Advanced Host Intrusion Prevention with CSA
Authors: Chad Sullivan, Jeff Asher and Paul Mauvais
Publisher: Cisco Press
Cisco Security Agent software protects server and desktop computing systems by identifying threats and preventing malicious behavior. It mitigates new and evolving threats without requiring reconfigurations or emergency patch updates, providing robust protection with reduced operational costs. This book covers the means of maximizing endpoint security by using Cisco Security Agent.
About the authors
Chad Sullivan, CCIE (Security, Routing/Switching, SNA/IP) is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers across the United States. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco Systems, Inc. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product.
Jeff Asher has worked as a network systems consultant for the last four years with information security as his primary focus.
Paul Mauvais is a senior security architect for corporate security programs at Cisco Systems based out of San Jose, CA.
Inside the book
As the process of gathering information is a critical for successfully setting up a Cisco Security Agent, the authors provide a detailed list of the topics you should have a good understanding before working with the product. This is followed with initial details on defining the purpose of product deployment, as well as introducing the reader with the user environment for running Cisco Security Agent. Within the initial couple of chapters, it is clearly shown that the book can be used both by people who are familiar with CSA and those that are yet to decide if this kind of product suits their needs.
Fifty pages inside the book, you will find a detailed project implementation plan, which builds upon the information gathered about the product installation environment. The authors discuss all the important steps of the planning phase: timeline and setting up targets, selection of staffers who will work on the project, metrics, user training and the specification dealing with the level of after deployment support. It is obvious that all these aspects are based on a large amount of experience, so the content of this section is pretty straightforward and provides some good insides.
After doing all the planning it is time to do some technical work. The installation procedures are done in a very satisfying manner. The part where you need to install the CSA Management Console, authors provide facts related to three different type of scenarios. Depending on how large is your company infrastructure and what are your specific needs, you can find our more about Management Console deployment on a single server, as well as two and three server implementations. Actual installation process is detailed in a step-by-step guide and accompanied by the appropriate screenshots.
As with all high-level implementations, troubleshooting tips are valued as pure gold. This topic receives about 25 pages and explores potential problems with Management Console, Security Agent and SQL server.
The book holds two appendixes. The first one deals with technical management of Cisco Security Agent, especially best practices and deployment guidelines. The second appendix is a promo for the 5.0 version of Cisco Security Agent that focuses on the new features introduced to this version
After a number of Cisco Press publication I came across, I still didn’t find one that didn’t totally fulfill my expectations. “Advanced Host Intrusion Prevention with CSA” isn’t in any way an exception. The book focuses just on the important stuff, making it easier to comprehend the needs and goals of a successful Cisco Security Agent deployment.