xianshield

This presentation discusses techniques for building a successful computer security monitoring system.  In this preso, Cisco CSIRT engineers describe their approach, topology, challenges, and lessons learned in the process. This highly practical session illustrates security monitoring with Cisco Intrusion Prevention System (IPS) version 5 and 6, Cisco Security Monitoring, Analysis and Response (MARS) solution version 4, Netflow v7, and syslog. Cisco CSIRT engineers describe how the global solution was deployed, tuned, and lessons learned.