E-Book Overview
The authors cover all aspects of security monitoring within real world environments and provide some very sound strategies that can be realistically and successfully implemented. All of the relevant technologies are covered in detail, with no favoritism displayed towards any vendor. In most cases products when mentioned are either open source or something that you may already own, such as NetFlow. This truly is one of the best books available on the topic and is a must read!
E-Book Content
Security Monitoring, 1st Edition by Chris Fry; Martin Nystrom Publisher: O'Reilly Media, Inc. Pub Date: February 24, 2009 Print ISBN-13: 978-0-596-51816-5 Pages: 256 Overview How well does your enterprise stand up against today's sophisticated security threats? With this book, security experts from Cisco Systems demonstrate how you can detect damaging security incidents on your global network first by discovering which assets you need to monitor closely, then by helping you develop targeted strategies and pragmatic techniques to identify security incidents. Security Monitoring offers six steps to improve network monitoring, based on the authors' years of experience conducting incident response to keep Cisco's global network secure. These steps will guide you through the following: Develop Policies: define the rules, regulations, and criteria against which to monitor Know Your Network: build knowledge of your infrastructure with network telemetry Select Your Targets: define the subset of infrastructure where you'll focus monitoring Choose Event Sources: identify the event types needed to discover policy violations Feed and Tune: collect data and generate alerts, tuning systems using context Maintain Dependable Event Sources: prevent critical gaps in your event collection and monitoring To help you understand this framework, Security Monitoring illustrates its recommendati