Book Review: Security Threat Mitigation and Response - Understanding Cisco Security MARS

Security Threat Mitigation and Response: Understanding Cisco Security MARS
by Dale Tesch, Greg Abelar
Publisher: Cisco Press
Pub Date: September 28, 2006
Print ISBN-10: 1-58705-260-1
Print ISBN-13: 978-1-58705-260-6
Pages: 408

This book had so much potential to be great. Sadly it turned out to be an overgrown technical manual. The author does try to lighten things up by interspersing real world technical details throughout the book, however he could have just written a “hacks” style book with that material and been much better off.

This book is organized into four major divisions. The first, Security threat identification and response challenge reviews basic security theory and response. A network engineer breaking into security may find this interesting. Anyone else can just skip over this chapter.

I actually found the second, CS-MARS theory and operation to be the most useful. The author laid out a pretty good flowchart of the designing process used to process alerts. He also hinted out the back end architecture supporting the device.

The third section, CS-MARS operation was just blatantly lifted from the users guide. The only difference is that the online users guide is organized a little more clearly. I recommend skipping this chapter and going straight to the on-line documentation, you will be much happier.

The fourth section, CS-MARS in action had great potential, however the author just stuck in some really salesy usage scenarios. I can’t reinforce this enough - This needs to be updated. I have been to customer talks where users presented how the MARS box has made their life easier in many ways. The stories presented here do a disservice to the product, and do not highlight the core differentiators that this product offers.

Would I recommend this book? Yes and No. I would recommend that entry level engineers with no security experience, and business users pick this up. Other than that, log onto CCO and just read through the docs. You will learn more in less time. And as a plus, you will have $50 sitting in your wallet still.