Authors: Gary Halleen and Greg Kellogg
Format: Paperback, 336
Publisher: Cisco Press; 1st edition (July 6, 2007)
ISBN-10: 1587052709
ISBN-13: 978-1587052705
Review by James Pyles
October 11, 2007
Cisco's MARS (Monitoring, Analysis, and Response System) is a hot topic just now. This book's back cover touts it as the
"next-generation Security Threat Migration system (STM)" and further states,
"easy-to-use family of threat mitigation appliances enables you to centralize, detect, mitigate, and report on priority threats by leveraging the network and security devices already deployed in the network, even if the devices are from multiple vendors". That's a tall order, but Cisco Press would have to be out of its collective mind to publish something and not be able to deliver...wouldn't it?
The real problem with many books like this one is that while the text tells you how to install, configure, and deploy the tool in question, it doesn't really explain how to apply it to a thousand different real-world scenarios that you'll actually face in real life. Few if any "out-of-the-box" solutions adapt perfectly to a production environment, so even if Halleen and Kellogg write the perfect MARS book generically, will it still help you to use MARS on your "real-to-life" network?
Turns out that's the goal of the book and the authors have the credentials to back it up. Halleen is a Cisco security consultant and Kellogg is a VP for a security solutions company. If anyone should be able to turn out a good print product about MARS, it should be them. That fits right in to the target audience for the book which is just about anyone who has the titles
"information security analyst, security officer," or anyone else who manages firewalls, IPS or IDS systems, and so on.
As it turns out, this book delivers as promised. The authors leverage their own real-life experiences in the field and apply it to the use of MARS on actual networks. They also write in an easy-to-understand and straightforward manner. Although the security expert is the reader of choice here, you don't have to possess much (if any) direct experience using MARS. This book outlines how to get started in deploying MARS from beginning to end.
Not only does the product deliver but the book does as well. The text describes the basics of setting up MARS and provides enough details to where you can easily adapt it to how your network is configured. On top of that, you will be enabled to protect your infrastructure from intrusion including queries and reports so that you'll have the information you need at your fingertips. You won't have to analyze an intrusion after the fact. MARS provides you with real-time information so you can stop trouble before it starts. This book tells you how to use MARS to your best benefit. If you are responsible for network security and you aren't using MARS, buy this book today. It'll make a difference.
11-Oct-2007, 03:46 PM
Similar Threads
Linear Mode
