Security Monitoring with Cisco Security MARS (Networking... and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Start reading Security Monitoring with Cisco Security MARS on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Security Monitoring with Cisco Security MARS [Paperback]

Gary Halleen , Greg Kellogg

List Price: CDN$ 68.00
Price: CDN$ 54.40 & FREE Shipping. Details
You Save: CDN$ 13.60 (20%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually ships within 1 to 2 months.
Ships from and sold by Amazon.ca. Gift-wrap available.

Formats

Amazon Price New from Used from
Kindle Edition CDN $32.93  
Paperback CDN $54.40  
Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.
Join Amazon Student in Canada


Book Description

July 6 2007 1587052709 978-1587052705 1

Security Monitoring with Cisco Security MARS

 

Threat mitigation system deployment

 

Gary Halleen

Greg Kellogg

 

Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening.

 

Cisco® Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlation and investigation of host and network information to provide you with actionable intelligence. This easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in a network, even if the devices are from multiple vendors.

 

Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face. Additionally, this book teaches you how to use the advanced features of the product, such as the custom parser, Network Admission Control (NAC), and global controller operations. Through the use of real-world deployment examples, this book leads you through all the steps necessary for proper design and sizing, installation and troubleshooting, forensic analysis of security events, report creation and archiving, and integration of the appliance with Cisco and third-party vulnerability assessment tools.

 

“In many modern enterprise networks, Security Information Management tools are crucial in helping to manage, analyze, and correlate a mountain of event data. Greg Kellogg and Gary Halleen have distilled an immense amount of extremely valuable knowledge in these pages. By relying on the wisdom of Kellogg and Halleen embedded in this book, you will vastly improve your MARS deployment.”

—Ed Skoudis, Vice President of Security Strategy, Predictive Systems

 

Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems as well as remote-access and routing/switching technology. Gary is a CISSP and ISSAP. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events and presents at Cisco Networkers conferences.

 

Greg Kellogg is the vice president of security solutions for Calence, LLC. He is responsible for managing the company’s overall security strategy. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Enterprise Channel organization. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). There he was responsible for developing channel partner programs and helped solution providers increase their security revenue.

 

Learn the differences between various log aggregation and correlation systems

  • Examine regulatory and industry requirements
  • Evaluate various deployment scenarios
  • Properly size your deployment
  • Protect the Cisco Security MARS appliance from attack
  • Generate reports, archive data, and implement disaster recovery plans
  • Investigate incidents when Cisco Security MARS detects an attack
  • Troubleshoot Cisco Security MARS operation
  • Integrate Cisco Security MARS with Cisco Security Manager, NAC, and third-party devices
  • Manage groups of MARS controllers with global controller operations

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Cisco Press—Security

Covers: Security Threat Mitigation

 

 


Product Details


Product Description

About the Author

Gary Halleen is a security consulting systems engineer with Cisco. He has in-depth knowledge of security systems, remote access, and routing/switching technology. Gary is a CISSP and ISSAP and has been a technical editor for Cisco Press. Before working at Cisco, he wrote web-based software, owned an Internet service provider, worked in Information Technology at a college, and taught computer science courses. His diligence was responsible for the first successful computer crimes conviction in the state of Oregon. Gary is a regular speaker at security events, and he presents at Cisco Networkers conferences. He lives in Salem, Oregon, with his wife and children.

Greg Kellogg is the vice president of security solutions for Calence, LLC, which is based out of Tempe, Arizona. He is responsible for managing the company’s overall security strategy, as well as developing new security solutions and service offerings, establishing strategic partnerships, managing strategic client engagements, and supporting business development efforts. Greg has more than 15 years of networking industry experience, including serving as a senior security business consultant for the Cisco Systems Enterprise Channel organization. While at Cisco, Greg helped organizations understand regulatory compliance, policy creation, and risk analysis to guide their security implementations. He was recognized for his commitment to service with the Cisco Technology Leader of the Year award. Additionally, Greg worked for Protego Networks, Inc. (where MARS was originally developed). While there, he was responsible for developing channel partner programs and helping solution providers increase their security revenue. Greg currently resides in Spring Branch, Texas, with his wife and four children.

 


Inside This Book (Learn More)
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.2 out of 5 stars  5 reviews
3 of 3 people found the following review helpful
4.0 out of 5 stars Overall a must for anyone working with CS-MARS product Aug. 21 2007
By Jamie Sanbower - Published on Amazon.com
Format:Paperback
This MARS book is a must have for consultants, engineers and operations staff. When I first got the book, I thought that it was going to be a replica of the first, but I was truly surprised. The authors use real life example to explain how to use the features/functionality of the MARS product. This made the book very easy to understand for different levels of knowledge and also made it easier to use these features in a production environment. My favorite chapter was the one on queries and reports. Any user of the MARS know how important a good understanding of queries and reporting and the authors make sure that you understand these topics.

I found that the authors did a great job detailing the importance and configuration of Archiving for CS-MARS. Many organizations forget to do this and suffer because of it.

Some of the other highlights that caught my eye and I thought everyone would like were:

- Chapter on Regulatory Compliance - Most books offer too many details on information that does not mean a lot to their audience, but this gives the perfect amount of information in order for you to understand the compliancy rules and how CS-MARS specifically handles them.

- How to size the MARS box for your organization

- Another chapter that caught the eye, was how to secure your MARS appliance, and why you should, with suggested IPS placement and firewall rules

- Details into how to use CS-MARS in your incident response procedure

- Integration of CSM with CS-MARS, this is where Cisco really stands out with security, being able to bring intelligence from one product into another

- The book would not of been complete without a section on the Custom Parser. There are a few examples, plus a parser for the Cisco CSC Module that you won't find anywhere else.

Overall a must for anyone working with CS-MARS product.
2 of 2 people found the following review helpful
5.0 out of 5 stars This really got me going July 20 2007
By Marcus - Published on Amazon.com
Format:Paperback
This book had all the right information I needed to get going with MARS. The way the book is organized, I was able to go from start to finish with my MARS appliance. I can now fully understand how the device works to help me protect my organization from security threats, as well as report on statistics that were essential to my management. One of the most helpful components for me was the great usage of screenshots that clearly illustrated each process being discussed.

I certainly recommend this book to anyone who is looking at security event management products, or has purchased MARS for their organization!
4.0 out of 5 stars Needed more detail Dec 2 2009
By ame4c - Published on Amazon.com
Format:Paperback|Verified Purchase
I did like this book for it's overview of CS-Mars. However, I'm in the position to need more detail and ended up taking a class, which is what I recommend if you are going to be using the product daily.
3.0 out of 5 stars Just Okay Nov. 28 2008
By Paul Stewart - Published on Amazon.com
Format:Paperback
This book is an extremely quick read which I like. Honestly, I expected a book on MARS to be more like a boat anchor and less like a paper weight. In any case, from this book, I understand the general flow of events through sessionization and the creation of incidents. However, there is no detail as to the algorithms that are used to create sessions. This leaves some mystery to the solution.

Another aspect that I thought was lacking was in the arena of topology awareness and device discovery. The book mentions that this solution is Topology Aware and how that is beneficial. However, it does not get very deep into how that is calculated and it pulls this information. Discovery is glossed over as well. For example, MARs has a global setting that is called "Valid Addresses". Does anyone know what that means? I would assume any addresses on MY network.

The book also mentions that MARs can do Vulnerability Assessments to determine the OS/Patch level of a host, but doesn't give detail as to how and when this happens.

I also felt like the book was extremely terse in explanation of connecting it to devices for collection. Granted this is a MARS book, but the fact that it is from Cisco Press, I would have expected general recommendations for connecting to an ASA, Pix, Router and Switch. None of that is there. Additionally, Netflow is barely mentioned.

This book is a good read, but only for new Mars admins. This book is well written, but its coverage is like swiss cheese. It is more like a document that was produced from an idea of what MARs was going to be during the development cycle than a guide that will lead you through implementation, and operation. As I said, I enjoyed, the book and it was a quick read. Probably not worth the list price though.
0 of 1 people found the following review helpful
5.0 out of 5 stars A must have book on Cisco's MARS Oct. 26 2007
By Jason Westlund - Published on Amazon.com
Format:Paperback
This is the best MARS book by far if you need the straight hard core information to get it done. As a CCIE I highly recommend it.

Look for similar items by category


Feedback