Networking Technology: Security: Security Monitoring with Cisco Security MARS
- 316 pages
- 12 hours of reading
Networks and hosts face hundreds or thousands of probing attempts daily, alongside numerous automated attacks from worms and viruses. The overwhelming volume of log messages generated by these threats complicates effective investigation, especially when analysts must navigate multiple monitoring tools. The Cisco® Security Monitoring, Analysis, and Response System (MARS) addresses this challenge as a next-generation Security Threat Mitigation system (STM). By receiving raw network and security data, MARS correlates and investigates host and network information, delivering actionable intelligence. This user-friendly family of threat mitigation appliances centralizes detection, mitigation, and reporting on priority threats, leveraging existing network and security devices, even from multiple vendors. The book guides you through planning a MARS deployment, covering installation and administration tasks. It also explores advanced features like custom parsers, Network Admission Control (NAC), and global controller operations. Real-world deployment examples illustrate essential steps for design, sizing, installation, troubleshooting, forensic analysis of security events, report creation, and integration with Cisco and third-party vulnerability assessment tools. With insights from experienced professionals, this resource enhances your understanding and effectiveness in deploying MARS, ensuring you can manage and analyze the vast amou
