Security Information and Event Management (SIEM) Implementation (Paperback)

David R. Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask

  • 出版商: McGraw-Hill Education
  • 出版日期: 2010-11-15
  • 售價: $2,440
  • 貴賓價: 9.5$2,318
  • 語言: 英文
  • 頁數: 464
  • 裝訂: Paperback
  • ISBN: 0071701095
  • ISBN-13: 9780071701099
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Implement a robust SIEM system

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

  • Assess your organization’s business models, threat models, and regulatory compliance requirements
  • Determine the necessary SIEM components for small- and medium-size businesses
  • Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
  • Develop an effective incident response program
  • Use the inherent capabilities of your SIEM system for business intelligence
  • Develop filters and correlated event rules to reduce false-positive alerts
  • Implement AlienVault’s Open Source Security Information Management (OSSIM)
  • Deploy the Cisco Monitoring Analysis and Response System (MARS)
  • Configure and use the Q1 Labs QRadar SIEM system
  • Implement ArcSight Enterprise Security Management (ESM) v4.5
  • Develop your SIEM security analyst skills

商品描述(中文翻譯)

實施強大的安全資訊與事件管理(SIEM)系統

本權威指南將協助您有效管理網絡產生的安全資訊和事件。由IT安全專家撰寫的《安全資訊與事件管理(SIEM)實施》一書向您展示如何部署SIEM技術以監控、識別、記錄和應對安全威脅,並減少虛假警報。本書解釋了如何實施來自不同供應商的SIEM產品,並討論了這些系統的優點、缺點和高級調整。您還將學習如何利用SIEM功能進行商業智能。本書還包含了真實案例研究。

本全面資源包括以下內容:
- 評估組織的業務模型、威脅模型和法規合規要求
- 確定中小型企業所需的SIEM組件
- 了解SIEM結構 - 源設備、日誌收集、日誌解析/規範化、規則引擎、日誌存儲和事件監控
- 制定有效的事件應對計劃
- 利用SIEM系統的內在功能進行商業智能
- 制定過濾器和相關事件規則以減少虛假警報
- 實施AlienVault的開源安全資訊管理(OSSIM)
- 部署思科監控分析和響應系統(MARS)
- 配置和使用Q1 Labs QRadar SIEM系統
- 實施ArcSight企業安全管理(ESM)v4.5
- 提升SIEM安全分析師技能