Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    74118-cs Mars Sizing Estimate

    Uploaded by

    pjayasinghe
    This document provides guidance on sizing Cisco CS-MARS appliances to meet a customer's requirements. It discusses parameters to consider such as the number of sites supported, high availability needs, expected events per second, and the amount of online data storage required. Key questions are outlined to determine the appropriate CS-MARS model, such as the number of sites, high availability requirements, estimated events per second, and number of months of required online data storage. Placement of devices across multiple sites versus a single site and RAID level requirements for high availability are also addressed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    74118-cs Mars Sizing Estimate

    Uploaded by

    pjayasinghe
    8 views8 pages
    This document provides guidance on sizing Cisco CS-MARS appliances to meet a customer's requirements. It discusses parameters to consider such as the number of sites supported, high availability needs, expected events per second, and the amount of online data storage required. Key questions are outlined to determine the appropriate CS-MARS model, such as the number of sites, high availability requirements, estimated events per second, and number of months of required online data storage. Placement of devices across multiple sites versus a single site and RAID level requirements for high availability are also addressed.

    Original Description:

    Original Title

    74118-cs_mars_sizing_estimate

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides guidance on sizing Cisco CS-MARS appliances to meet a customer's requirements. It discusses parameters to consider such as the number of sites supported, high availability needs, expected events per second, and the amount of online data storage required. Key questions are outlined to determine the appropriate CS-MARS model, such as the number of sites, high availability requirements, estimated events per second, and number of months of required online data storage. Placement of devices across multiple sites versus a single site and RAID level requirements for high availability are also addressed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    8 views8 pages

    74118-cs Mars Sizing Estimate

    Uploaded by

    pjayasinghe
    This document provides guidance on sizing Cisco CS-MARS appliances to meet a customer's requirements. It discusses parameters to consider such as the number of sites supported, high availability needs, expected events per second, and the amount of online data storage required. Key questions are outlined to determine the appropriate CS-MARS model, such as the number of sites, high availability requirements, estimated events per second, and number of months of required online data storage. Placement of devices across multiple sites versus a single site and RAID level requirements for high availability are also addressed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Cisco CS-M A R S A p p l i c a t i o n N o t e

    SIZING ESTIMATE

    J o h n R u p f

    Please send feedback to cs-m ar s@ ci sco. com

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 1o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    INTRODUCTION

    T h i s d o c u men t i n t ro d u c es paramet ers t o c o n s i d er w h en s i z i n g t h e CS -MARS mo d el t o t h e c u s t o mer’ s


    req u i remen t s

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 2o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    TA B L E OF CONTE NTS

    INTRODUCTION.....................................................................................................................................................................................4
    Q UE STIONS .......................................................................................................................................................................................4
    OB TA INING E V E NTS P E R SE COND A ND B TY E S OF E V E NTS P E R W E E K .......................................................................7
    E STIM A TION RUL E S OF TH UM B ..................................................................................................................................................7
    USING TH E SIZ ING CA L CUL A TOR ..............................................................................................................................................8
    RE F E RE NCE S....................................................................................................................................................................................8

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 3o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    INTRODUCTION

    A c u s t o mer h as s o me n u mb er o f f i rew al l s , s erv ers , ro u t ers , an d I P S d ev i c es an d w o u l d l i k e t o es t i mat e t h e appro x i mat e


    s i z e f o r CS -MARS . S pec i f i c al l y h o w man y an d w h at mo d el o f CS -MARS are req u i red .
    T h e an al y s i s o f t h e s i z i n g pro b l em may b e b ro k en u p i n t o f o u r part s : t h e n u mb er o f s i t es , t h e req u i remen t f o r h i g h
    av ai l ab i l i t y , t h e ev en t s per s ec o n d , an d t h e o n l i n e s t o rag e s pac e n eed ed .
    I f t h e c u s t o mer’ s d ev i c es are d i s t ri b u t ed b et w een s i t es an d t h e c o s t o f t ran s f erri n g d at a b et w een s i t es i s a c o n s i d erat i o n ,
    t h en t w o o r mo re s mal l er CS -MARS appl i an c es may b e appro pri at e f o r t h e j o b . I f al l o f t h e c u s t o mer’ s d ev i c es are at o n e
    s i t e, o r d at a t ran s f er b et w een s i t es i s c h eap, a s i n g l e l arg er appl i an c e may b e t h e ri g h t s el ec t i o n .
    I f t h e c u s t o mer h as a req u i remen t f o r h i g h av ai l ab i l i t y , t h en t h e RAI D l ev el o f eac h mo d el may el i mi n at e s o me mo d el s f ro m
    c o n s i d erat i o n .
    I f t h e d ev i c es are g en erat i n g a g reat d eal o f t raf f i c t o CS -MARS t h en a CS -MARS w i t h t h e c apac i t y t o h an d l e mo re ev en t s
    per s ec o n d i s req u i red . I f t h e n u mb er o f d ev i c es i s ex pec t ed t o g ro w , t h en a l arg er CS -MARS may b e appro pri at e.
    D epen d i n g o n t h e amo u n t o f s t o rag e s pac e t h e c u s t o mer n eed s t o k eep d at a i n o n l i n e s t o rag e f o r a g i v en peri o d o f t i me,
    s o me mo d el s may b e el i mi n at ed b ec au s e t h e mo d el d o es n o t h av e t h e req u i red o n l i n e s t o rag e c apac i t y .
    An s w eri n g t h e f o l l o w i n g q u es t i o n s w i l l h el p y o u s i z e t h e CS -MARS req u i remen t s .

    Q UE STIONS
    1. H o w m a n y s i t e s w i l l C S -M A R S s u p p o r t ?

    2 . D o e s C S -M A R S n e e d t o b e h i g h l y a v a i l a b l e ?

    3 . H o w m a n y e v e n t s w i l l C S -M A R S r e c e i v e p e r s e c o n d ?

    4 . H o w m a n y m o n t h s o f d a t a m u s t C S -M A R S m a k e a v a i l a b l e o n l i n e ?

    S ite s
    D ev i c es may b e al l i n o n e s i t e o r d i s t ri b u t ed b et w een s i t es . I f t h e d ev i c es are i n o n e s i t e o r t h e c o s t o f t ran s f erri n g d at a
    b et w een s i t es i s l o w , t h en o n e CS -MARS appl i an c e may b e ab l e t o h an d l e t h e j o b .
    S i t es may b el o n g t o s eparat e ad mi n i s t rat i v e u n i t s w h ere s mal l er b o x es t h at eac h ad mi n i s t rat i v e u n i t c o u l d o w n may b e a
    b et t er s o l u t i o n t h an o n e l arg er, s h ared CS -MARS .
    D o n o t d i s t ri b u t e d ev i c es t o CS -MARS b y d ev i c e t y pe. CS -MARS mu s t b e ab l e t o f o l l o w t h e pac k et t h ro u g h t h e n et w o rk .

    H ig h A v a ila b ility
    I f t h e c u s t o mer h as a req u i remen t f o r h i g h av ai l ab i l i t y , t h en b eg i n at RAI D 1 + 0 o r a mo d el 100. T h e mo d el s h av i n g RAI D
    1 + 0 al s o h av e d u al red u n d an t po w er s u ppl i es .
    T h e 110 an d 210 h av e c ac h e b at t ery b ac k u p as w el l .

    Mo d el RAI D L ev el P o w er S u ppl y B at t ery B ac k u p


    25R No n e
    25 No n e
    55 0
    110R 1 + 0 Red u n d an t B u i l t -i n
    110 1+ 0 Red u n d an t B u i l t -i n
    210 1+ 0 Red u n d an t B u i l t -i n
    T ab l e 1 H i g h Av ai l ab i l i t y
    I f h i g h av ai l ab i l i t y i s a req u i remen t y o u s h o u l d rec o mmen d at l eas t t h e 110R.

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 4o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    E v e n ts p e r S e c o n d

    S y s te m L o g M e ssa g e s
    B eg i n w i t h t h e n u mb er o f ev en t s per d ay . I f t h e t raf f i c i s u n i f o rm t h ro u g h o u t t h e d ay , t h en c o n v ert t h e ev en t s per d ay
    d i rec t l y i n t o ev en t s per s ec o n d .
    Cal c u l at e es t i mat ed n u mb er o f ev en t s per s ec o n d .

    Ev en t s /h o u r = Ev en t s /d ay * 1 d ay / 24 h o u rs
    Ev en t s /s ec o n d = Ev en t s /h o u r * 1 h o u r/36 00 s ec o n d

    F o r ex ampl e, as s u me 5 000 000 Ev en t s /d ay


    Ev en t s /s ec o n d ~ = 58

    I f t h e t raf f i c o n t h e n et w o rk i s n o t u n i f o rm t h ro u g h o u t t h e d ay , t h en t ry t o es t i mat e t h e ev en t s per s ec o n d f o r t h e b u s i es t


    part o f t h e d ay . F o r ex ampl e, as s u me 8 0% o f t h e ev en t s o c c u r o v er a 10 h o u r peri o d d u ri n g t h e d ay .
    Cal c u l at e t h e es t i mat ed n u mb er o f ev en t s per s ec o n d .

    Ev en t s /h o u r = Ev en t s / d ay * 0.8 / 10 h o u rs
    Ev en t s /s ec o n d = Ev en t s / h o u r * 1 h o u r/36 00 s ec o n d

    F o r ex ampl e, as s u me 5 000 000 Ev en t s /d ay


    Ev en t s /h o u r = 5 000 000 * 0.8 / 10 = 400 000
    Ev en t s /s ec o n d ~ = 111

    S D E E
    U s e IM E s ta tis tic s to e s tim a te th e ra te o f S D E E e v e n ts p e r s e c o n d .

    C o m p o s ite E P S
    C a lc u la te a c o m p o s ite E P S v a lu e b y a d d in g 3 tim e s th e S D E E E P S to th e s y s te m lo g m e s s a g e E P S .
    F o r e x a m p le , to c a lc u la te th e e s tim a te d E P S lo a d o n th e a p p lia n c e w h e re th e s y s te m lo g E P S is 2 5 0 a n d th e S D E E E P S is 1 0 0 th e n
    C o m p o s ite E P S = 2 5 0 + 3 * 1 0 0 = 5 5 0 E P S

    A CS -MARS 55 at 9 00 Ev en t s /s ec o n d s u s t ai n ed i s t h e f i rs t appl i an c e i n t ab l e 2 t h at c an s u s t ai n 550 EP S . T o al l o w ro o m


    f o r t raf f i c g ro w t h an d b eari n g i n mi n d t h at d u ri n g an at t ac k , t raf f i c c o u l d g o u p b y a f ac t o r o f 5 o r mo re y o u s h o u l d
    rec o mmen d t h e 110R.
    Al l o w mo re ro o m i f CS -MARS w i l l ru n c u s t o m repo rt s .

    P e a k Su s t a i n e d P e a k Su s t a i n e d P e a k Su s t a i n e d

    S y s lo g o r S y s lo g o r Net F l o w Net F l o w AS A NF - AS A NF - IP S IP S
    Net F o w - Net F o w - n o n -s t o re n o n -s t o re n o n -s t o re n o n -s t o re S D EE S D EE
    S t o re S t o re EP S ( V 5) EP S ( V 5) EP S ( V 9 ) EP S ( V 9 ) per s ec per s ec
    EP S EP S
    P la tfo rm P e a k Su s t a i n e d P e a k Su s t a i n e d P e a k Su s t a i n e d P e a k Su s t a i n e d
    M A R S 25 R 75 45 15 0 0 30 0 75 0 45 0 27 16
    M A R S 25 75 0 45 0 15 0 0 0 20 0 0 75 0 0 30 0 0 270 16 2
    M A R S5 5 15 0 0 90 0 30 0 0 0 6 0 0 0 15 0 0 0 90 0 0 5 40 324
    M A R S 110 R 45 0 0 2 70 0 75 0 0 0 15 0 0 0 35 0 0 0 22 5 0 0 1 6 20 972
    M A R S 110 75 0 0 45 0 0 15 0 0 0 0 30 0 0 0 75 0 0 0 45 0 0 0 2 70 0 1 6 20
    M A R S 210 15 0 0 0 90 0 0 30 0 0 0 0 6 0 0 0 0 15 0 0 0 0 90 0 0 0 40 0 0 2 40 0

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 5o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    T ab l e 2 Ev en t s an d Net f l o w b y D ev i c e

    O n lin e S to r a g e S p a c e

    CS -MARS c an u s e t w o t y pes o f s t o rag e: o n l i n e an d arc h i v al . T h e o n l i n e s t o rag e i s av ai l ab l e t o t h e d at ab as e. T h e arc h i v al


    s t o rag e c o n t ai n s t h e d at ab as e arc h i v es . F o r s i z i n g w e n eed o n l y c o n s i d er t h e o n l i n e s t o rag e s pac e as a f u n c t i o n o f t h e
    mo d el .

    Af t er al l o w i n g f o r o v erh ead t h e ac t u al s t o rag e s pac e av ai l ab l e f o r s t o ri n g ev en t s w i l l b e s mal l er t h an t h e n o mi n al s t o rag e


    s pac e o f t h e h ard d ri v e.

    Mo d el Max i mu m Ev en t s Max i mu m D ay s at 100 EP S

    25 1.3 * 10E8 ~ 15

    55 2.7 * 10E8 ~ 31

    110 2.4 * 10E9 ~ 270

    210 3.6 * 10E9 ~ 410


    T ab l e 3 U s eab l e s pac e

    I n t ab l e 3 w e s ee t h e t o t al d i s k s pac e f o r eac h mo d el al o n g w i t h t h e es t i mat ed av ai l ab l e s t o rag e s pac e. T h e Es t i mat ed


    U s ab l e S t o rag e S pac e c o l u mn s h o w s t h e d ed i c at ed ev en t s pac e t h at i s av ai l ab l e af t er d ed u c t i o n o f s pac e f o r o v erh ead .
    At t h i s po i n t w e n eed an es t i mat ed n u mb er o f b y es per w eek i n o rd er t o c o n t i n u e w i t h t h e s i z i n g .

    F o r t h i s ex ampl e as s u me 7 G B o f ev en t s per w eek an d t h at o u r c u s t o mer w an t s t o h av e f o u r w eek s o f o n l i n e d at a.

    G B = w eek * G B /w eek

    F o r ex ampl e, at 7 G B per w eek


    G B = 4 * 7 G B = 28 G B
    T o k eep 4 w eek s o f d at a w o u l d req u i re 28 G B

    L o o k i n g at t ab l e 3 w e c an s ee t h at a CS -MARS 20 w o u l d b e ab l e t o h an d l e t h es e s t o rag e req u i remen t s an d h av e ro o m t o


    h an d l e g ro w t h o r t h e i n c reas ed v o l u me d u e t o an at t ac k .

    O f f l i n e S t o rag e
    6 G B = 10 EP S * 1 y ear * 200 b y t es / mes s ag e * 1/10 c o mpres s i o n , t h en

    As s u mi n g 3 mo n t h s i s 1/4 o f a y ear, w e es t i mat e ab o u t 1.5 G B f o r 3 mo n t h s at 10 EP S , 0.15 G B at 1 EP S .


    W e n eed an es t i mat e o f t h e EP S . W e t y pi c al l y rec o mmen d s et t i n g u p a K i w i s y s l o g s erv er i f t h ere i s n o s y s l o g s erv er
    c u rren t l y av ai l ab l e.
    Mu l t i pl y t h e EP S t i mes 0.15 G B t o g et t h e 3 mo n t h es t i mat e.
    T h i s i s n o t a s c i en c e. T h i s i s an es t i mat e. D u ri n g an at t ac k t h e EP S may g o mu c h h i g h er. T h i s as s u mes s y s l o g
    mes s ag es o f 200 b y t es i n l en g t h an d c o mpres s ed t o 1: 10. T h i s w i l l v ary b y mes s ag e. T raf f i c i s u s u al l y n o t t h e s ame

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 6o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    t h ro u g h o u t t h e d ay o r t h e y ear. I f t h e t raf f i c o n t h e n et w o rk i n c reas es o v er t i me d u e t o g ro w t h o r t h e ad d i t i o n o f mo re


    repo rt i n g d ev i c es , t h i s es t i mat e w i l l b e l o w .

    OB TA INING E V E NTS P E R SE COND A ND B TY E S OF E V E NTS P E R W E E K

    T h e mo s t ac c u rat e w ay t o d et ermi n e t h e n u mb er o f ev en t s per s ec o n d n eed ed i s t o pu t a s y s t em l o g d aemo n l i k e t h e K i w i


    s y s l o g d aemo n i n t h e c u s t o mer’ s n et w o rk at t h e I P ad d res s w h ere t h ey pro po s e pu t t i n g t h e CS -MARS .
    T h i s pro d u c t c an b e d o w n l o ad ed f ro m h t t p: //w w w .k i w i s y s l o g .c o m/i n d ex .ph p.
    G et t h e n u mb er o f b y t es an d ev en t s f o r o n e d ay as an es t i mat e.

    E STIM A TION RUL E S OF TH UM B

    T h i s s ec t i o n i s ab o u t mak i n g g u es s es b as ed o n t h e d ev i c e.

    E s tim a tin g B y te s o f E v e n ts p e r W e e k fr o m E v e n ts p e r D a y
    As s u me t h at t h e c u s t o mer h as an es t i mat e o f t h e n u mb er o f ev en t s per d ay , b u t n o t t h e b y t es per w eek . F i rs t , w e mu s t
    es t i mat e t h e s i z e o f eac h ev en t . I f t h e ev en t s are pri mari l y f ro m ro u t ers an d f i rew al l s , t h en an es t i mat ed ev en t s i z e o f 200
    b y t es i s ab o u t ri g h t . I f t h ere are a n u mb er o f I P S /I D s d ev i c es t h en an es t i mat ed ev en t s i z e o f 500 b y t es i s pro b ab l y b et t er.
    K eep i n mi n d t h at CS -MARS w i l l s t o re u p t o 1.5 MB i n c l u d i n g an y c apt u red pac k et s .

    D ev i c e T y pe Es t i mat ed Ev en t s i z e
    F i rew al l 200 b y t es
    I P S /I D S 500 b y t es
    T ab l e 4 Es t i mat ed Ev en t S i z e

    F o r t h i s ex ampl e as s u me 200 b y t es per ev en t , 5 000 000 ev en t s per d ay , an d o n e mo n t h o f o n l i n e d at a. T h i s d at a i s


    s t ri c t l y f o r pu rpo s es o f i l l u s t rat i o n .

    B y t es /d ay = Ev en t s /d ay * 200 b y t es /Ev en t
    B y t es /w eek = B y t es /d ay * 7 d ay s /w eek

    F o r ex ampl e, 5 000 000 Ev en t s /d ay at


    B y t es /d ay = 5 000 000 * 200 = 1 G B
    T o k eep 4 w eek s o f d at a w o u l d req u i re 28 G B

    An y c o n n ec t i o n t o t h e I n t ern et i s c o n s t an t l y b ei n g t ri ed f o r w eak n es s es . T h e c u s t o mer’ s ed g e ro u t ers an d f i rew al l s w i l l t u rn


    b ac k mu c h o f t h i s pro b i n g s o t h e f art h er t h es e d ev i c es are f ro m t h e ed g e t h e f ew er ex t ran eo u s ev en t s t h ey w i l l pro d u c e.
    T h es e ev en t s t y pi c al l y res u l t i n f al s e po s i t i v es an y w ay as t h ey are d ro pped at t h e ed g e. T h ey c an b e v o l u mi n o u s . T h e
    d ev i c es i n t h e c ampu s w i l l g i v e a l o w er v o l u me o f mo re rel ev an t res u l t s . W e c an t u n e t h e MARS t o d ro p f al s e po s i t i v es
    an d t u n e t h e f i rew al l s t o red u c e pro d u c t i o n o f f al s e po s i t i v es .

    F ai l o v er f i rew al l s may b e ru n i n ac t i v e/ac t i v e o r ac t i v e/s t an d b y mo d e. Co u n t as o n e f i re i n ac t i v e/s t an d b y mo d e.

    D ev i c e Cl as s EP S Es t i mat e Es t i mat ed B y t es / T o t al b y t es per w eek


    ev en t

    W i n d o w s S erv er L i mi t ed t o 100 w h en MARS po l l s 200 Cu s t o mer s u ppl i ed


    es t i mat e

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 7o f 8
    Cisco CS-M A R S A p p l i c a t i o n N o t e

    W i n d o w s D o mai n L i mi t ed t o 100 w h en MARS po l l s 200 Cu s t o mer s u ppl i ed


    Co n t ro l l er es t i mat e

    F i rew al l 2 EP S f o r eac h c o n n ec t i o n per 200 Cu s t o mer s u ppl i ed


    s ec o n d es t i mat e

    I P S /I D S Cu s t o mer s u ppl i ed es t i mat e 500 Cu s t o mer s u ppl i ed


    es t i mat e

    Ro u t er Cu s t o mer s u ppl i ed es t i mat e 200 Cu s t o mer s u ppl i ed


    es t i mat e
    T ab l e 5 G u es s es b y D ev i c e Cl as s

    USING TH E SIZ ING CA L CUL A TOR

    Ray mo n d J et t h as h ad g o o d res u l t s u s i n g t h e o n l i n e s i z i n g c al c u l at o r b y u s i n g t h e f o l l o w i n g t h ree ru l es .

    1. U s e a s y s t em l o g s erv er t o g et t h e n u mb er o f ev en t s f o r o n e d ay . No rmal i z e t o t h e ev en t s per d ay t o ev en t s per


    s ec o n d .

    2. G i v e t h e ac t u al u s ag e o f an i n t erf ac e rat h er t h an i t s n o mi n al v al u e. F o r ex ampl e, i f a P I X 501 i s c o n n ec t ed t o a T 1


    u s e 1.54 Mb ps , rat h er t h an 10/100 Mb ps .

    3. Mo v e u p o n e mo d el f ro m t h e mo d el t h at t h e c al c u l at o r rec o mmen d s . I f t h e c al c u l at o r rec o mmen d s a CS -MARS


    100e, t h en mo v e u p t o a CS -MARS 100.

    RE F E RE NCE S

    S e cu r it y T h r e a t M it ig a t ion a n d R e sp on se : U n d e r st a n d in g Cisco S e cu r it y M A R S b y D a l e T e sch , G r e g A b e l a r

    P u b l ish e r : Cisco P r e ss P u b D a t e : S e p t e m b e r 2 8 , 2 0 0 6
    P r in t I S B N -10 : 1-58 7 0 5-2 60 -1
    P r in t I S B N -13 : 97 8 -1-58 7 0 5-2 60 -6

    S e cu r it y M on it or in g w it h Cisco S e cu r it y M A R S b y G a r y H a l l e e n , G r e g K e l l og g

    P u b l ish e r : Cisco P r e ss P u b D a t e : J u l y 6, 2 0 0 7
    P r in t I S B N -10 : 1-58 7 0 5-2 7 0 -9
    P r in t I S B N -13 : 97 8 -1-58 7 0 5-2 7 0 -5

    © 20 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d .
    Im p o r t a n t n o tic e s , p r iv a c y s t a te m e n ts , a n d tr a d e m a r k s o f C is c o S y s t e m s , I n c . c a n b e f o u n d o n c is c o .c o m .
    P a g e 8o f 8

    You might also like