Applied Network Security Monitoring
Collection, Detection, and Analysis
Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.
The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.
If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.
<P/>Information security practitioners, network administrators, computer system administrators, IT professionals, NSM analysts, forensic analysts, incident responders, and an academic audience among information security majors.<P/>
- Published: December 2013
- Imprint: SYNGRESS
- ISBN: 978-0-12-417208-1
"... an extremely informative dive into the realm of network security data collection and analysis...well organized and thought through...I have only positive comments from my study."
- Introduction to NSM
- Driving Data Collection
- The Sensor Platform
- Full Packet Capture Data
- Session Data
- Protocol Metadata
- Statistical Data
- Indicators of Compromise
- Target-Based Detection
- Signature-Based Detection with Snort
- Signature-Based Detection with Suricata
- Anomaly-Based Detection with Bro
- Early Warning AS&W with Honeypots
- Packet Analysis
- Friendly Intelligence
- Hostile Intelligence
- Differential Diagnosis of NSM Events
- Incident Morbidity and Mortality
- Malware Analysis for NSM