Security Threat Mitigation and Response: Understanding ... (ISBN 1587052601)

Too Much Filler Very Little Substance:
2/3 of this book is filler material - the 1st 3 chapters gives general overviews about STM, the Appendix is like the last 25% of the book. Absolutely zero coverage on how to implement custom parser functionality (needed if you have a device that doesn't have built-in support under MARS). Useful only as a basic starting point reference, but not worth the price tag. Indicates that another book on MARS will be produced - maybe that is why the content has been watered down.

Good for starters...:
This book is OK if your a starter with the MARS product. I found the book to be interesting, though they could have gone into more customization and devices that are not natively supported by the MARS appliance. On the good side, its somewhat better than the useless and incomplete pamphlet that comes with the MARS appliance. But I think the price is a bit high for what your getting.

Understanding the Cisco MARS Appliance:
The Cisco MARS (Monitoring, Analysis, and Response System) is a network appliance that fits on your network to provide the best possible network security. The biggest failure with MARS is that many companies plug it in, use it's standard protocols and tests and then find that their network has been compromised. To get the most effective use out of MARS it must be actively managed. And that is the function of this book. It covers how to understand the problem, how to configure and deploy your MARS appliance as well as how the MARS works from a technical and procedural standpoint. The book is intended for professional security/network/management engineers/analysts/responders/administrators. It can be read at a level of using it to understand your system up to the actual hands-on set-up and use of the MARS appliance. This book is, of course, heavily oriented to the Cisco security approach, however as this is one of the most common systems used in large networks this is not bad. It is a fairly introductory level book intended for use at an operational level by the individuals in charge of your sizes.

An irritating book if you already have an infosec background:
We got a MARS box at my work, so I grabbed this book to get up to snuff. It was a very annoying and frustrating book. The first 1/3 of the book seemed to be semi-marketing fluff, and actually prompted me to note "hahaha" in one of the margins. In about a decade of working through technical books, and a BA in political science (which led me to read some seriously pompous material), I've NEVER DONE THAT.* Overall I didn't find the book that helpful. If you are fairly new to infosec (I'm not condescending here, everyone was once new at everything) it might have enough new information hidden amongst the MBA-speak to keep your attention, but I found myself skimming a lot, and eventually just tossed the book aside. On the bright side you can occasionally find useful material in it as a reference book. Since it's light on technical information for it's weight, don't count on that too much, but it's not totally useless. For example I was able to find MARS' place in our infrastructure in regards to Netflow with this book, (MARS as a collector is security-focused, and not a proper primary collector for traffic engineering, which makes complete sense), but to set it up accordingly I had to google around and eventually found a really good MARS blog. So I'd say that if you have a MARS box, get your work to buy you this book because it will occasionally be handy, maybe shaving a few minutes off of a google session. If I was paying I would skip it. * The line that prompted me to actually burst into laughter actually claimed that a specific set of practices surrounding the MARS box made it impenetrable. If I had the book at home right now I would quote it, so readers could recall the Oracle "unbreakable" debacle and smile.