Envoyer sur votre Kindle ou un autre appareil


Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Security Information and Event Management (SIEM) Implementation
Agrandissez cette image

Security Information and Event Management (SIEM) Implementation [Format Kindle]

David Miller , Shon Harris , Allen Harper , Stephen VanDyke , Chris Blask

Prix éditeur - format imprimé : EUR 53,18
Prix Kindle : EUR 37,14 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 16,04 (30%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.


Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 37,14  
Broché EUR 53,05  

Le Pack de Noël: téléchargez gratuitement plus de 175€ de top applis et jeux avec l'App-Shop Amazon. Offre à durée limitée. En savoir plus.

Descriptions du produit

Présentation de l'éditeur

Implement a robust SIEM system

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

  • Assess your organization’s business models, threat models, and regulatory compliance requirements
  • Determine the necessary SIEM components for small- and medium-size businesses
  • Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
  • Develop an effective incident response program
  • Use the inherent capabilities of your SIEM system for business intelligence
  • Develop filters and correlated event rules to reduce false-positive alerts
  • Implement AlienVault’s Open Source Security Information Management (OSSIM)
  • Deploy the Cisco Monitoring Analysis and Response System (MARS)
  • Configure and use the Q1 Labs QRadar SIEM system
  • Implement ArcSight Enterprise Security Management (ESM) v4.5
  • Develop your SIEM security analyst skills

Biographie de l'auteur

David R. Miller, SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, 2000, and Server 2003:Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+, is an expert author, lecturer, and IT security consultant specializing in information systems security, compliance, and network engineering.
Shon Harris, CISSP, is the CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, is a contributing author to the book Gray Hat Hacking, and developed a full digital information security product series for Pearson publishing. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.
Allen Harper, CISSP, is founder and president of N2NetSecurity, Inc., a consulting company specializing in advanced security and vulnerability analysis, penetration testing, SIEM implementation, and compliance. He served as a security engineer in the U.S. Department of Defense, and is a coauthor of Gray Hat Hacking.
Stephen VanDyke, CISSP, BCCPA, BCCPP, MCSA, Security+, Network+, was a founding member of the U.S. Army Reserve global network Computer Emergency Response Team and helped design and deploy its NetForensics SIEM. He implemented high end, multi-tiered security systems for the Multi-National Force – Iraq (MNFI) network.
Chris Blask, Vice President of Marketing at AlienVault, is on the faculty at the Institute for Applied Network Security, Co-founded Protego Networks (now Cisco MARS) and founded Critical Infrastructure Cybersecurity company Lofty Perch. Chris invented the BorderWare Firewall Server in the early days of the Internet Security market and built the Cisco Systems firewall business

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 17385 KB
  • Nombre de pages de l'édition imprimée : 464 pages
  • Utilisation simultanée de l'appareil : Jusqu'à  appareils simultanés, selon les limites de l'éditeur
  • Editeur : McGraw-Hill Osborne Media; Édition : 1 (15 novembre 2010)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Classement des meilleures ventes d'Amazon: n°210.805 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?

En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 3.3 étoiles sur 5  9 commentaires
22 internautes sur 23 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Fun Read, but With Some Weaknesses 10 janvier 2011
Par Dr Anton Chuvakin - Publié sur Amazon.com
I was looking forward to reading this book for a few months - pretty much since the time I've heard that it is being written. Obviously, I has very excited when it arrived in my mailbox. Now have done reading it, I can say it left a mixed impression. Mostly positive -but still mixed. I definitely enjoyed reading it, despite (or maybe due to) the fact that I've been involved with SIEM for nearly 10 years.
Let me first go through other chapters and then give my overall impression. The book is organized in three big parts: "introduction to SIEM: threat intelligence for IT systems", "IT threat intelligence using SIEM systems " and "SIEM tools."
Chapter 1 covers security basics with minimum connections to SIEM. It might have that over-simplified refresher of what information security is about.
Chapter 2 can be summarized using the quote from the chapter itself: "the bad things that could happen." It contains another refresher on attacks, somewhat jumbled and somewhat dated. We're not really touching SIEM yet at this point.
Chapter 3 has an author view of regulatory compliance: the usual suspects I have mentioned - PCI DSS, HIPAA, FISMA, SB1386, SOX, GLBA, etc. HIPAA is not misspelled which counts as good news.
Chapter 4 has a bizarre name: "SIEM concepts: components for small and medium-sized businesses." It contains an overview of SIEM with little focus on SMB. It is mildly confusing (for example, it calls LogRhythm "a commercial syslog server"). It contains a few outright mistakes as well (like a mention of one log management vendor whose application reportedly covers "all 228 PCI controls"). The chapter tries to talk about everything (yes, even GRC) and makes a very weak impression.
Chapter 5 looks like a twin of the previous chapter. It also contains an overview of SIEM, but a different one - a better one, in fact. These two chapters don't contradict each other much, but joint their presence in the book is mysterious and somewhat confusing.
Chapter 6 is a sudden break from SIEM into incident response. It does contain a few useful - but high-level- flow charts for incident response. I doubt that it was written by somebody who did much incident response however.
Chapter 7 is both a curse and a blessing. I loved the ideas in the chapter - using SIEM for BI - but I hated the fact that its author didn't even bother to check what "SIEM" abbreviation stands for (see page 116)...

Chapter 8 and Chapter 9 are about OSSIM/AlienVault. From all the SIEM product chapters below, these are the weakest and the least useful. They offer little practical guidance and this - yes, really! - most the details you'd need to know before deploying OSSIM. I was especially annoyed by "screenshot-three lines of text-screenshot-three lines of text..." model that most of Ch 8 and Ch 9 follow. It makes pages 152-166 just wasted paper. Ch9 tries to be a bit more useful (has two case studies), but collapses under the load of too many screenshots as well.
Chapter 10 and Chapter 11 talk about Cisco MARS. Since nobody cares about MARS anymore, I won't be reviewing them here.
Chapter 12 and Chapter 13 cover Q1Labs SIEM. Unlike the above, these are actually useful for practical architecture planning of QRadar deployments. These chapters also contain useful SIEM insights - still, these can benefit from more real-world tuning tips. The case study in Ch13 is useful as well. If you are thinking of getting a Q1Labs SIEM, grab the book to quickly review what you will encounter when you get the product
Finally, Chapter 14 and Chapter 15 cover ArcSight SIEM. Despite minor mistakes and "vendor whitepaper feel," the chapters would be useful to people in the early stages of reviewing and deploying ArcSight SIEM. The chapters suffer a bit from trying to duplicate product help - you're more likely to learn how to patch ArcSight them how to use it well.. Sadly, no case studies are included in these chapters.
Overall, the book has unfortunate signs of being written by a team of others who didn't talk to each other. Despite the promises of implementation guidance, it leaves some of the very complex SIEM issues untouched. Very few case studies (some good ones are stashed in the appendix for some weird reason) and few tips and tricks for real-world SIEM implementation. Also, it is much stronger of the "what" then on "how." Still, I suggest that people buying, using and building SIEM products, get their own copy and read at least a few chapters relevant to them. You will likely not be disappointed!
7 internautes sur 9 ont trouvé ce commentaire utile 
3.0 étoiles sur 5 Value relative to your SIEM experience 31 janvier 2011
Par M Runals - Publié sur Amazon.com
In short - if you have been "doing" SIEM for any length of time you won't get a whole lot out of this book. Conversely if you are starting to venture down the SIEM path it would probably be worth picking up.

I first read about this book on Dr. Anton Chuvakin's blog. Even though his review was less than stellar, he did give it 4 stars. Similarly although the book's title includes "implementation" and I have been using ArcSight for a little over two years now so I figured I would give it a shot. I was hopeful...and ended up sort of disappointed. Don't get me wrong; I appreciate the time and effort the authors put into the book. There really isn't a whole lot of SIEM type information "out there" which is one of the main reasons I started my own SIEM-esque blog. I think this book has the most value if you haven't bought a SIEM yet through 3 or 4 months into your SIEM deployment as a way to level set the conversation (though the first part of the book is very basic).

Because of my background I started with the chapters on ArcSight. I was pretty disappointed when it quickly went into screenshots on actually installing the software. The other product chapters are a bit better but have similar issues. These chapters should have been pulled out of the book with the exception that each had a nugget or two that either didn't show up in other places in the book or showed up in all. You don't need to have each product chapter talk about the need to have project requirements/goals/expectations. In the Cisco MARS section (yes I even skimmed that chapter) there was actually a good little blerb on the difference between SIEM and an IDS. Why tuck it away?

Instead of the product chapters as written, I would have liked to have seen more information comparing and contrasting the products themselves. Get a little into environmental scaling, console maturation/ease of use, deployment and sustainment levels of effort, levels of pain when it comes to integration or customization, etc. Heck come up with 2 or 3 use cases and try to show how each product might handle those scenarios. Was also disapointed with the chapter devoted to SMB as it really doesn't address integration issues of a product that is on 24x7 when you probably have fewer resources than a larger company.
1 internautes sur 1 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Solid intro to SIEM 24 février 2011
Par Ben Rothke - Publié sur Amazon.com
With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks.

Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation.

As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.

With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.

The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.

Part 1 provides a high-level overview of the topic and covers information security fundamentals. Chapter 2 details the various threats that the SIEM will be used to defend against. While chapter 3 gets into regulatory compliance, which is a key driver for many SIEM rollouts.

Part 2 details four SIEM vendors. The products the authors selected to showcase are: OSSIM, ArcSight ESM, Cisco Mars and Ounce Labs QRadar. While it is debatable if OSSIM is a SIEM, I am not sure why the authors did not include the netForensics product. This is especially true since the nFX SIM One software is one of the better tools which works on large deployments in which customization is needed.

A mistake many firms makes when considering a SIEM is spending too much time selecting a specific SIEM vendor and not enough time defining their specific security requirements for the SIEM product. The book does a good job of communicating the important of effective requirements definition. An important notion around requirements definition is that it must not involve just IT and security groups alone. Other groups including audit, regulatory, legal, administration, applications and more must be involved.

The book provides examples of real-world advice. A good point made in chapter 11 is the need to realize that a SIEM takes time to develop and is an out of the box solution. The authors note that one should not expect full inventory activity and actionable information immediately. It often may take a few weeks for that information to be normalized into data that is actionable.

Part 3 goes into the various products. In chapter 12, while about QRadar, lists 10 highly detailed questions that must be answered irrregardless of what SIEM vendor will be used. These 10 questions (for a formal SIEM definition, there are a good 30 or more that can be asked) require a firm to truly understand their infrastructure and environment, before they deploy a SIEM. The authors note that these questions are meant to facilitate a firm doing their homework around the SIEM. Detailed answers to these questions should not be underestimated, as failure to do them in advance can lead to a SIEM deployment that will ultimately fail.

For many readers, the screen print of a QRadar system settings console on page 278 may be enough to scare them away from a SIEM. This screen, of which there are many in QRadar, list over 50 settings that must be configured in order to effectively use the software. While many of the default settings can be used; firms should know exactly what their settings should be if they want to get the most out of SIEM solution.

In many books, the appendix is often public information which is simply added as filler to increase the page count. The appendix The Ways and Means of the Security Analyst is superb. It details the human element of the SIEM, the security analyst, which is often what will make or break the SIEM. The analyst is the one who will use the SIEM and attempt to make sense of it. A SIEM deployment without good analysts is ultimately useless.

It should be noted that even though the book has the term implementation in the title, it is not really a full implementation reference. It should be viewed as a comprehensive introduction to SIEM. The reason is that when one digs into the deeper layers of a SIEM deployment, there are significant complexities that must be dealt with. Anyone who attempts to deploy SIEM based on this guide alone will likely be disappointed. This is not a fault of the book; rather a reality of the complexity of a SIEM, and the amount of pages it requires to be written.

While the book does have implementation guidelines around the insulation and configuration of 4 SIEM products, the real challenge in a SIEM is the post-installation configuration issues, and not simply the installation. Perhaps the authors will take this as a challenge to create a second volume of this book detailing those issues.

With that, the book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy. Don't think about a SIEM without it.
3.0 étoiles sur 5 REVIEW 8 juin 2014
Par Fernando Pico - Publié sur Amazon.com
Format:Broché|Achat vérifié
The topics are old, actually we need topics that are in the top of technology, with the objective of fix the network problems
4.0 étoiles sur 5 siem 4 janvier 2014
Par Richard knutson - Publié sur Amazon.com
Format:Broché|Achat vérifié
I liked reading about SIEM and learn a lot. some things are out of date but good overall learning about SIEM and network monitoring.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Première publication:
Aller s'identifier

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon

Rechercher des articles similaires par rubrique