PRODUCT SUPPORT ANNOUNCEMENT
See the latest about COVID-19 shipping availability and video/Web Edition load errors. Learn more.
Prevent security breaches by protecting endpoint systems with Cisco Security Agent, the Cisco host Intrusion Prevention System
Cisco Security Agent presents a detailed explanation of Cisco Security Agent, illustrating the use of host Intrusion Prevention Systems (IPS) in modern self-defending network protection schemes. At the endpoint, the deployment of a host IPS provides protection against both worms and viruses. Rather than focusing exclusively on reconnaissance phases of network attacks a host IPS approaches the problem from the other direction, preventing malicious activity on the host by focusing on behavior. By changing the focus to behavior, damaging activity can be detected and blocked–regardless of the attack.
Cisco Security Agent is an innovative product in that it secures the portion of corporate networks that are in the greatest need of protection–the end systems. It also has the ability to prevent a day-zero attack, which is a worm that spreads from system to system, taking advantage of vulnerabilities in networks where either the latest patches have not been installed or for which patches are not yet available. Cisco Security Agent utilizes a unique architecture that correlates behavior occurring on the end systems by monitoring clues such as file and memory access, process behavior, COM object access, and access to shared libraries as well as other important indicators.
Cisco Security Agent is the first book to explore the features and benefits of this powerful host IPS product. Divided into seven parts, the book provides a detailed overview of Cisco Security Agent features and deployment scenarios. Part I covers the importance of endpoint security. Part II examines the basic components of the Cisco Security Agent architecture. Part III addresses agent installation and local use. Part IV discusses the Cisco Security Agent management console’s reporting and monitoring capabilities. Part V covers advanced Cisco Security Agent analysis features. Part VI covers Cisco Security Agent policy, implementation, and management. Part VII presents additional installation and management information.
Whether you are evaluating host IPS in general or looking for a detailed deployment guide for Cisco Security Agent, this book will help you lock down your endpoint systems and prevent future attacks.
“While there are still a lot of ways that security can go wrong, Cisco Security Agent provides a defense even when something is wrong. I remember the email that came around from our system administrator that said, ‘There’s something attacking our web server. We’re not sure what it is, but Stormwatch is blocking it.’ That was the Nimda worm–the first of a long line of attacks stopped by Cisco Security Agent.”
–Ted Doty, Product Manager, Security Technology Group, Cisco Systems®
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Part I The Need for Endpoint Security
Chapter 1 Introducing Endpoint Security
Chapter 2 Introducing the Cisco Security Agent
Part II Understanding the CSA Building Blocks
Chapter 3 Understanding CSA Groups and Hosts
Chapter 4 Understanding CSA Policies, Modules, and Rules
Chapter 5 Understanding Application Classes and Variables
Part III CSA Agent Installation and Local Agent Use
Chapter 6 Understanding CSA Components and Installation
Chapter 7 Using the CSA User Interface
Part IV Monitoring and Reporting
Chapter 8 Monitoring CSA Events
Chapter 9 Using CSA MC Reports
Part V Analyzing CSA
Chapter 10 Application Deployment Investigation
Chapter 11 Application Behavior Analysis
Part VI Creating Policy, Implementing CSA, and Maintaining the CSA MC
Chapter 12 Creating and Tuning Policy
Chapter 13 Developing a CSA Project Implementation Plan
Chapter 14 CSA MC Administration and Maintenance
Part VII Appendixes
Appendix A VMS and CSA MC 4.5 Installation
Appendix B Security Monitor Integration
Appendix C CSA MIB