Full disclosure: the author of this book is a professional acquaintance of mine.
It has been about 8 years since Richard Bejtlich’s last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this book, you are already reviewing tcpdump output at page 16.
In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, the author takes the approach that your network will be attacked and breached. He observes that a critical part of your security posture must be that of network security monitoring (NSM), which is the collection and analysis of data to help you detect and respond to intrusions.
In this book, Bejtlich details how to design a NSM program from the initiation state. Being a big open source proponent, the book is short on proprietary tools, and long on open source solutions.
The book is about the inevitable, that attackers will get inside your network. While it’s inevitable they will get in, it’s not inevitable that you have to be caught off-guard.
In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, it is a book about how not to be surprised, and looks to be a great read.
Full review to follow.
No Starch Press O'Reilly 159327509 978-1593275099 Mandiant Rothke APT