Book Review: A failed attempt to land on MARS | eWEEK Labs | eWeek

Book Review: A failed attempt to land on MARS

Jul 16, 2007
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Monday is book review day at Permit/Deny. I spent the weekend with a copy of Security Monitoring with Cisco Security MARS, by Gary Halleen and Greg Kellogg. The book was published in June 2007 by Cisco Press.

To give a little bit more perspective on the book, it’s helpful to know that at the end of 2005, Cisco bought a company called Protego that made a security monitoring and threat management system. That product morphed into CS-MARS (Cisco Security Monitoring, Analysis, and Response System) and is the topic of a rather cursory overview that barely manages to justify the $60.00 cover price.

While the forward starts off bravely stating that “deploying and using MARS without reading this book is like throwing money away” you could also look here or here for some good overview (and a considerable amount of detail) on planning and implementing a CS-MARS deployment. It looks like that’s what the authors did and reproduced some of the most useful project sizing guides from the Cisco documentation in their book.

Security Monitoring with Cisco Security MARS does offer some useful advice about event tuning (see page 152) and succeeds in its attempt to define Cisco’s meaning of the term “false-positive.” Generally, however, the book is a condensation of Cisco documentation and falls short on offering comments critical of CS-MARS.

For example, the book doesn’t attempt to cover the reasons that CS-MARS might be less-than-effective for a task such as log management. And while the authors bring a significant amount of security experience to the topic, only dribs and drabs of practical suggestions make it onto the page. As such Security Monitoring with Cisco Security MARS ends up as an expert summary of the product—a step above a whitepaper, but not much.

Security Monitoring with Cisco Security MARS By Gary Halleen, Greg Kellogg. Published by Cisco Press ISBN-10: 1-58705-270-9; ISBN-13: 978-1-58705-270-5; Published: Jul 6, 2007; Copyright 2007; Dimensions 7-3/8×9-1/8; Pages: 336; Edition: 1st. $60.00.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.