Security Information and Event Management (SIEM) Implementation

Implement a robust SIEM system

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

• Assess your organization’s business models, threat models, and regulatory compliance requirements
• Determine the necessary SIEM components for small- and medium-size businesses
• Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
• Develop an effective incident response program
• Use the inherent capabilities of your SIEM system for business intelligence
• Develop filters and correlated event rules to reduce false-positive alerts
• Implement AlienVault’s Open Source Security Information Management (OSSIM)
• Deploy the Cisco Monitoring Analysis and Response System (MARS)
• Configure and use the Q1 Labs QRadar SIEM system
• Implement ArcSight Enterprise Security Management (ESM) v4.5
• Develop your SIEM security analyst skills

About the Authors

David R. Miller is a consultant specializing in information systems security, compliance, and network engineering. He is a lecturer, an author, and a technical editor of books, curriculum, certification exams, and computer-based training videos. He is regularly invited to perform as a Microsoft Subject Matter Expert (SME) on product lines, including Microsoft Server 2008, Microsoft Exchange Server 2007, and Microsoft Windows Vista and Windows 7. He holds the following certifications: PCI QSA, SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, MCSE Windows Server 2000, and MCSE Windows Server 2003: Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+, and more...

Shon Harris, CISSP, is the founder and CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor, and an author. She has authored three best-selling CISSP books, been a contributing author on previous editions of Gray Hat Hacking: The Ethical Hacker’s Handbook (McGraw-Hill Professional), and is currently working on a Certified Ethical Hacker (CEH) book. Shon has developed a full digital information product series for Pearson publishing.

In 2007, Allen Harper retired from the military as a Marine Corps Major after a tour in Iraq. He has more than 20 years of IT/security experience. He holds an M.S. in Computer Science from the Naval Post Graduate School and a B.S. in Computer Engineering from North Carolina State University. Allen led the development of the GEN III honeywall CDROM, called roo, for the Honeynet Project. Allen was a coauthor of Gray Hat Hacking: The Ethical Hacker’s Handbook, First and Second Editions, and is currently working on the Third Edition. He was a member of the 2004 winning team (sk3wl of r00t) in the DEFCON Capture the Flag contest. He is a faculty member for the Institute for Applied Network Security and has worked as a security consultant for the Internal Revenue Service (IRS) and for Logical Security, LLC. His interests include reverse engineering, vulnerability discovery, and all forms of ethical hacking. Allen is now the President and Founder of N2NetSecurity, Inc.

Stephen VanDyke is a consultant focusing on intrusion detection, incident handling, vulnerability assessments, network architecture, and network engineering. He has been working in the IT field for over 10 years in a wide variety of environments. He has primarily worked with the U.S. government as a consultant for such organizations as the U.S. Army Reserve Command, the U.S. Army, and Multi-National Forces Iraq (MNF-I) on several projects. He holds the following certifications: CISSP, SnortCP, MCSA, BCCPA, BCCPP, A+, Network+, and Security+.

Chris Blask is a seasoned security technology professional with more than 20 years of experience in engineering and marketing information technologies. In 1993, he invented the BorderWare Firewall Server with Clyde Stevens and Paul Hunt, a leading product in the early firewall market. In 1998, Chris assumed responsibility for Cisco’s struggling PIX firewall product line and led it to a multibillion dollar position of global leadership. Protego Networks—a SIEM vendor later sold to Cisco—was founded by Chris and three others in 2002. Lofty Perch—a critical infrastructure cybersecurity services company—was founded by Chris in 2005. He has also spent time helping NSS Labs develop PCI testing regimes, was VP Operations at N2NetSecurity, and is currently on faculty at the Institute for Applied Network Security and is Vice President of Marketing at AlienVault.