Security Monitoring with Cisco Security MARS

Security Monitoring with Cisco Security MARS

4 (5 ratings by Goodreads)
By (author)  , By (author) 

List price: US$64.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Security Monitoring with Cisco Security MARS Threat mitigation system deployment Gary HalleenGreg Kellogg Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening. Cisco (R) Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors. Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools. "In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment."-Ed Skoudis, Vice President of Security Strategy, Predictive Systems Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events and presents at Cisco Networkers conferences. Greg Kellogg is the vice president of security solutions for Calence, LLC. He is responsible for managing the company's overall security strategy. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Enterprise Channel organization. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). There he was responsible for developing channel partner programs and helped solution providers increase their security revenue. Learn the differences between various log aggregation and correlation systemsExamine regulatory and industry requirements Evaluate various deployment scenarios Properly size your deployment Protect the Cisco Security MARS appliance from attack Generate reports, archive data, and implement disaster recovery plans Investigate incidents when Cisco Security MARS detects an attack Troubleshoot Cisco Security MARS operation Integrate Cisco Security MARS with Cisco Security Manager, NAC, and third-party devices Manage groups of MARS controllers with global controller operations This security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-SecurityCovers: Security Threat Mitigationshow more

Product details

  • Paperback | 336 pages
  • 195.58 x 231.14 x 22.86mm | 566.99g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052709
  • 9781587052705

Back cover copy

"Security Monitoring with Cisco Security MARS" Threat mitigation system deployment Gary Halleen Greg Kellogg Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening. Cisco(R) Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors. "Security Monitoring with Cisco Security MARS" helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools. "In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment." -Ed Skoudis, Vice President of Security Strategy, Predictive Systems Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events and presents at Cisco Networkers conferences. Greg Kellogg is the vice president of security solutions for Calence, LLC. He is responsible for managing the company's overall security strategy. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Enterprise Channel organization. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). There he was responsible for developing channel partner programs and helped solution providers increase their security revenue. Learn the differences between various log aggregation and correlation systems Examine regulatory and industry requirements Evaluate various deployment scenarios Properly size your deployment Protect the Cisco Security MARS appliance from attack Generate reports, archive data, and implement disaster recovery plans Investigate incidents when Cisco Security MARS detects an attack Troubleshoot Cisco Security MARS operation Integrate Cisco Security MARS with Cisco Security Manager, NAC, and third-party devices Manage groups of MARS controllers with global controller operations This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-Security Covers: Security Threat Mitigationshow more

About Gary Halleen

Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems, remote access, and routing/switching technology. Gary is a CISSP and ISSAP and has been a technical editor for Cisco Press. Before working at Cisco, he wrote web-based software, owned an Internet service provider, worked in Information Technology at a college, and taught computer science courses. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events, and he presents at Cisco Networkers conferences. He lives in Salem, Oregon, with his wife and children.Greg Kellogg is the vice president of security solutions for Calence, LLC, which is based out of Tempe, Arizona. He is responsible for managing the company's overall security strategy, as well as developing new security solutions and service offerings, establishing strategic partnerships, managing strategic client engagements, and supporting business development efforts. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Systems Enterprise Channel organization. While at Cisco, Greg helped organizations understand regulatory compliance, policy creation, and risk analysis to guide their security implementations. He was recognized for his commitment to service with the Cisco Technology Leader of the Year award. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). While there, he was responsible for developing channel partner programs and helping solution providers increase their security revenue. Greg currently resides in Spring Branch, Texas, with his wife and four children.show more

Table of contents

Foreword IntroductionPart I Introduction to CS-MARS and Security Threat MitigationChapter 1 Introducing CS-MARSIntroduction to Security Information Management The Role of a SIM in Today's Network Common Features for SIM Products Desirable Features for SIM ProductsChallenges in Security Monitoring Types of Events MessagesUnderstanding CS-MARS Security Threat Mitigation System Topology and Visualization Robust Reporting and Rules Engine Alerts and Mitigation Description of TerminologyCS-MARS User Interface Dashboard Network Status My ReportsSummaryChapter 2 Regulatory Challenges in DepthHealth Insurance Portability and Accountability Act of 1996 (HIPAA) Who Is Affected by HIPAA? What Are the Penalties for Noncompliance? HIPAA Security Rule HIPAA Security Rule and Security Monitoring Gramm-Leach-Bliley Act of 1999 (GLB Act) Who Is Affected by the GLB Act? What Are the Penalties for Noncompliance with GLB? The GLB Act Safeguards Rule The GLB Safeguards Rule and Security Monitoring The Sarbanes-Oxley Act of 2002 (SOX) Who Is Affected by Sarbanes-Oxley? What Are the Penalties for Noncompliance with Sarbanes-Oxley? Sarbanes-Oxley Internal Controls Payment Card Industry Data Security Standard (PCI-DSS) Who Is Affected by the PCI Data Security Standard? What Are the Penalties for Noncompliance with PCI-DSS? The PCI Data Security Standard Compliance Validation Requirements Summary Chapter 3 CS-MARS Deployment ScenariosDeployment Types Local and Standalone Controllers Global Controllers Sizing a CS-MARS Deployment Special Considerations for Cisco IPSs Determining Your Events per Second Determining Your Storage Requirements Considerations for Reporting Performance Considerations for Future Growth and Flood Conditions Planning for Topology Awareness CS-MARS Sizing Case Studies Retail Chain Example State Government Example Healthcare Example Summary Part II CS-MARS Operations and ForensicsChapter 4 Securing CS-MARSPhysical Security Inherent Security of MARS Appliances Security Management Network MARS Communications Requirements Network Security Recommendations Ingress Firewall Rules Egress Firewall Rules Network-Based IDS and IPS Issues Summary Chapter 5 Rules, Reports, and QueriesBuilt-In Reports Understanding the Reporting Interface Reporting Methods The Query Interface Creating an On-Demand Report Batch Reports and the Report Wizard Creating a Rule About Rules Creating the Rule Creating Drop Rules About Drop Rules Creating the Drop Rule Summary Chapter 6 Incident Investigation and ForensicsIncident Handling and Forensic Techniques Initial Incident Investigation Viewing Incident Details Finishing Your Investigation False-Positive Tuning Deciding Where to Tune Tuning False Positives in MARS Summary Chapter 7 Archiving and Disaster RecoveryUnderstanding CS-MARS Archiving Planning and Selecting the Archive Server Configuring the Archiving Server Configuring CS-MARS for Archiving Using the Archives Restoring from Archive Restoring to a Reporting Appliance Direct Access of Archived Events Retrieving Raw Events from Archive Summary Part III CS-MARS Advanced TopicsChapter 8 Integration with Cisco Security ManagerConfiguring CS-Manager to Support CS-MARS Configuring CS-MARS to Integrate with CS-Manager Using CS-Manager Within CS-MARS Summary Chapter 9 Troubleshooting CS-MARSBe Prepared Troubleshooting MARS Hardware Beeping Noises Degraded RAID Array Troubleshooting Software and Devices Unknown Reporting Device IP Check Point or Other Logs Are Incorrectly Parsed New Monitored Device Logs Still Not Parsed How Much Storage Is Being Used, and How Long Will It Last? E-Mail Notifications Sent to Admin Group Never Arrive MARS Is Not Receiving Events from Devices Summary Chapter 10 Network Admission ControlTypes of Cisco NAC NAC Framework Host Conditions Understanding NAC Framework Communications Configuration of CS-MARS for NAC Framework Reporting Information Available on CS-MARS Summary Chapter 11 CS-MARS Custom ParserGetting Messages to CS-MARS Determining What to Parse Adding the Device or Application Type Adding Log Templates First Log Template Second and Third Log Templates Fourth and Fifth Log Templates Additional Messages Adding Monitored Device or Software Queries, Reports, and Rules Queries Reports Rules Custom Parser for Cisco CSC Module Summary Chapter 12 CS-MARS Global ControllerUnderstanding the Global Controller Zones Installing the Global Controller Enabling Communications Between Controllers Troubleshooting Using the Global Controller Interface Logging In to the Controller Dashboard Drilling Down into an Incident Query/Reports Local Versus Global Rules Security and Monitor Devices Custom Parser Software Upgrades Global Controller Recovery Summary Part IV AppendixesAppendix A Querying the ArchiveAppendix B CS-MARS Command ReferenceAppendix C Useful WebsitesIndex 1587052709 TOC 6/11/2007show more

Rating details

5 ratings
4 out of 5 stars
5 40% (2)
4 20% (1)
3 40% (2)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X