Chris Fry, Martin Nystrom, “Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks”
O'Reilly Media, Inc. | 2009-02-24 | ISBN: 0596518161 | 246 pages | CHM | 5,75 MB
O'Reilly Media, Inc. | 2009-02-24 | ISBN: 0596518161 | 246 pages | CHM | 5,75 MB
How well does your enterprise stand up against today's sophisticated security threats? With this book, security experts from Cisco Systems demonstrate how you can detect damaging security incidents on your global network -first by discovering which assets you need to monitor closely, then by helping you develop targeted strategies and pragmatic techniques to identify security incidents.
Security Monitoring offers six steps to improve network monitoring, based on the authors' years of experience conducting incident response to keep Cisco's global network secure. These steps will guide you through the following:
Develop Policies: define the rules, regulations, and criteria against which to monitor
Know Your Network: build knowledge of your infrastructure with network telemetry
Select Your Targets: define the subset of infrastructure where you'll focus monitoring
Choose Event Sources: identify the event types needed to discover policy violations
Feed and Tune: collect data and generate alerts, tuning systems using context
Maintain Dependable Event Sources: prevent critical gaps in your event collection and monitoring
To help you understand this framework, Security Monitoring illustrates its recommendations using a fictional mobile telephony provider. Each chapter's approach and techniques are overlaid against this fictional example with diagrams and detailed examples. These recommendations will help you select and deploy the best techniques for monitoring your own enterprise network.
D0wn10ad
Mirr0r