There is a new
MARS book going to hitting the shelves, around April time.
Security Monitoring With Cisco Security Mars, is by Gary Halleen and Greg Kellogg.
I managed to get in contact with one of the authors
Greg Kellogg , to find out what this new book will offer Cisco MARS users.
A description of the book, in Greg`s own words "This book is intended to be a medium-to-advanced level reference. Customers will use it to plan a MARS deployment, and then learn the installation tasks and day-to-day tasks an analyst can expect to face. Additionally, Security Monitoring with CS-MARS will teach the analyst how to use the advanced features of the product, such as the custom parser and hierarchical deployment models.
Security Monitoring with CS-MARS will use a series of real-world case studies to lead the reader through all steps of these very important tasks:
• Proper deployment design and sizing.
• Understanding of what information can be gained from monitoring various types of security devices, as well as network session data through netflow.
• Basic installation and troubleshooting of the appliances.
• Forensic analysis of security incidents.
• Tuning of the appliances, as well as how to plan for automated tuning.
• Large-scale deployments using a Global Controller.
• Modification and creation of reports, queries, and rules.
• Updating of MARS software and rulesets.
• Integration of MARS with Cisco’s Security Manager software.
• Using MARS to report on Cisco’s Network Admission Control.
• Integration of third-party vulnerability assessment tools.
Part One of the book introduces the reader to SIM products, and then describes STM and MARS, as well as some of the issues a customer faces in a multi-vendor environment. A summarized description of some of the most common regulatory issues a customer faces will follow.
Part Two of the book will focus on design and deployment issues. It will answer common questions, like “How do I know how many of which appliances I need?” It also explains, at a high level, how to install MARS.
Part Three will focus on operations and security forensics. Day-to-day tasks of the security analyst will take the bulk of this portion of the book. “How do I properly investigate a security incident?”
Part Four will dive into advanced topics. Using real-world examples, the reader will learn how to make best use of the custom parser, customer rules, as well as reports and queries. Additionally, Part Four describes in detail how CS-MARS is used in other technologies, like Network Admission Control and Distributed Threat Mitigation. "
Well i must thank Greg for that, i`m sure we`ll all look forward to reading this book on its release.
For our readers a bit about Greg Kellogg, ex-Cisco/Protego, now works for
Calence , a 500 people company spanning 22 Markets, Headquartered in Tempe, Arizona.
Calence is a
Cisco Gold Partner, specialized in IP Communications, Security (including MARS), Wireless and Advanced Technology Provider for IP Contact Centers, Rich Media Communications and Optical-Metro.