The Practice of Network Security Monitoring: Understanding Incident Detection & Response


Posted on by Ben Rothke

Full disclosure: the author of this book is a professional acquaintance of mine.

It has been about 8 years since Richard Bejtlich’s last book Extrusion Detection: Security Monitoring for Internal Intrusions came out.  That and his other 2 books were heavy on technical analysis and real-word solutions.  Some titles only start to cover ground after about 80 pages of introduction.  With this book, you are already reviewing tcpdump output at page 16.

In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, the author takes the approach that your network will be attacked and breached.   He observes that a critical part of your security posture must be that of network security monitoring (NSM), which is the collection and analysis of data to help you detect and respond to intrusions.

In this book, Bejtlich details how to design a NSM program from the initiation state.  Being a big open source proponent, the book is short on proprietary tools, and long on open source solutions.

The book is about the inevitable, that attackers will get inside your network.  While it’s inevitable they will get in, it’s not inevitable that you have to be caught off-guard. 

In The Practice of Network Security Monitoring: Understanding Incident Detection and Response, it is a book about how not to be surprised, and looks to be a great read.

Full review to follow.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

No Starch Press O'Reilly 159327509 978-1593275099 Mandiant Rothke APT

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

hackers & threats cyber warfare & cyber weapons data security anti-malware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs