The practice of network security monitoring: understanding incident detection and response cover image

The practice of network security monitoring: understanding incident detection and response

By Richard Bejtlich
No Starch Press


Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions. In <em>The Practice of Network Security Monitoring</em>, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. You'll learn how to: • Determine where to deploy NSM platforms, and size them for the monitored networks • Deploy stand-alone or distributed NSM installations • Use command line and graphical packet analysis tools, and NSM consoles • Interpret network evidence from server-side and client-side intrusions • Integrate threat intelligence into NSM software to identify sophisticated adversaries There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. <em>The Practice of Network Security Monitoring</em> will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.

Related books

Crime and Detection in Contemporary Culture
Martina Vránová, Zénó Vernyik, Dávid Levente Palatinus
Murder for Pleasure: The Life and Times of the Detective Story
Howard Haycraft
Собрание сочинений в 30 томах. Лечение шоком. Легко приходят — легко уходят. Ясным летним утром.
Чейз, Дж. Х.
Name of the wind(the kingkiller chronicles book 1)
Patrick Rothfuss
В схватках с врагом
Цвигун С. и др.
Вероятность равна нулю
Пеев Д., Грушко Е., Поволяев В., Глазков Ю.