Skip to main content
The Practice of Network Security Monitoring: Understanding Incident Detection and Response

The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Current price: $49.95
Publication Date: July 15th, 2013
Publisher:
No Starch Press
ISBN:
9781593275099
Pages:
376

Description

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:
–Determine where to deploy NSM platforms, and size them for the monitored networks
–Deploy stand-alone or distributed NSM installations
–Use command line and graphical packet analysis tools, and NSM consoles
–Interpret network evidence from server-side and client-side intrusions
–Integrate threat intelligence into NSM software to identify sophisticated adversaries

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

About the Author

Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (http://taosecurity.blogspot.com/) and writes on Twitter as @taosecurity.

Praise for The Practice of Network Security Monitoring: Understanding Incident Detection and Response

"A comprehensive guide. Certain to make the reader a better information security practitioner, and their network more secure."
—Ben Rothke, Slashdot

"If you are in cyber security, this is a must read. The book is the best resource for tools I have seen anywhere."
—Stephen Northcutt, SANS Institute 

"A very well written technical book. I would recommend this for anyone getting into the field of incident response who doesn't have a great understanding of NSM."
—Greg Hetrick, PaulDotCom 

"Deploying NSM not only means you can quickly identify, contain, and remediate intrusions, it gives you insight into the network as a whole."
—Michael W. Lucas, author of Absolute OpenBSD, 2nd Edition 

"The Practice of Network Security Monitoring: the best surveillance book you'll read anytime soon."
—Peter N. M. Hansteen, author of The Book of PF 

"This gem from No Starch Press covers the life-cycle of Network Security Monitoring (NSM) in great detail and leans on Security Onion as its backbone. I recommend an immediate download of the latest version of Security Onion and a swift purchase of Richard’s book."
—Russ McRee, senior security analyst, Microsoft 

"The principles Bejtlich outlines for running your security monitoring are the kind of best practice you should apply to any important server."
—Mary Branscombe, ZDNet 

"If you want to know what to do when intruders arrive on your network and how to best prepare for that eventuality, you must read this book."
—Sandra Henry-Stocker, ITWorld

"Bejtlich is a master of his craft and also possesses the rare gift of being able to share his knowledge in a comprehensible way."
—Richard Austin, IEEE Cipher

"As tech books go, it's a pretty fun ride."
—Michael Larsen, Testhead