Security Threat Mitigation and Response

Security Threat Mitigation and Response : Understanding Cisco Security Mars

5 (1 rating by Goodreads)
By (author)  , By (author) 

List price: US$63.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Identify, manage, and counter security threats with the Cisco Security Monitoring, Analysis, and Response System Dale Tesch Greg Abelar While it is commonly understood that deploying network security devices is critical to the well-being of an organization's systems and data, all too often companies assume that simply having these devices is enough to maintain the integrity of network resources. To really provide effective protection for their networks, organizations need to take the next step by closely examining network infrastructure, host, application, and security events to determine if an attack has exploited devices on their networks. Cisco(R) Security Monitoring, Analysis, and Response System (Cisco Security MARS) complements network and security infrastructure investment by delivering a security command and control solution that is easy to deploy, easy to use, and cost-effective. Cisco Security MARS fortifies deployed network devices and security countermeasures, empowering you to readily identify, manage, and eliminate network attacks and maintain compliance. Security Threat Mitigation and Response helps you understand this powerful new security paradigm that reduces your security risks and helps you comply with new data privacy standards. This book clearly presents the advantages of moving from a security reporting system to an all-inclusive security and network threat recognition and mitigation system. You will learn how Cisco Security MARS works, what the potential return on investment is for deploying Cisco Security MARS, and how to set up and configure Cisco Security MARS in your network. "Dealing with gigantic amounts of disparate data is the next big challenge in computer security; if you're a Cisco Security MARS user, this book is what you've been looking for." -Marcus J. Ranum, Chief of Security, Tenable Security, Inc. Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems(R) United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers. Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team's engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco. * Understand how to protect your network with a defense-in-depth strategy * Examine real-world examples of cost savings realized by Cisco Security MARS deployments * Evaluate the technology that underpins the Cisco Security MARS appliance * Set up and configure Cisco Security MARS devices and customize them for your environment * Configure Cisco Security MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network * Investigate reported threats and use predefined reports and queries to get additional information about events and devices in your network * Use custom reports and custom queries to generate device and event information about your network and security events * Learn firsthand from real-world customer stories how Cisco Security MARS has thwarted network attacks This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-Security Covers: Security Threat Mitigationshow more

Product details

  • Paperback | 408 pages
  • 185.4 x 231.1 x 27.9mm | 680.4g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587052601
  • 9781587052606

Back cover copy

Identify, manage, and counter security threats with the Cisco Security Monitoring, Analysis, and Response System Dale TeschGreg Abelar While it is commonly understood that deploying network security devices is critical to the well-being of an organization's systems and data, all too often companies assume that simply having these devices is enough to maintain the integrity of network resources. To really provide effective protection for their networks, organizations need to take the next step by closely examining network infrastructure, host, application, and security events to determine if an attack has exploited devices on their networks. Cisco(R) Security Monitoring, Analysis, and Response System (Cisco Security MARS) complements network and security infrastructure investment by delivering a security command and control solution that is easy to deploy, easy to use, and cost-effective. Cisco Security MARS fortifies deployed network devices and security countermeasures, empowering you to readily identify, manage, and eliminate network attacks and maintain compliance. Security Threat Mitigation and Response helps you understand this powerful new security paradigm that reduces your security risks and helps you comply with new data privacy standards. This book clearly presents the advantages of moving from a security reporting system to an all-inclusive security and network threat recognition and mitigation system. You will learn how Cisco Security MARS works, what the potential return on investment is for deploying Cisco Security MARS, and how to set up and configure Cisco Security MARS in your network. "Dealing with gigantic amounts of disparate data is the next big challenge in computer security; if you're a Cisco Security MARS user, this book is what you've been looking for."-Marcus J. Ranum, Chief of Security, Tenable Security, Inc. Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems(R) United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers. Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team's engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco. Understand how to protect your network with a defense-in-depth strategy Examine real-world examples of cost savings realized by Cisco Security MARS deployments Evaluate the technology that underpins the Cisco Security MARS appliance Set up and configure Cisco Security MARS devices and customize them for your environment Configure Cisco Security MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network Investigate reported threats and use predefined reports and queries to get additional information about events and devices in your network Use custom reports and custom queries to generate device and event information about your network and security events Learn firsthand from real-world customer stories how Cisco Security MARS has thwarted network attacks This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-SecurityCovers: Security Threat Mitigationshow more

About Dale Tesch

Greg Abelar has been an employee of Cisco Systems, Inc., since December 1996. He was an original member of the Cisco Technical Assistance Security Team, helping to hire and train many of the engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco. Greg is the primary founder and project manager of Cisco's Written CCIE Security exam. Before his employment at Cisco, Greg worked at Apple Computer, Inc., for eight years as a TCP/IP, IPX, and AppleTalk cross-platform escalation engineer. At Apple, he also served as a project leader in the technical platform deployment for the Apple worldwide network. From 1991 to 1996, Greg worked as both a systems programmer and an IT manager for Plantronics, Inc. From 1985 to 1991, Greg was employed by the County Bank of Santa Cruz, where he worked as an applications programmer. This book is Greg's second authorship of a technical publication; the first was a very successful and uniquely presented publication, also from Cisco Press, titled Securing Your Business with Cisco ASA and PIX Firewalls (2005). Besides authoring Cisco Press publications, he was a co-author of Version 2 of the premier Internet security architecture whitepaper, "SAFE: A Security Blueprint for Enterprise and Networks." His credentials also include technical editing of five security publications by Cisco Press. Greg lives with his wife, Ellen, and three children, Jesse, Ethan, and Ryan, in Aptos, California. Visit Greg's blog at http://security1a.blogspot.com/. Dale Tesch is a product sales specialist for the CS-MARS product line for Cisco Systems' US AT Security Team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005 and has held the primary responsibilities of training Cisco's Sales and Engineering team on SIMS and CS-MARS and providing advanced sales support to Cisco customers. While at Protego Networks, he was responsible for sales and engineering in parts of the United States, Canada, and Europe. Before Protego Networks, he was an AT security engineer for Cisco Systems' U.S. Channels Organization. Dale was the founding team leader of the U.S. Channels Security Technical Advisory Team and came to Cisco originally in 2000. Before Cisco, he was the senior systems engineer at Vitts Networks, a New England-based DSL provider. Previously, Dale spent ten years in the U.S. Navy Submarine Force and is a veteran of Desert Storm. He lives in Madbury, New Hampshire, with his fiancee, Janet, and their six children, Scott, Alex, Isabella, Douglas, Andrew, and Kristyn. Dale has published several articles on SIMs, security policy, and wireless security and has been a technical editor for Cisco Press. Dale also speaks as an industry expert and trainer for various technical seminars. He holds CCNP and CISSP certifications and is a graduate of Southern New Hampshire University.show more

Table of contents

Foreword Introduction Part I The Security Threat Identification and Response Challenge Chapter 1 Understanding SIM and STM Understanding Security Information Management Legacy Threat Response Understanding Security Information Management Meeting the Needs of Industry Regulations Understanding the Unified Security Platform Introduction to Security Threat Mitigation Leveraging Your Existing Environment Summary Chapter 2 Role of CS-MARS in Your Network The Self-Defending Network and the Expanding Role of CS-MARS Understanding the Self-Defending Network Enhancing the Self-Defending Network CS-MARS: Filling the Gaps in the Self-Defending Network CS-MARS as an STM Solution Reasons for an STM Day-Zero Attacks, Viruses, and Worms Monitoring and Enforcing Security Policy Insight, Integration, and Control of Your Network Auditing Controls Monitoring Access Control Using CS-MARS to Justify Security Investment The STM Deployment Summary Chapter 3 Deriving TCO and ROI Fact, FUD, and Fiction FUD vs. Reality Real Threats to Enterprises Attack Impact Tangible Costs Intangible Costs Emerging Threats Impact of Attacks and Probability of Reoccurrence Total Cost of Ownership Using CS-MARS to Ensure ROI and Protect Your Assets Cost of Recovery Without CS-MARS Cost of Recovery Using CS-MARS Summary Part II CS-MARS Theory and Configuration Chapter 4 CS-MARS Technologies and Theory Technical Introduction to the CS-MARS Appliance CS-MARS at a Glance CS-MARS Product Portfolio and Hardware Specifications CS-MARS Terminology CS-MARS Technologies Database Storage and Utilization CS-MARS Database Structure CS-MARS Data Archiving Network Topology Used for Forensic Analysis CS-MARS Topology Information Understanding Attack Diagrams and Attack Vectors CS-MARS Network Discovery NetFlow in CS-MARS Understanding NetFlow Using NetFlow in CS-MARS Conducting Behavioral Profiling Using CS-MARS Positive Alert Verification and Dynamic Vulnerability Scanning Understanding False Positives Understanding Vulnerability Analysis Methodology of Communication Communication Methods Use of Agents Incident Reporting and Notification Methods Summary Chapter 5 CS-MARS Appliance Setup and Configuration Deploying CS-MARS in Your Network Network Placement CS-MARS Security Hardening CS-MARS Initial Setup and Quick Install Complete the Initial CS-MARS Configuration Enter System Parameters Using the CS-MARS Web Interface CS-MARS Reporting Device Setup Adding Devices Creating Users and Groups Configuring NetFlow and Vulnerability Scanning Configuring CS-MARS System Maintenance Configuring System Parameters Summary Chapter 6 Reporting and Mitigative Device Configuration Identifying CS-MARS-Supported Devices Types of Devices and the Information They Provide The Difference Between Reporting and Mitigation Devices Table of CS-MARS-Supported Devices Configuring Devices to Communicate with CS-MARS Configuring Routers Configuring Switches Configuring Firewalls Enabling IDS and IPS in a CS-MARS Environment Operating Systems and Web Servers Configure VPN 3000 Configure VPN 3000 Series Concentrators to Communicate with CS-MARS Add VPN 3000 Series Concentrators to the CS-MARS Device Database Antivirus Hosts and Servers Database Servers Oracle Summary Part III CS-MARS Operation Chapter 7 CS-MARS Basic Operation Using the Summary Dashboard, Network Status Graphs, and My Reports Tab Reading Incidents and Viewing Path Information Using the HotSpot Graph and Attack Diagram Interpreting Events and NetFlow Graphs and False Positive Graphs Understanding Data on the Information Summary Column Interpreting the X, Y Axis Graphs Using the Network Status Tab Using My Reports Using the Incidents Page Using the Incidents Page Using the Incident ID to View Data Simple Queries Setting the Query Type Instant Queries On-Demand Queries and Manual Queries Summary Chapter 8 Advanced Operation and Security Analysis Creating Reports Report Formats Using Predefined Reports Creating Custom Reports Methods of Report Delivery Creating Rules The Two Types of Rules Active vs. Inactive Rules Creating Custom System Inspection Rules Using the Query Tool to Create a Rule Complex and Behavioral Rule Creation Summary Part IV CS-MARS in Action Chapter 9 CS-MARS Uncovered State Government Detection Action Resolution Large University Detection Action Resolution Hospital Detection Action Resolution Enterprise Financial Company Detection Action Resolution Small Business Detection Action Resolution Summary Part VAppendixes Appendix A Useful Security Websites Security Links and Descriptions General Security Governmental Security Controls and Information Tools and Testing Cisco Security Sites Appendix B CS-MARS Quick Data Sheets Quick Hardware and Protocol Specifications for CS-MARS CS-MARS Technology Facts NetFlow Platform Guide NetFlow Performance Information NetFlow Memory Allocation Information V4.1 Product Support List Appendix C CS-MARS Supplements CS-MARS Evaluation Worksheet Security Threat Mitigation Technical Evaluation Worksheet Sample Seed File ISS Configuration Scripts ISS Network Sensor ISS Server Sensor IOS and CATOS NetFlow Quick Configuration Guide Configuring NetFlow Export on a Cisco IOS Device Configuring NetFlow on a Cisco CATOS Switch Appendix D Command-Line Interface Complete Command Summary CS-MARS Maintenance Commands Appendix E CS-MARS Reporting CS-MARS V4.1 Reports Appendix F CS-MARS Console Access Using Serial Console Access Appendix G CS-MARS Check Point Configuration Configuring Check Point NG FP3/AI and CS-MARS Check Point-Side Configuration CS-MARS Configuration Modifying the Communications to the SmartDashboard/CMA Known Open and Closed Issues Configuring Check Point Provider-1 R60 Indexshow more

Rating details

1 ratings
5 out of 5 stars
5 100% (1)
4 0% (0)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X