Authors: Gary Halleen and Greg Kellogg
Publisher: Cisco Press
Quote"Security Monitoring with Cisco Security MARS helps you plan a MARS deployment and learn the installation and administration tasks you can expect to face."
Top marks from me, for this book, and not just because i try to beg/borrow content for the Blog from the Authors!
You may think another MARS book, would be pretty much a duplicate of the first, with large sections devoted to setting up firewalls/switches in MARS, and stuff which is in the User Guide.
Well I was pleasantly surprised, that that is not the case with "Security Monitoring with Cisco Security MARS."
There is a great chapter on various requirements of key regulations mainly PCI, SOX, GBL and HIPAA. Plus an excellent section on Sizing your MARS appliance and Archiving. (with some python scripts to actually Query the archive).
Another chapter that caught the eye, was how to secure your MARS appliance, and why you should, with suggested firewall rules.
Other chapters include Troubleshooting Software and Devices, Integrating MARS with CSM and NAC, and a chapter on the Global Controller in a distributed environment.
The book would not of been complete without a section on the Custom Parser. There are a few examples, plus a parser for the Cisco CSC Module that you wont find anywhere else.
Overall a must for a Cisco MARS Administrator.
You may think another MARS book, would be pretty much a duplicate of the first, with large sections devoted to setting up firewalls/switches in MARS, and stuff which is in the User Guide.
Well I was pleasantly surprised, that that is not the case with "Security Monitoring with Cisco Security MARS."
There is a great chapter on various requirements of key regulations mainly PCI, SOX, GBL and HIPAA. Plus an excellent section on Sizing your MARS appliance and Archiving. (with some python scripts to actually Query the archive).
Another chapter that caught the eye, was how to secure your MARS appliance, and why you should, with suggested firewall rules.
Other chapters include Troubleshooting Software and Devices, Integrating MARS with CSM and NAC, and a chapter on the Global Controller in a distributed environment.
The book would not of been complete without a section on the Custom Parser. There are a few examples, plus a parser for the Cisco CSC Module that you wont find anywhere else.
Overall a must for a Cisco MARS Administrator.
Posts
3 comments:
It seems to be a good book to hack in depth our big CS-MARS. I'll look forward to it.
Thanks !
Hi,I'm CISCO employee from CHINA,how can i get this book hard copy or e-reading free?
Uhh.. If you're a Cisco employee from CHINA then I'm the Easter bunny.
Post a Comment