Identify, manage, and counter security threats with the Cisco Security Monitoring, Analysis, and Response System

Dale Tesch

Greg Abelar

While it is commonly understood that deploying network security devices is critical to the well-being of an organization’s systems and data, all too often companies assume that simply having these devices is enough to maintain the integrity of network resources. To really provide effective protection for their networks, organizations need to take the next step by closely examining network infrastructure, host, application, and security events to determine if an attack has exploited devices on their networks.

Cisco® Security Monitoring, Analysis, and Response System (Cisco Security MARS) complements network and security infrastructure investment by delivering a security command and control solution that is easy to deploy, easy to use, and cost-effective. Cisco Security MARS fortifies deployed network devices and security countermeasures, empowering you to readily identify, manage, and eliminate network attacks and maintain compliance.

Security Threat Mitigation and Response helps you understand this powerful new security paradigm that reduces your security risks and helps you comply with new data privacy standards. This book clearly presents the advantages of moving from a security reporting system to an all-inclusive security and network threat recognition and mitigation system. You will learn how Cisco Security MARS works, what the potential return on investment is for deploying Cisco Security MARS, and how to set up and configure Cisco Security MARS in your network.

“Dealing with gigantic amounts of disparate data is the next big challenge in computer security; if you’re a Cisco Security MARS user, this book is what you’ve been looking for.”

–Marcus J. Ranum, Chief of Security, Tenable Security, Inc.

Dale Tesch is a product sales specialist for the Cisco Security MARS product line for the Cisco Systems® United States AT Security team. Dale came to Cisco Systems through the acquisition of Protego Networks in February 2005. Since then, he has had the primary responsibilities of training the Cisco sales and engineering team on SIM systems and Cisco Security MARS and for providing advanced sales support to Cisco customers. 

Greg Abelar has been an employee of Cisco Systems since December 1996. He was an original member of the Cisco Technical Assistance Security team, helping to hire and train many of the team’s engineers. He has held various positions in both the Security Architecture and Security Technical Marketing Engineering teams at Cisco.

• Understand how to protect your network with a defense-in-depth strategy

• Examine real-world examples of cost savings realized by Cisco Security MARS deployments

• Evaluate the technology that underpins the Cisco Security MARS appliance

• Set up and configure Cisco Security MARS devices and customize them for your environment

• Configure Cisco Security MARS to communicate with your existing hosts, servers, network devices, security appliances, and other devices in your network

• Investigate reported threats and use predefined reports and queries to get additional information about events and devices in your network

• Use custom reports and custom queries to generate device and event information about your network and security events

• Learn firsthand from real-world customer stories how Cisco Security MARS has thwarted network attacks

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press–Security

Covers: Security Threat Mitigation

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 4 Ratings

Too Much Filler Very Little Substance - 2006-11-28
Reviewer Rating:
2/3 of this book is filler material - the 1st 3 chapters gives general overviews about STM, the Appendix is like the last 25% of the book. Absolutely zero coverage on how to implement custom parser functionality (needed if you have a device that doesn't have built-in support under MARS). Useful only as a basic starting point reference, but not worth the price tag. Indicates that another book on MARS will be produced - maybe that is why the content has been watered down.

Good for starters... - 2007-01-09
Reviewer Rating:
This book is OK if your a starter with the MARS product. I found the book to be interesting, though they could have gone into more customization and devices that are not natively supported by the MARS appliance.

On the good side, its somewhat better than the useless and incomplete pamphlet that comes with the MARS appliance.

But I think the price is a bit high for what your getting.

An irritating book if you already have an infosec background - 2008-09-13
Reviewer Rating:
We got a MARS box at my work, so I grabbed this book to get up to snuff. It was a very annoying and frustrating book. The first 1/3 of the book seemed to be semi-marketing fluff, and actually prompted me to note "hahaha" in one of the margins. In about a decade of working through technical books, and a BA in political science (which led me to read some seriously pompous material), I've NEVER DONE THAT.*

Overall I didn't find the book that helpful. If you are fairly new to infosec (I'm not condescending here, everyone was once new at everything) it might have enough new information hidden amongst the MBA-speak to keep your attention, but I found myself skimming a lot, and eventually just tossed the book aside.

On the bright side you can occasionally find useful material in it as a reference book. Since it's light on technical information for it's weight, don't count on that too much, but it's not totally useless. For example I was able to find MARS' place in our infrastructure in regards to Netflow with this book, (MARS as a collector is security-focused, and not a proper primary collector for traffic engineering, which makes complete sense), but to set it up accordingly I had to google around and eventually found a really good MARS blog.

So I'd say that if you have a MARS box, get your work to buy you this book because it will occasionally be handy, maybe shaving a few minutes off of a google session. If I was paying I would skip it.

* The line that prompted me to actually burst into laughter actually claimed that a specific set of practices surrounding the MARS box made it impenetrable. If I had the book at home right now I would quote it, so readers could recall the Oracle "unbreakable" debacle and smile.

Understanding the Cisco MARS Appliance - 2006-12-18
Reviewer Rating:
The Cisco MARS (Monitoring, Analysis, and Response System) is a network appliance that fits on your network to provide the best possible network security.

The biggest failure with MARS is that many companies plug it in, use it's standard protocols and tests and then find that their network has been compromised.

To get the most effective use out of MARS it must be actively managed. And that is the function of this book. It covers how to understand the problem, how to configure and deploy your MARS appliance as well as how the MARS works from a technical and procedural standpoint. The book is intended for professional security/network/management engineers/analysts/responders/administrators. It can be read at a level of using it to understand your system up to the actual hands-on set-up and use of the MARS appliance.

This book is, of course, heavily oriented to the Cisco security approach, however as this is one of the most common systems used in large networks this is not bad. It is a fairly introductory level book intended for use at an operational level by the individuals in charge of your sizes.

Browse Similar Topics

Top Level Categories:
Networking

Sub-Categories:
Networking > Cisco
Networking > Security