Implement SIEM to efficiently analyze and report data, respond to inside and outside threats, and follow compliance regulations
Security Information and Event Management (SIEM) Implementation shows how to take advantage of SIEM technology for real-time analysis of security alerts generated by network hardware and applications. The book explains how to implement multiple SIEM products from different vendors, and also discusses the strengths, weaknesses, and advanced tuning of these various systems.
This comprehensive guide covers everything from basic concepts and components to high-level configuration, risk and threat analysis, interpretation, and response. The separate pieces that make up a complete SIEM system are outlined, and techniques for deploying an integrated collection of discrete SIEM pieces to meet your requirements are presented. You will also learn how to extend SIEM tools to develop business intelligence solutions.
Security Information and Event Management (SIEM) Implementation
-- Includes a Smartbookóa knowledge base of real-world business use cases illustrating successfully deployed, finely-tuned SIEM systems
-- Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS
-- Is written by security, SIEM, and compliance experts
-- Includes product feature summaries and analyses and trending examples
-- Covers regulatory compliance issues and provides Incident Response solutions
Introduction to Threat Intelligence For IT Systems; Business Models; Threat Models; Compliance; SIEM Concepts - Components for small and medium size businesses; The Anatomy of SIEM Systems; Incident Response; SIEM for Business Intelligence; SIEM Tools; Open Systems SIEM Implementation; Open Systems SIEM Advanced Techniques; Cisco Security-MARS Implementation; Cisco Security-MARS Advanced Techniques; Q1 Labs QRadar Implementation; Q1 Labs Advanced Techniques; ArcSight Implementation; ArcSight Advanced Techniques