An Ihren Kindle oder ein anderes Gerät senden


Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Keine Abbildung vorhanden

Security Information and Event Management (SIEM) Implementation (Network Pro Library) [Kindle Edition]

David Miller , Shon Harris , Allen Harper , Stephen VanDyke , Chris Blask
5.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 41,06 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 41,06  
Taschenbuch EUR 39,95  



Implement a robust SIEM system

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

  • Assess your organization’s business models, threat models, and regulatory compliance requirements
  • Determine the necessary SIEM components for small- and medium-size businesses
  • Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
  • Develop an effective incident response program
  • Use the inherent capabilities of your SIEM system for business intelligence
  • Develop filters and correlated event rules to reduce false-positive alerts
  • Implement AlienVault’s Open Source Security Information Management (OSSIM)
  • Deploy the Cisco Monitoring Analysis and Response System (MARS)
  • Configure and use the Q1 Labs QRadar SIEM system
  • Implement ArcSight Enterprise Security Management (ESM) v4.5
  • Develop your SIEM security analyst skills

Über den Autor und weitere Mitwirkende

David R. Miller, SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, 2000, and Server 2003:Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+, is an expert author, lecturer, and IT security consultant specializing in information systems security, compliance, and network engineering. Shon Harris, CISSP, is the CEO of Logical Security, a computer security consultant, a former engineer in the Air Force's Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, is a contributing author to the book Gray Hat Hacking, and developed a full digital information security product series for Pearson publishing. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine. Allen Harper, CISSP, is founder and president of N2NetSecurity, Inc., a consulting company specializing in advanced security and vulnerability analysis, penetration testing, SIEM implementation, and compliance. He served as a security engineer in the U.S. Department of Defense, and is a coauthor of Gray Hat Hacking. Stephen VanDyke, CISSP, BCCPA, BCCPP, MCSA, Security+, Network+, was a founding member of the U.S. Army Reserve global network Computer Emergency Response Team and helped design and deploy its NetForensics SIEM. He implemented high end, multi-tiered security systems for the Multi-National Force - Iraq (MNFI) network. Chris Blask, Vice President of Marketing at AlienVault, is on the faculty at the Institute for Applied Network Security, Co-founded Protego Networks (now Cisco MARS) and founded Critical Infrastructure Cybersecurity company Lofty Perch. Chris invented the BorderWare Firewall Server in the early days of the Internet Security market and built the Cisco Systems firewall business


  • Format: Kindle Edition
  • Dateigröße: 17385 KB
  • Seitenzahl der Print-Ausgabe: 464 Seiten
  • Gleichzeitige Verwendung von Geräten: Bis zu 4 Geräte gleichzeitig, je nach vom Verlag festgelegter Grenze
  • Verlag: McGraw-Hill Osborne Media; Auflage: 1 (25. Oktober 2010)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Word Wise: Nicht aktiviert
  • Durchschnittliche Kundenbewertung: 5.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: #319.738 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr


4 Sterne
3 Sterne
2 Sterne
1 Sterne
5.0 von 5 Sternen
5.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
5.0 von 5 Sternen Super Fachbuch zum Einstieg in SIEM 14. Januar 2015
Von Marcus R.
Format:Taschenbuch|Verifizierter Kauf
Für alle die sich mit dem Thema SIEM befassen müssen, ist dieses Buch zu empfehlen. Hier werden auch verschiedenen Produkte beschrieben, welche das Thema SIEM bedienen. Somit hat man schonmal einen Überblick was in Frage kommen könnte.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf (beta) 3.3 von 5 Sternen  9 Rezensionen
22 von 23 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Fun Read, but With Some Weaknesses 10. Januar 2011
Von Dr Anton Chuvakin - Veröffentlicht auf
I was looking forward to reading this book for a few months - pretty much since the time I've heard that it is being written. Obviously, I has very excited when it arrived in my mailbox. Now have done reading it, I can say it left a mixed impression. Mostly positive -but still mixed. I definitely enjoyed reading it, despite (or maybe due to) the fact that I've been involved with SIEM for nearly 10 years.
Let me first go through other chapters and then give my overall impression. The book is organized in three big parts: "introduction to SIEM: threat intelligence for IT systems", "IT threat intelligence using SIEM systems " and "SIEM tools."
Chapter 1 covers security basics with minimum connections to SIEM. It might have that over-simplified refresher of what information security is about.
Chapter 2 can be summarized using the quote from the chapter itself: "the bad things that could happen." It contains another refresher on attacks, somewhat jumbled and somewhat dated. We're not really touching SIEM yet at this point.
Chapter 3 has an author view of regulatory compliance: the usual suspects I have mentioned - PCI DSS, HIPAA, FISMA, SB1386, SOX, GLBA, etc. HIPAA is not misspelled which counts as good news.
Chapter 4 has a bizarre name: "SIEM concepts: components for small and medium-sized businesses." It contains an overview of SIEM with little focus on SMB. It is mildly confusing (for example, it calls LogRhythm "a commercial syslog server"). It contains a few outright mistakes as well (like a mention of one log management vendor whose application reportedly covers "all 228 PCI controls"). The chapter tries to talk about everything (yes, even GRC) and makes a very weak impression.
Chapter 5 looks like a twin of the previous chapter. It also contains an overview of SIEM, but a different one - a better one, in fact. These two chapters don't contradict each other much, but joint their presence in the book is mysterious and somewhat confusing.
Chapter 6 is a sudden break from SIEM into incident response. It does contain a few useful - but high-level- flow charts for incident response. I doubt that it was written by somebody who did much incident response however.
Chapter 7 is both a curse and a blessing. I loved the ideas in the chapter - using SIEM for BI - but I hated the fact that its author didn't even bother to check what "SIEM" abbreviation stands for (see page 116)...

Chapter 8 and Chapter 9 are about OSSIM/AlienVault. From all the SIEM product chapters below, these are the weakest and the least useful. They offer little practical guidance and this - yes, really! - most the details you'd need to know before deploying OSSIM. I was especially annoyed by "screenshot-three lines of text-screenshot-three lines of text..." model that most of Ch 8 and Ch 9 follow. It makes pages 152-166 just wasted paper. Ch9 tries to be a bit more useful (has two case studies), but collapses under the load of too many screenshots as well.
Chapter 10 and Chapter 11 talk about Cisco MARS. Since nobody cares about MARS anymore, I won't be reviewing them here.
Chapter 12 and Chapter 13 cover Q1Labs SIEM. Unlike the above, these are actually useful for practical architecture planning of QRadar deployments. These chapters also contain useful SIEM insights - still, these can benefit from more real-world tuning tips. The case study in Ch13 is useful as well. If you are thinking of getting a Q1Labs SIEM, grab the book to quickly review what you will encounter when you get the product
Finally, Chapter 14 and Chapter 15 cover ArcSight SIEM. Despite minor mistakes and "vendor whitepaper feel," the chapters would be useful to people in the early stages of reviewing and deploying ArcSight SIEM. The chapters suffer a bit from trying to duplicate product help - you're more likely to learn how to patch ArcSight them how to use it well.. Sadly, no case studies are included in these chapters.
Overall, the book has unfortunate signs of being written by a team of others who didn't talk to each other. Despite the promises of implementation guidance, it leaves some of the very complex SIEM issues untouched. Very few case studies (some good ones are stashed in the appendix for some weird reason) and few tips and tricks for real-world SIEM implementation. Also, it is much stronger of the "what" then on "how." Still, I suggest that people buying, using and building SIEM products, get their own copy and read at least a few chapters relevant to them. You will likely not be disappointed!
8 von 10 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Value relative to your SIEM experience 31. Januar 2011
Von M Runals - Veröffentlicht auf
In short - if you have been "doing" SIEM for any length of time you won't get a whole lot out of this book. Conversely if you are starting to venture down the SIEM path it would probably be worth picking up.

I first read about this book on Dr. Anton Chuvakin's blog. Even though his review was less than stellar, he did give it 4 stars. Similarly although the book's title includes "implementation" and I have been using ArcSight for a little over two years now so I figured I would give it a shot. I was hopeful...and ended up sort of disappointed. Don't get me wrong; I appreciate the time and effort the authors put into the book. There really isn't a whole lot of SIEM type information "out there" which is one of the main reasons I started my own SIEM-esque blog. I think this book has the most value if you haven't bought a SIEM yet through 3 or 4 months into your SIEM deployment as a way to level set the conversation (though the first part of the book is very basic).

Because of my background I started with the chapters on ArcSight. I was pretty disappointed when it quickly went into screenshots on actually installing the software. The other product chapters are a bit better but have similar issues. These chapters should have been pulled out of the book with the exception that each had a nugget or two that either didn't show up in other places in the book or showed up in all. You don't need to have each product chapter talk about the need to have project requirements/goals/expectations. In the Cisco MARS section (yes I even skimmed that chapter) there was actually a good little blerb on the difference between SIEM and an IDS. Why tuck it away?

Instead of the product chapters as written, I would have liked to have seen more information comparing and contrasting the products themselves. Get a little into environmental scaling, console maturation/ease of use, deployment and sustainment levels of effort, levels of pain when it comes to integration or customization, etc. Heck come up with 2 or 3 use cases and try to show how each product might handle those scenarios. Was also disapointed with the chapter devoted to SMB as it really doesn't address integration issues of a product that is on 24x7 when you probably have fewer resources than a larger company.
1 von 1 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Solid intro to SIEM 24. Februar 2011
Von Ben Rothke - Veröffentlicht auf
With many different types of log and audit data, Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details; and there are plenty of details in deploying a SIEM on corporate networks.

Security Information and Event Management Implementation provides a solid introduction, overview and analysis of what a SIEM (also known as SIM, SEM, SEIM and others) is, and what needs to go into it for an effective deployment and operation.

As a technology, SIEM provides real-time monitoring and historical reporting of information security events from networks, servers, systems, applications and more. Many firms have deployed SIEM as a method to address regulatory compliance reporting requirements, in addition to using it as a mechanism in which to build a robust information security operation, integrating the SIEM into their security management and incident response areas.

With that, the good news is that the SIEM market is now at a mature state, with numerous vendors competing off each other. Combined with the level of SIEM adoption, it's ready for prime time. But ensuring it works in prime time is heavily dependent upon the requirements definitions and planning.

The books 15 chapters are organized in three parts: Introduction to SIEM: Threat Intelligence for IT Systems, IT Threat Intelligence Using SIEM Systems and SIEM Tools. Part 3 (chapters 8-15) provides the bulk of the reading.

Part 1 provides a high-level overview of the topic and covers information security fundamentals. Chapter 2 details the various threats that the SIEM will be used to defend against. While chapter 3 gets into regulatory compliance, which is a key driver for many SIEM rollouts.

Part 2 details four SIEM vendors. The products the authors selected to showcase are: OSSIM, ArcSight ESM, Cisco Mars and Ounce Labs QRadar. While it is debatable if OSSIM is a SIEM, I am not sure why the authors did not include the netForensics product. This is especially true since the nFX SIM One software is one of the better tools which works on large deployments in which customization is needed.

A mistake many firms makes when considering a SIEM is spending too much time selecting a specific SIEM vendor and not enough time defining their specific security requirements for the SIEM product. The book does a good job of communicating the important of effective requirements definition. An important notion around requirements definition is that it must not involve just IT and security groups alone. Other groups including audit, regulatory, legal, administration, applications and more must be involved.

The book provides examples of real-world advice. A good point made in chapter 11 is the need to realize that a SIEM takes time to develop and is an out of the box solution. The authors note that one should not expect full inventory activity and actionable information immediately. It often may take a few weeks for that information to be normalized into data that is actionable.

Part 3 goes into the various products. In chapter 12, while about QRadar, lists 10 highly detailed questions that must be answered irrregardless of what SIEM vendor will be used. These 10 questions (for a formal SIEM definition, there are a good 30 or more that can be asked) require a firm to truly understand their infrastructure and environment, before they deploy a SIEM. The authors note that these questions are meant to facilitate a firm doing their homework around the SIEM. Detailed answers to these questions should not be underestimated, as failure to do them in advance can lead to a SIEM deployment that will ultimately fail.

For many readers, the screen print of a QRadar system settings console on page 278 may be enough to scare them away from a SIEM. This screen, of which there are many in QRadar, list over 50 settings that must be configured in order to effectively use the software. While many of the default settings can be used; firms should know exactly what their settings should be if they want to get the most out of SIEM solution.

In many books, the appendix is often public information which is simply added as filler to increase the page count. The appendix The Ways and Means of the Security Analyst is superb. It details the human element of the SIEM, the security analyst, which is often what will make or break the SIEM. The analyst is the one who will use the SIEM and attempt to make sense of it. A SIEM deployment without good analysts is ultimately useless.

It should be noted that even though the book has the term implementation in the title, it is not really a full implementation reference. It should be viewed as a comprehensive introduction to SIEM. The reason is that when one digs into the deeper layers of a SIEM deployment, there are significant complexities that must be dealt with. Anyone who attempts to deploy SIEM based on this guide alone will likely be disappointed. This is not a fault of the book; rather a reality of the complexity of a SIEM, and the amount of pages it requires to be written.

While the book does have implementation guidelines around the insulation and configuration of 4 SIEM products, the real challenge in a SIEM is the post-installation configuration issues, and not simply the installation. Perhaps the authors will take this as a challenge to create a second volume of this book detailing those issues.

With that, the book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy. Don't think about a SIEM without it.
3.0 von 5 Sternen for novices only 2. November 2014
Von J. Chi - Veröffentlicht auf
Format:Kindle Edition|Verifizierter Kauf
Good as a quick intro to log management and for single place to get demo version SIEM tool setup instructions (which you can get from the vendors themselves). If you're anything but a nivice, thus book is not for you.
4.0 von 5 Sternen siem 4. Januar 2014
Von Richard knutson - Veröffentlicht auf
Format:Taschenbuch|Verifizierter Kauf
I liked reading about SIEM and learn a lot. some things are out of date but good overall learning about SIEM and network monitoring.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Erster Beitrag:
Eingabe des Log-ins

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen

Ähnliche Artikel finden