Sunday, August 05, 2007

Book Review: Cisco Security MARS

Title: Security Monitoring with Cisco Security MARS
Authors: Gary Halleen and Greg Kellogg
Publisher: Cisco Press


Quote"Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face."

Top marks from me, for this book, and not just because i try to beg/borrow content for the Blog from the Authors!

You may think another MARS book, would be pretty much a duplicate of the first, with large sections devoted to setting up firewalls/switches in MARS, and stuff which is in the User Guide.

Well I was pleasantly surprised, that that is not the case with "Security Monitoring with Cisco Security MARS."

There is a great chapter on various requirements of key regulations mainly PCI, SOX, GBL and HIPAA. Plus an excellent section on Sizing your MARS appliance and Archiving. (with some python scripts to actually Query the archive).

Another chapter that caught the eye, was how to secure your MARS appliance, and why you should, with suggested firewall rules.

Other chapters include Troubleshooting Software and Devices, Integrating MARS with CSM and NAC, and a chapter on the Global Controller in a distributed environment.

The book would not of been complete without a section on the Custom Parser. There are a few examples, plus a parser for the Cisco CSC Module that you wont find anywhere else.

Overall a must for a Cisco MARS Administrator.

3 comments:

fropert said...

It seems to be a good book to hack in depth our big CS-MARS. I'll look forward to it.

Thanks !

Anonymous said...

Hi,I'm CISCO employee from CHINA,how can i get this book hard copy or e-reading free?

Hoytj said...

Uhh.. If you're a Cisco employee from CHINA then I'm the Easter bunny.