Security Information and Event Management (SIEM) solutions are an essential part of the enterprise security toolkit, but they’re also some of the most complicated products on the market.
For those information security professionals trying to push their organization into the modern era of SIEM, it can be difficult to know where to start. IT workers and CISOs looking for a new SIEM solution need a comprehensive overview in order to correctly plan, assess and deploy the right SIEM solutions for their organization and device a strong business case for the technology.
There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old-fashioned way… there are few resources that can match the in-depth, comprehensive detail of good books about SIEM.
We compiled a short list of the top twelve introductory books about SIEM and log management available today, listed in no particular order. We have also built a small SIEM book library on this site which you can access here.
Please note that several of these books about SIEM have been in print for years and will not be up-to-date on the current range of SIEM solutions on the market. However, despite their age these books about SIEM still function well as high-altitude introductions to concepts and ideas that professionals building SIEM business plans need to be familiar with.
Security Information and Event Management (SIEM) Implementation (Network Pro Library)
by David R. Miller, Shon Harris, Alan Harper, Stephen VanDyke, and Chris Blask
“Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts.
“The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.”
Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
by Evan Wheeler
The goal of Security Risk Management is to teach you practical techniques that will be used on a daily basis while also explaining the fundamentals so you understand the rationale behind these practices. Security professionals often fall into the trap of telling the business that they need to fix something, but they can’t explain why.
“This book will help you to break free from the so-called ‘best practices’ argument by articulating risk exposures in business terms. You will learn techniques for how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive guide for managing security risks.”
Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
by Anton A. Chuvakin and Kevin J. Schmidt
“Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management introduces information technology professionals to the basic concepts of logging and log management. It provides tools and techniques to analyze log data and detect malicious activity.
“The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how Syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems.”
Data-Driven Security: Analysis, Visualization and Dashboards
by Jay Jacobs and Bob Rudis
“Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful data analysis and visualization. You’ll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions.
“Everything in this book will have practical application for information security professionals.”
Network Security Through Data Analysis: Building Situational Awareness
by Michael S. Collins
“Traditional intrusion detection and log file analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.
“Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.”
by Corey Schou and Steve Hernandez
“This practical resource leads you through building an IT strategy and offers an organizational approach to identifying, implementing, and controlling information assurance initiatives for small businesses and global enterprises alike.”
“Common threats and vulnerabilities are described and applicable controls based on risk profiles are provided. Practical information assurance application examples are presented for select industries, including healthcare, retail, and industrial control systems. Chapter-ending critical thinking exercises reinforce the material covered. An extensive list of scholarly works and international government standards is also provided in this detailed guide.”
by Chris Davis and Mike Schiller
“Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included.
This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, checklists and valuable templates.”
by James Stewart, Mike Chapple and Darril Gibson
“Covers 100% of exam 2015 CISSP (ISC)2 candidate information bulletin objectives including, Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography and much more.
…Coverage of all of the exam topics in the book means you’ll be ready for: Security and Risk Management Asset Security, Security Engineering Communication and Network Security, Identity and Access Management, Security Assessment, and Testing Security Operations Software Development Security.”
by N. K. McCarthy, Matthew Todd, Jeff Klaben
“Shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans.
-Contains the essentials for developing both data breach and malware outbreak response plans―and best practices for maintaining those plans
-Features ready-to-implement CIRPs―derived from living incident response plans that have survived the rigors of repeated execution and numerous audits
-Clearly explains how to minimize the risk of post-event litigation, brand impact, fines and penalties―and how to protect shareholder value
-Supports corporate compliance with industry standards and requirements, including PCI, HIPAA, SOX, and CA SB-24“
by Richard Bejtlich
“There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them.
In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.”
by Caroline Wong
“Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner’s Guide explains, step by step, how to develop and implement a successful security metrics program.
This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, resourcing and cloud-based security metrics.”
by Stuart McClure, Joe Scambray, and George Kurtz
“Bolster your system’s security and defeat the tools and tactics of cyber-criminals with advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker’s latest devious methods and illustrate field-tested remedies.
Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks.Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive “countermeasures cookbook.” “
by Chris Sanders and Jason Smith
“Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM.
The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical knowledge that you can apply immediately.”
by Don Murdoch
“The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders and InfoSec pros alike.The BTHb includes essential information in a condensed handbook format about the incident response process, how attackers work, common tools, a methodology for network analysis developed over 12 years, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, and numerous other topics.
The book is peppered with practical real life techniques from the authors extensive career working in academia and a corporate setting.”
Widget not in any sidebars
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017