Security Information and Event Management (SIEM) solutions are an essential part of the enterprise security toolkit, but they’re also some of the most complicated products on the market.
For those information security professionals trying to push their organization into the modern era of SIEM, it can be difficult to know where to start. IT workers and CISOs looking for a new SIEM solution need a comprehensive overview in order to correctly plan, assess and deploy the right SIEM solutions for their organization and device a strong business case for the technology.
There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old fashioned way… there are few resources that can match the in-depth, comprehensive detail of a good book.
With that in mind, I’ve compiled a short list of the top six introductory SIEM, and log management books available today, listed in no particular order. We have also built a small SIEM book library on this site which you can access here.
Please note that several of these books have been in print for years and will not be up-to-date on the current range of SIEM solutions on the market. However, despite their age these books still function well as high-altitude introductions to concepts and ideas that professionals building SIEM business plans need to be familiar with.
Security Information and Event Management (SIEM) Implementation (Network Pro Library)
by David R. Miller, Shon Harris, Alan Harper, Stephen VanDyke, and Chris Blask
“Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts.
“The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.”
Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data
by Mark Talabis, Robert Mcpherson, I. Miyamoto, and Jason Martin
“Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques.
“Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covered in this book, you will be able to gain security insights into unstructured big data of any type.”
Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
by Evan Wheeler
The goal of Security Risk Management is to teach you practical techniques that will be used on a daily basis while also explaining the fundamentals so you understand the rationale behind these practices. Security professionals often fall into the trap of telling the business that they need to fix something, but they can’t explain why.
“This book will help you to break free from the so-called ‘best practices’ argument by articulating risk exposures in business terms. You will learn techniques for how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive guide for managing security risks.”
Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
by Anton A. Chuvakin and Kevin J. Schmidt
“Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management introduces information technology professionals to the basic concepts of logging and log management. It provides tools and techniques to analyze log data and detect malicious activity.
“The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems.”
Data-Driven Security: Analysis, Visualization and Dashboards
by Jay Jacobs and Bob Rudis
“Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful ?data analysis and visualization. You’ll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions.
“Everything in this book will have practical application for information security professionals.”
Network Security Through Data Analysis: Building Situational Awareness
by Michael S. Collins
“Traditional intrusion detection and log file analysis are no longer enough to protect today’s complex networks. In this practical guide, security researcher Michael Collins shows you several techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to protect and improve it.
“Divided into three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. It’s ideal for network administrators and operational security analysts familiar with scripting.”
Latest posts by Jeff Edwards (see all)
- OneLogin and Sumo Logic Announce Integration Partnership - February 23, 2017
- The FBI Has Launched 3 Investigations Into Alleged Russian Election Hacking - February 22, 2017
- HIPAA for Infosec Pros, A Presentation from BSides Tampa 2017 - February 21, 2017