Applied Network Security Monitoring: Collection, Detection, and Analysis
Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, your ability to detect and respond to that intrusion can be the difference between a small incident and a major disaster.
The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical knowledge that you can apply immediately.
- Discusses the proper methods for planning and executing an NSM data collection strategy
- Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, PRADS, and more
- The first book to define multiple analysis frameworks that can be used for performing NSM investigations in a structured and systematic manner
- Loaded with practical examples that make use of the Security Onion Linux distribution
- Companion website includes up-to-date blogs from the authors about the latest developments in NSM, complete with supplementary book materials
You will get caught off guard, you will be blind sided, and sometimes you will lose the fight to prevent attackers from accessing your network. This book is about equipping you with the right tools for collecting the data you need, detecting malicious activity, and performing the analysis that will help you understand the nature of an intrusion. Although prevention can eventually fail, NSM doesn't have to.
Reviews (48)
Great book on defensive security
I just finished this, my first "blue team" read. I don't have anything to compare it to but, man -- I feel like everything I need to know is in it. It starts from the beginning and ends at the end and seems to tell you everything you need to know along the way. It's almost like a reference book. Find the subject your looking for and it will tell you everything you need to know to start searching online for help with your particulars. It's not a fun read, but it's thorough and very readable. Recommended read for whatever reason you're looking at defensive security.
I can tell it's a good book, however
I can tell it's a good book, however, not friendly to beginners. Very early on in the book it states that it doesn't teach networking basics. Should've known better, but definitely not downgrading the book! Just a personal mistake that I made and I don't want you to do the same!
Must Have For Network Security Monitors
Chris Sanders knows his stuff. This is by far one of the best books I've read on this subject. Very thorough and indepth yet presented in a way that makes it easy to grasp the material. You will have a firm grasp of network security monitoring after reading this book.
Great book, highly recommended, a little long winded
The good: Applied NSM is a good book to read to learn about this topic. The author knows his stuff, and he's a pretty good teacher. Technical terms are defined before they're used, so you won't get lost. Everything is approached step-by-step, you won't run into the Draw An Owl Meme (google it) problem. Also the text is comprehensive, important topics are not left out. Who the book is written for: I'm a network administrator with over a decade of experience, I manage a decent sized network by myself, and wanted more knowledge about this area of network security. The book is more aimed at, "I have a beginners level knowledge of networks and I want to get hired somewhere where my job title is "Network Security Analyst". So the explanations are woven with the thread of a team in mind, but not in a way that detracts from your ability to learn if you're a lone wolf. The bad: I wish I could give the book 4.5 stars. The only problem I ran into is that for my taste, which is borne out of decades of reading technical documentation, the author is a bit long winded. It's not terse enough. Explanations that could be offered in one short sentence are drawn out into a paragraph. I suppose this is good if you're a complete beginner, but it made the text a big of a slog for me, and I found myself skipping first paragraphs and then pages. For example, suppose I wanted to communicate to you this brief and technical point: "The lsof command prints a list of open files, the -i argument lists network connections." The author would render that into this: "Various commands are able to display the current status of the computer. From time to time, users may want the ability to view which files on the computer are open and which files are not. Fortunately, the computer provides a tool that is able to do this. If you want to view open files on the computer, for example, you can use the lsof command, which is typed into your terminal. The lsof command provides various options as well in order to change its output. For example, -i is one of the available options. -i allows lsof to view the activity of the network interface in the form of active and listening connections." Overall, though, if you're a beginner and you want knowledge on this topic, this book will give it to you.
An excelent foundational book covering the essentials
Most enterprises split (as covered in the book) NSM into tiers up to three. This book will assist anyone just getting in the field and help with foundational processes to unlock tier 2. Coverage of monitoring tools is spot on and does a decent job of proposing monitoring strategies. The book recommends good habits such as keeping an analyst journal and takes the perspective of an operator in the trenches. Would have liked to read about some novel approaches that leverage monitoring or, techniques to automate the most routine tasks but overall the book is an excellent desktop reference and guidance to NSM by analyst, for analyst.
Highly recommended.
This is the book that started it all for me. If you are an MSSP and you are trying to get the hang of the whole security thing this books is for you. While content is somewhat outdated this book teaches you how to think and how to get you SOC going. Highly recommended.
A must read for everyone working (or planning to work) ...
A must read for everyone working (or planning to work) to protect an operational network. Filled with practical advice in building fundamental skills and solutions in environments with constrained budgets.
Chris and Team have created an excellent and quality NSM source!
Highly recommended! Applied NSM should be in every security professional's bookshelf. Not only does it cover effective security monitoring methodologies and best practices, but walks you through from tool selection, installation, configuration, and maintenance. Overall, the book is very well written and carefully articulated; it almost leaves you without having to question or second guess the information provided. It just makes sense!
Great book on Network Security Monitoring
Disclaimers: I’m a long time NSM practitioner and I work with Smith & Bianco. Chris was gracious enough to provide me with a PDF copy of the book for review. - - - - Applied NSM is a powerhouse of practitioner knowledge. Divided into three primary sections (Collection, Detection, & Analysis) ANSM focuses on the key staples necessary for establishing a successful NSM program and how to get up and running. The book weighs in at an impressive 465 pages (including appendixes). However, depending on the readers familiarity with NSM and exposure to other related works on the subject, there could be some overlap. The areas I found most valuable that contributed new concepts to my “NSM library" included: Chapter 2’s discussion on the Applied Collection Framework Chapter 4’s coverage of SiLK for analysis of flow data Chapter 6’s coverage of LogStash and Kibana Chapter 10’s coverage on Bro Chapter 11’s coverage on Anomaly based detection via SiLK tools Appendix 3 makes for a handy desk side reference if you work with raw packet captures on a daily basis. For these sections alone, ANSM makes it well worth the purchase and addition to your collection. Speaking of which, all of the proceeds from this book go to several charities, and after having initially reviewed it for free, I still decided to purchase a copy on Kindle to have as a desk side reference and support such great causes. Great job guys!
For Network Guru's
I purchased this book as part of a high level network monitoring project that I am working on within the Healthcare sector. This book was outstanding, if you want to learn about collection, detection and analysis of applied network security monitoring, this is the book for you. The content was outstanding, However I do have readers some advance warning. Please understand the basic dynamics of networking. This means please know the following Microsoft products, Cisco products etc. All the key important things a System Admin or Network Admin should already know. Please understand how to segment a network. Overall I found this book outstanding, I started reading the book when I received it. I am half way through the book, and thus far I like what I am reading. Great job.
Comments
Post a Comment