Some more geek entertainment from No Starch press! The full title of this book is: The Practice of Network Security Monitoring: Understanding Incident Detection and Response. The Practice of NSM, as it’s abbreviated in the book, was written by the CSO of Mandiant, Richard Bejtlich, who also blogs at TaoSecurity.
So what is Network Security Monitoring? First, NSM isn’t about control, i.e. blocking, preventing or filtering; it’s about awareness and visibility. You may have a dozen of the best security products in place, but what if they’re either not doing what they’re supposed to or not catching other attacks? NSM gives you insight into the state of your security regardless of what products you have in place.
What does this book cover? Although it starts off with an overview of what NSM is and isn’t, it is mainly geared to a very technical audience. It focuses on conducting NSM and intrusion detection by using a very popular security toolkit called Security Onion, which in turn is a collection of security tools including Snort, Sguil, Xplico and many others packaged up into an Ubuntu Linux distribution.
It gets very deep into the weeds on using Security Onion, and I don’t mean this in a bad way, but this book could quite as easily have been renamed Using Security Onion or something to that effect. But that doesn’t mean it’s useless if you’re using other tools. After all, TCP/IP networks have the same foundation regardless of tools, and the approaches explained in this book still apply.
As a visual learner, I enjoyed seeing all of the photographs and diagrams. After all, a picture tells a thousand words, and it verifies that you’re on the right track as you follow along. There are also numerous code examples and sample outputs. This is exactly how technical books like this need to be written.
If you’re only just starting in incident response and/or network monitoring, this shouldn’t be your first title, but it will make a fine addition once you get to this stage. You can pick up this title on Amazon in either paperback for $31 or eBook for $25.
(Disclaimer: Gizmos for Geeks received a complimentary review copy of this product, thanks to No Starch Press.)