Rating:
(5 reviews)
Author: David R. Miller
ISBN : 0071701095
New from $24.46
Format: PDF
Posts about Download The Book Free Security Information and Event Management (SIEM) Implementation (Network Pro Library) [Paperback] from 4shared, mediafire, hotfile, and mirror link
Implement a robust SIEM system
Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.
- Assess your organization’s business models, threat models, and regulatory compliance requirements
- Determine the necessary SIEM components for small- and medium-size businesses
- Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
- Develop an effective incident response program
- Use the inherent capabilities of your SIEM system for business intelligence
- Develop filters and correlated event rules to reduce false-positive alerts
- Implement AlienVault’s Open Source Security Information Management (OSSIM)
- Deploy the Cisco Monitoring Analysis and Response System (MARS)
- Configure and use the Q1 Labs QRadar SIEM system
- Implement ArcSight Enterprise Security Management (ESM) v4.5
- Develop your SIEM security analyst skills
Direct download links available for Free Security Information and Event Management Implementation
- Series: Network Pro Library
- Paperback: 464 pages
- Publisher: McGraw-Hill Osborne Media; 1 edition (October 25, 2010)
- Language: English
- ISBN-10: 0071701095
- ISBN-13: 978-0071701099
- Product Dimensions: 1.1 x 7.2 x 8.9 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
Free Security Information and Event Management Implementation
I was looking forward to reading this book for a few months - pretty much since the time I've heard that it is being written. Obviously, I has very excited when it arrived in my mailbox. Now have done reading it, I can say it left a mixed impression. Mostly positive -but still mixed. I definitely enjoyed reading it, despite (or maybe due to) the fact that I've been involved with SIEM for nearly 10 years.
Let me first go through other chapters and then give my overall impression. The book is organized in three big parts: "introduction to SIEM: threat intelligence for IT systems", "IT threat intelligence using SIEM systems " and "SIEM tools."
Chapter 1 covers security basics with minimum connections to SIEM. It might have that over-simplified refresher of what information security is about.
Chapter 2 can be summarized using the quote from the chapter itself: "the bad things that could happen." It contains another refresher on attacks, somewhat jumbled and somewhat dated. We're not really touching SIEM yet at this point.
Chapter 3 has an author view of regulatory compliance: the usual suspects I have mentioned - PCI DSS, HIPAA, FISMA, SB1386, SOX, GLBA, etc. HIPAA is not misspelled which counts as good news.
Chapter 4 has a bizarre name: "SIEM concepts: components for small and medium-sized businesses." It contains an overview of SIEM with little focus on SMB. It is mildly confusing (for example, it calls LogRhythm "a commercial syslog server"). It contains a few outright mistakes as well (like a mention of one log management vendor whose application reportedly covers "all 228 PCI controls"). The chapter tries to talk about everything (yes, even GRC) and makes a very weak impression.
Chapter 5 looks like a twin of the previous chapter.
In short - if you have been "doing" SIEM for any length of time you won't get a whole lot out of this book. Conversely if you are starting to venture down the SIEM path it would probably be worth picking up.
I first read about this book on Dr. Anton Chuvakin's blog. Even though his review was less than stellar, he did give it 4 stars. Similarly although the book's title includes "implementation" and I have been using ArcSight for a little over two years now so I figured I would give it a shot. I was hopeful...and ended up sort of disappointed. Don't get me wrong; I appreciate the time and effort the authors put into the book. There really isn't a whole lot of SIEM type information "out there" which is one of the main reasons I started my own SIEM-esque blog. I think this book has the most value if you haven't bought a SIEM yet through 3 or 4 months into your SIEM deployment as a way to level set the conversation (though the first part of the book is very basic).
Because of my background I started with the chapters on ArcSight. I was pretty disappointed when it quickly went into screenshots on actually installing the software. The other product chapters are a bit better but have similar issues. These chapters should have been pulled out of the book with the exception that each had a nugget or two that either didn't show up in other places in the book or showed up in all. You don't need to have each product chapter talk about the need to have project requirements/goals/expectations. In the Cisco MARS section (yes I even skimmed that chapter) there was actually a good little blerb on the difference between SIEM and an IDS. Why tuck it away?