Atnaujinkite slapukų nuostatas

Security Information and Event Management (SIEM) Implementation [Minkštas viršelis]

3.76/5 (30 ratings by Goodreads)
, , , ,
  • Formatas: Paperback / softback, 464 pages, aukštis x plotis x storis: 231x185x22 mm, weight: 796 g, 50 Illustrations
  • Išleidimo metai: 16-Dec-2010
  • Leidėjas: Osborne/McGraw-Hill
  • ISBN-10: 0071701095
  • ISBN-13: 9780071701099
Kitos knygos pagal šią temą:
Security Information and Event Management (SIEM) ImplementationDidesnis paveikslėlis
  • Formatas: Paperback / softback, 464 pages, aukštis x plotis x storis: 231x185x22 mm, weight: 796 g, 50 Illustrations
  • Išleidimo metai: 16-Dec-2010
  • Leidėjas: Osborne/McGraw-Hill
  • ISBN-10: 0071701095
  • ISBN-13: 9780071701099
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780071701099.html
"Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems.You'll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource"--

Provided by publisher.



Implement SIEM to efficiently analyze and report data, respond to inside and outside threats, and follow compliance regulations

Security Information and Event Management (SIEM) Implementation shows how to take advantage of SIEM technology for real-time analysis of security alerts generated by network hardware and applications. The book explains how to implement multiple SIEM products from different vendors, and also discusses the strengths, weaknesses, and advanced tuning of these various systems.

This comprehensive guide covers everything from basic concepts and components to high-level configuration, risk and threat analysis, interpretation, and response. The separate pieces that make up a complete SIEM system are outlined, and techniques for deploying an integrated collection of discrete SIEM pieces to meet your requirements are presented. You will also learn how to extend SIEM tools to develop business intelligence solutions.

Security Information and Event Management (SIEM) Implementation

  • Includes a Smartbook—a knowledge base of real-world business use cases illustrating successfully deployed, finely-tuned SIEM systems
  • Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS
  • Is written by security, SIEM, and compliance experts
  • Includes product feature summaries and analyses and trending examples
  • Covers regulatory compliance issues and provides Incident Response solutions

All-inclusive coverage:
Introduction to Threat Intelligence For IT Systems; Business Models; Threat Models; Compliance; SIEM Concepts - Components for small and medium size businesses; The Anatomy of SIEM Systems; Incident Response; SIEM for Business Intelligence; SIEM Tools; Open Systems SIEM Implementation; Open Systems SIEM Advanced Techniques; Cisco Security-MARS Implementation; Cisco Security-MARS Advanced Techniques; Q1 Labs QRadar Implementation; Q1 Labs Advanced Techniques; ArcSight Implementation; ArcSight Advanced Techniques

Foreword xxi
Acknowledgments xxiii
Introduction xxv
Part I Introduction to SIEM: Threat Intelligence for IT Systems
1 Business Models
3(16)
What Are It Business Models?
4(1)
What You Have to Worry About
5(4)
Overview of CIA
9(1)
Government
10(4)
Military
10(2)
Three-Letter Agencies
12(1)
Social Services Infrastructure
13(1)
Commercial Entities
14(2)
Retail Services
14(1)
Manufacturing/Production
15(1)
Banking
16(1)
Universities
16(2)
How Does Your Company's Business Model Affect You?
18(1)
2 Threat Models
19(16)
The Bad Things That Could Happen
21(4)
Vulnerabilities
21(2)
Malicious Intent
23(2)
Recognizing Attacks on the IT Systems
25(8)
Scanning or Reconnaissance
26(3)
Exploits
29(1)
Entrenchment
30(1)
Phoning Home
31(1)
Control
32(1)
After That
32(1)
Summary
33(2)
3 Regulatory Compliance
35(18)
Compliance Regulations
38(3)
Sarbanes-Oxley Act (2002) - SOX
38(1)
Gramm-Leach-Bliley Act (1999) - GLBA
38(1)
Healthcared Insurance Portability and Accountability Act (1996)-HIPAA
39(1)
Payment Card Industry Data Security Standard - PCIDSS
39(1)
California Senate Bill 1386 (2003) - CA SB1386
40(1)
Federal Information Security Management Act (2002) - FISMa
40(1)
Cyber Security Act of 2009 (SB 773)
40(1)
Recommended Best Practices
41(1)
Prudent Security
42(7)
Summary
49(4)
Part II It Threat Intelligence Using SIEM Systems
4 SIEM Concepts: Components for Small and Medium-size Businesses
53(24)
The Homegrown SIEM
54(1)
Log Managment
55(8)
Syslog
56(1)
Alerts
56(1)
Flow Data
56(1)
Vulnerabililty Assessment Data
57(1)
Let the Collection Begin
57(3)
Logging Solutions
60(3)
Event Correlaton
63(4)
Event Normalization
64(1)
Correlation Rules
65(1)
Commercial SIEM for SME
65(2)
Endpoint Security
67(4)
Securing the Endpoints
67(3)
Protecting lthe Network from the Endpoints
70(1)
IT Regulatory Compliance
71(3)
Compliance Tools
73(1)
Implementation Methodology
74(1)
Tools Reference
75(1)
Summary
76(1)
5 The Anatomy of a SIEM
77(16)
Source Device
78(3)
Operating Systems
79(1)
Appliances
79(1)
Applications
79(1)
Determining Needed Logs
80(1)
Determining Needed SIEM Resources
80(2)
Log Collection
81(3)
Push Log Collection
82(1)
Push Log Collection
82(1)
Prebuilt Log Collection
83(1)
Custom Log Collection
83(1)
Mixed Environments
83(1)
Parsing.Normalization of Logs
84(2)
Rule Engine/Correlation Engine
86(4)
Correlation Engine
87(3)
Log Storage
90(1)
Database
90(1)
Flat Text File
90(1)
Binary File
91(1)
Monitoring
91(1)
Summary
92(1)
6 Incident Response
93(22)
What Is an Incident Response Program?
94(3)
Grown from ;the Security Program
94(2)
Where the IR Program Fits In
96(1)
How to Build and Incident Response Program
97(4)
The IR Team
97(2)
Useful Tools for the IR Team
99(1)
Socio/Political Aspects
100(1)
The Price Tag
100(1)
Security Incidents and a Guide to Incident Response
101(10)
A Typical Escalation Flow to Security Incident
101(1)
Finally! An Incident
102(2)
Incident Response Procedures
104(7)
Automated Response
111(3)
Automated Response---a Good Thing
112(1)
Automated Response---a Bad Thing
113(1)
Summary
114(1)
7 Using SIEM for Business Intelligence
115(24)
What Is Business Intelligence
116(3)
Business Intelligence Terminology
117(2)
Common Business Intelligence Questions
119(12)
Answers to the Common Business Intelligence Questions
119(11)
Developing Business Intelligence Strategies Using SIEM
130(1)
How to Utilize SIEM for Your BI Objectives
131(4)
Using the Data that Your Organization Currently Possesses
132(2)
What Other Companies Are Doing with SIEM and BI
134(1)
Summary
135(4)
Part III SIEM Tools
8 Alien Vault OSSIM Implementation
139(30)
Backgroundd
140(7)
Concept
140(1)
Open Source Tools
140(2)
Functionality
142(4)
Commercial Version
146(1)
Design
147(2)
Arechitecture
147(2)
Deployment Considerations
149(1)
Implementation
149(17)
Requirements
150(1)
Installation Process
151(14)
Profiles
165(1)
Modifications After Istallation
165(1)
Web Consoled
166(2)
Dashboards
166(1)
Incidents
166(1)
Analysis
167(1)
Reports
167(1)
Assets
167(1)
Monitors
167(1)
Intelligence
167(1)
Configuration
168(1)
Tools
168(1)
Summary
168(1)
9 Alien Vault OSSIM Operation
169(28)
Interface
170(15)
Dashboards
170(4)
Incidents
174(4)
Analysis
178(3)
Assets
181(1)
Intelligence
182(2)
Monitors
184(1)
Analysis of a Basic Attack
185(5)
Analysis of a Sophisticated Attack
190(5)
Summary
195(2)
10 Cisco Security: MARS Implementation
197(28)
Introduction to MARS
198(4)
Topology, Sessions, and Incidents
199(2)
Scaling a MARS Deployment
201(1)
Analyze Requirments
202(3)
Objectives
202(1)
Unique Threat Concerns
203(1)
Infrastructure Inventory
204(1)
Design
205(1)
Resources and Requirements
205(1)
Roles and Responsibilities
206(1)
Deployment
206(10)
Installing the Device and Connect to Network
206(2)
Configuring the Web Interface
208(1)
Assigning the Web Interface
208(1)
Assigning MARS User Accounts
208(1)
Adding Monitored Devices
209(3)
Integrating Flow Data
212(1)
Generating Topology
212(4)
Operation: Queries, Rules, and Reports
216(7)
Queries
217(1)
System Rules
218(2)
User Inspection Rules
220(1)
Reports
221(2)
Limitations
223(1)
Summary
223(2)
11 Cisco MARS Advanced Techniques
225(36)
Using the MARS Dashboard
226(17)
Summary Page
228(5)
Incidents Page
233(1)
Query/Reports Page
234(1)
Rules Page
235(3)
Managment Page
238(2)
Admin Page
240(3)
Adding Unsupported Devices to MARS
243(9)
Importing Device Support Packages
244(2)
Building Your Own Custom Parsers
246(6)
A Typical Day in the Life of a MARS Operator
252(7)
Limitations
259(1)
Summary
259(2)
12 Q1 Labs ORadar Implementation
261(28)
QRadar Architecture Overview
262(4)
Q1 Labs Terms to Know
266(1)
Planning
267(3)
Know Your Network
267(1)
Plan Your ORadar SIEM Deployment
268(2)
Inital Installation
270(15)
Configuring the Underlying CentOS System
270(1)
The ORadar Administrative Interface
271(14)
Getting Flow and Event Data into ORadar
285(2)
Event Sources and Data
286(1)
Flow Sources and Data
287(1)
Summary
287(2)
13 Q1 Labs QRadar Advanced Techniques
289(40)
Using the ORadar Dashboard
291(8)
ORadar Dashboard Default Views
292(1)
ORadar Views
292(3)
Custom Views
295(1)
The Equation Editor
296(3)
QRadar Sentries
299(2)
ORadar Sentry Components
300(1)
ORadar Sentry Types
300(1)
ORadar Rules
301(6)
ORadar Rules Components
302(1)
ORadar Custom Rules Wizard
303(4)
The Offense Manager
307(2)
Searching ORadar Offenses
308(1)
ORadar Tuning
309(8)
ORadar False Positive Wizard
309(2)
ORadar DSMs and Custom DSMs
311(3)
Replacing the ORadar SSL Certificates
314(3)
Stepping Through the Process
317(10)
Analyzing Events
317(10)
Summary
327(2)
14 ArcSight ESM v4.5 Implementation
329(26)
ArcSight Terminology and Concepts
330(1)
Overview of ArcSight Products
331(6)
ArcSight ESM v4.5
332(3)
ArcSight SmartConnectors
335(1)
ArcSight Express
336(1)
ArcSight Logger
336(1)
ArcSight ESM v4.5 Architecture Overview
337(3)
Planning Your Deployment
340(2)
Determine Goals
340(1)
Manage Assets
341(1)
Determine ArcSight Hardware Requrements
341(1)
Initial Installation
342(12)
Mount and Cable Servers
343(1)
Install and Configure Operating System
343(1)
Install ArcSight ESM v4.5 Database Software and Oracle Database
344(4)
Install ArcSight ESM v4.5 Manager
348(2)
Configure ArcSight Partition Archiver
350(1)
Install ArcSight SmartConnector
351(2)
Install ArcSight Console
353(1)
Summary
354(1)
15 ArcSight ESM v4.5 Advanced Techniques
355(28)
Operations: Dealing with Data
356(9)
Filters
356(1)
Rules
357(3)
Lists
360(1)
Trending
360(1)
Active Channels
361(2)
Notifications
363(1)
Cases
364(1)
Exporting Information
364(1)
Managing Assets and Networks
365(3)
The ArcSight SmartConnector
365(1)
The ArcSight Asset Model
366(1)
The ArcSight Network Modeld
367(1)
Management and Troubleshooting
368(13)
Log and Configuration Files
368(5)
Database
373(3)
System Patching and Upgrades
376(3)
Tips and Tricks
379(2)
Summary
381(2)
Appendix: The Ways and Means of the Security Analyst 383(32)
Index 415
Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored several international bestselling books on information security published by McGraw-Hill and Pearson which has sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.