Cisco Security Agent

  • Published: Jun 1, 2005
  • Copyright 2005
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 456
  • Edition: 1st
  • Book
  • ISBN-10: 1-58705-205-9
  • ISBN-13: 978-1-58705-205-7
  • eBook (Watermarked)
  • ISBN-10: 1-58705-398-5
  • ISBN-13: 978-1-58705-398-6

Register your product to gain access to bonus material or receive a coupon.

More Information

DescriptionExtrasReviewsSample Content

Product Description

Prevent security breaches by protecting endpoint systems with Cisco Security Agent, the Cisco host Intrusion Prevention System

  • Secure your endpoint systems with host IPS
  • Build and manipulate policies for the systems you wish to protect
  • Learn how to use groups and hosts in the Cisco Security Agent architecture and how the components are related
  • Install local agent components on various operating systems
  • Explore the event database on the management system to view and filter information
  • Examine Cisco Security Agent reporting mechanisms for monitoring system activity
  • Apply Application Deployment Investigation to report on installed applications, hotfixes, and service packs
  • Collect detailed information on processes and see how they use and are used by system resources
  • Create and tune policies to control your environment without impacting usability
  • Learn how to maintain the Cisco Security Agent architecture, including administrative access roles and backups

Cisco Security Agent presents a detailed explanation of Cisco Security Agent, illustrating the use of host Intrusion Prevention Systems (IPS) in modern self-defending network protection schemes. At the endpoint, the deployment of a host IPS provides protection against both worms and viruses. Rather than focusing exclusively on reconnaissance phases of network attacks a host IPS approaches the problem from the other direction, preventing malicious activity on the host by focusing on behavior. By changing the focus to behavior, damaging activity can be detected and blocked–regardless of the attack.

 

Cisco Security Agent is an innovative product in that it secures the portion of corporate networks that are in the greatest need of protection–the end systems. It also has the ability to prevent a day-zero attack, which is a worm that spreads from system to system, taking advantage of vulnerabilities in networks where either the latest patches have not been installed or for which patches are not yet available. Cisco Security Agent utilizes a unique architecture that correlates behavior occurring on the end systems by monitoring clues such as file and memory access, process behavior, COM object access, and access to shared libraries as well as other important indicators.

 

Cisco Security Agent is the first book to explore the features and benefits of this powerful host IPS product. Divided into seven parts, the book provides a detailed overview of Cisco Security Agent features and deployment scenarios. Part I covers the importance of endpoint security. Part II examines the basic components of the Cisco Security Agent architecture. Part III addresses agent installation and local use. Part IV discusses the Cisco Security Agent management console’s reporting and monitoring capabilities. Part V covers advanced Cisco Security Agent analysis features. Part VI covers Cisco Security Agent policy, implementation, and management. Part VII presents additional installation and management information.

 

Whether you are evaluating host IPS in general or looking for a detailed deployment guide for Cisco Security Agent, this book will help you lock down your endpoint systems and prevent future attacks.

 

“While there are still a lot of ways that security can go wrong, Cisco Security Agent provides a defense even when something is wrong. I remember the email that came around from our system administrator that said, ‘There’s something attacking our web server. We’re not sure what it is, but Stormwatch is blocking it.’ That was the Nimda worm–the first of a long line of attacks stopped by Cisco Security Agent.”

–Ted Doty, Product Manager, Security Technology Group, Cisco Systems®

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Links

Download related content from TechRepublic.com

IT Security Policy Checklist

The Anatomy of Spyware

From NetworkWorld.com

Host-based IPS guards endpoints

Customer Reviews

2 of 2 people found the following review helpful
3.0 out of 5 stars Out of date, but still useful, January 8, 2010
This review is from: Cisco Security Agent (Paperback)
If you have been tasked with learning CSA configuration, management and deployment, this is a great still a great resource. I do have to say that it is very out of date. This book uses CSA 4.5 and there have been two other versions since that time. CSA 6 is the latest version and is where the most changes took place. The theory behind the book and architecture is still sound. The book is a valuable resource, but the reader needs to know that they cannot take all statements in the book at face value. Some parts reference retired or discontinued Cisco products, so when reading this book please double-check everything! If you are a new administrator this book alone will not be sufficient, you will need to work with a trainer or someone who has already configured and managed this product. As an example, Whitelists, Blacklists, Learn Mode, etc. are new in CSA 6 and not present in the book at all. Rule actions were added to and even changed drastically for some rules. Many changes... Read more
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
3.0 out of 5 stars A decent volume, August 26, 2007
By 
Wole Akpose "wolexca" (dundalk, md United States) - See all my reviews
(REAL NAME)   
This review is from: Cisco Security Agent (Paperback)
As an endpoint protection solution, Cisco Security agent was a timely product, when it was released 2003, for being one of the industry's first behavior based host protection solution and thus offering some hope of protection against the widely feared zero-day attack scenario. While the product is considered a great tool, its proper deployment in an enterprise is non-trivial. Hence the value of a book like Cisco Security Agent : Prevent security breaches by protecting endpoint systems with Cisco Security Agent(CSA) , the Cisco host Intrusion Prevention System.

While the books organization is not quit elegant (it leaves the planning and implementation process to the last part while address advanced concepts earlier on), its comprehensive content on the subject makes it a useful book all the same. The seven part book makes the case for Cisco Security Agent (or any endpoint security solution for that matter) in the first part, addresses the CSA architecture in the second and... Read more
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 3 people found the following review helpful
4.0 out of 5 stars Bit outdated but Good, August 10, 2007
This review is from: Cisco Security Agent (Paperback)
I used this book to prepare for Cisco HIPS exam (which I passed). Even though it is bit outdated, it covers the product pretty well. The book starts with end point security bascis, then move into CSA building blocks, installation, configuration, monitoring, analyzingas and ends with CSA administration and maintainence. The book is well written, specially chapters 3, 4 and 5 really help in understanding the basic concepts.I would recommend it to anyone who wants to understand CSA or is preparing for the Cisco HIPS exam. I would also recommend "Advanced Hospt Intrusion Prevention with CSA" and "User Management Guide for CSA" from Cisco's website (a free download).
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Share your thoughts with other customers:
 See all 4 customer reviews...

Index

Download - 78 KB -- Index

Table of Contents

Foreword

Introduction

Part I   The Need for Endpoint Security

Chapter 1   Introducing Endpoint Security

Chapter 2   Introducing the Cisco Security Agent

Part II   Understanding the CSA Building Blocks

Chapter 3   Understanding CSA Groups and Hosts

Chapter 4   Understanding CSA Policies, Modules, and Rules

Chapter 5   Understanding Application Classes and Variables

Part III   CSA Agent Installation and Local Agent Use

Chapter 6   Understanding CSA Components and Installation

Chapter 7   Using the CSA User Interface

Part IV   Monitoring and Reporting

Chapter 8   Monitoring CSA Events

Chapter 9   Using CSA MC Reports

Part V   Analyzing CSA

Chapter 10    Application Deployment Investigation

Chapter 11    Application Behavior Analysis

Part VI   Creating Policy, Implementing CSA, and Maintaining the CSA MC

Chapter 12    Creating and Tuning Policy

Chapter 13    Developing a CSA Project Implementation Plan

Chapter 14    CSA MC Administration and Maintenance

Part VII   Appendixes

Appendix A   VMS and CSA MC 4.5 Installation

Appendix B   Security Monitor Integration

Appendix C   CSA MIB

Index

Downloadable Sample Chapter

Download - 2.35 MB -- Chapter 6: Understanding CSA Components and Installation

Best Value

Book + eBook Bundle $108.00 $64.80

Book Price: $48.00
eBook Price: $16.80

Buy

This book includes free shipping!

Buy

Book  $60.00  $48.00

Usually ships in 24 hours.

This book includes free shipping!

Buy

eBook (Watermarked)  $48.00  $38.40

About Watermarked eBooks

This PDF will be accessible from your Account page after purchase and requires the free Adobe® Reader® software to read it.

The eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

Watermarked eBook FAQ

Purchase Reward: One Month Free Subscription
By completing any purchase on Cisco Press, you become eligible for an unlimited access one-month subscription to Safari Books Online.

Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.

Related Articles

Creating Your Own VPN
By Eric Geier.
Oct 23, 2012
Protecting Your Network from the Wi-Fi Protected Setup Security Hole
By Eric Geier.
Mar 12, 2012
Network Security First-Step: Firewalls
By Donald Stoddard, Thomas M. Thomas.
Feb 8, 2012

You May Also Like

CCNA Security 640-554 LiveLessons (Video Training)
By Keith Barker.
ISBN-13: 978-0-7897-4858-4
Dec 3, 2012
$119.99 (Save 20%)
Network Security First-Step, 2nd Edition
By Thomas M. Thomas, Donald Stoddard.
ISBN-13: 978-1-58720-410-4
Dec 30, 2011
$27.99 (Save 20%)
Network Security First-Step, 2nd Edition
By Thomas M. Thomas, Donald Stoddard.
ISBN-13: 978-1-58720-411-1
Dec 9, 2011
$22.39 (Save 20%)

Safari Bookshelf Titles

Email Security with Cisco IronPort
By Chris Porter.
Apr 23, 2012
Network Security First-Step, 2nd Edition
By Thomas M. Thomas, Donald Stoddard.
Dec 30, 2011
Computer Incident Response and Product Security
By Damir Rajnovic.
Dec 6, 2010