Applied Network Security Monitoring
- Length: 496 pages
- Edition: 1
- Language: English
- Publisher: Syngress
- Publication Date: 2013-12-19
- ISBN-10: 0124172083
- ISBN-13: 9780124172081
- Sales Rank: #82116 (See Top 100 Books)
Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM.
Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, your ability to detect and respond to that intrusion can be the difference between a small incident and a major disaster.
The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical knowledge that you can apply immediately.
- Discusses the proper methods for planning and executing an NSM data collection strategy
- Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, PRADS, and more
- The first book to define multiple analysis frameworks that can be used for performing NSM investigations in a structured and systematic manner
- Loaded with practical examples that make use of the Security Onion Linux distribution
- Companion website includes up-to-date blogs from the authors about the latest developments in NSM, complete with supplementary book materials
If you’ve never performed NSM analysis, Applied Network Security Monitoring will help you grasp the core concepts needed to become an effective analyst. If you are already working in an analysis role, this book will allow you to refine your analytic technique and increase your effectiveness.
You will get caught off guard, you will be blind sided, and sometimes you will lose the fight to prevent attackers from accessing your network. This book is about equipping you with the right tools for collecting the data you need, detecting malicious activity, and performing the analysis that will help you understand the nature of an intrusion. Although prevention can eventually fail, NSM doesn’t have to.
Note: All author royalties from the sale of Applied NSM are being donated to a number of charities selected by the authors.
Table of Contents
Chapter 1. The Practice of Applied Network Security Monitoring
Section 1: Collection
Chapter 2. Planning Data Collection
Chapter 3. The Sensor Platform
Chapter 4. Session Data
Chapter 5. Full Packet Capture Data
Chapter 6. Packet String Data
Section 2: Detection
Chapter 7. Detection Mechanisms, Indicators of Compromise, and Signatures
Chapter 8. Reputation-Based Detection
Chapter 9. Signature-Based Detection with Snort and Suricata
Chapter 10. The Bro Platform
Chapter 11. Anomaly-Based Detection with Statistical Data
Chapter 12. Using Canary Honeypots for Detection
Section 3: Analysis
Chapter 13. Packet Analysis
Chapter 14. Friendly and Threat Intelligence
Chapter 15. The Analysis Process