated a push to choose the ASA instead of alternate security products. It certainly created more opportunities for me to choose Cisco ASA compared to Checkpoint especially (less so Juniper).
Why move to Cisco only ?
My only guess is that is it saves money. By only developing interfaces and support for Cisco, they can drastically reduces the development time (and head count) and the post-sales support. This means a bigger profit on sales AND support. That makes for a lazy decision by management who aren’t looking at the bigger picture.
You could also make the argument that it delivers a better customer experience. Developing interfaces for competitors product is difficult, messy and easy to get wrong. Developing for products within your own company is still difficult but not impossible. The loss of multi-vendor support is quite a problem for a lot of customers.
Given that CS-MARS has a number of problems in operation. My experiences is bad performance, interface is slow, buggy / crashy and complicated to use. A key driver was multi-vendor support, and now that’s gone I can no longer recommend the CS-MARS as a suitable product.
When will Cisco begin to seriously focus on the Security portfolio. The whole product line is obviously in maintenance mode with few new products, little development on existing assets and certainly no innovation. Even the Cisco IDS are beginning to stagnate.
So I’ll be looking for alternatives to CS-MARS, I can’t recommend it.