To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
I got this book a while ago and read first couple chapters and thought it was too easy, abstract and non-techinical. I assumed everything in this book is like that and boy, was I wrong. I actually read this book after I failed two incident response interviews and I realized that only if I had read this before I might have done better on the interviews. I'm not saying I could have got the job but I could have failed less miserably. Overall a really good book for people who have the basic networking knowledge, know some hex, binaries to do some packet analysis. If you are familiar with some packet capture tools or even NIDs that's an added advantage. If you are not familiar with computer networking then I would strongly suggest reading a networking book before you read this book, otherwise you will be lost. P.S. I really loved the chapter on Bro IDS.
If you are currently practicing network security monitoring or considering getting in to this field you should read this book. The depth and breadth of this text walks you through the establishment of an NSM capability through the staffing of a SOC and the processes one should consider implementing to run a successful NSM practice. All the examples in the text are accompanied by a practical demonstration utilizing Security Onion which is a self contained NSM environment which has been successfully implemented in numerous enterprises. The books covers the technical aspects of NSM without sacrificing the management aspect of running an NSM. Additionally, incident responders will also find value in this text. It includes topics related to post event log analysis as well is the use of netflow data in the day to day operation of NSM. If you practice NSM, manage a SOC or are just curious, this is the book to read.
Those of us who have ever been forced into digesting anything ever published by Cisco Press know easy to read textbooks are diamonds in the rough. It's clear the authors of Applied NSM went to great lengths to be as technically thorough as possible while maintaining an easy, entertaining and conversational tone throughout the book. It's the anti "Makes Me Want To Bash My Face Into My Desk Just To Stay Awake" book.
2. The right tool for the job but...
The goal of any analyst is simple but crucial, find evil by any means necessary. To that end you need better weapons than your adversary. In this book Security Onion is your arsenal and the authors perform a deep dive into all wonderful toys Security Onion has to offer. The tools listed within the pages of this book are your ticket to a better way to find the badness lurking on your clients network. That being said...
3. ...tools alone will not save you and the authors know it.
Of all the weapons at your disposal in the never-ending hunt for evil, unequivocally the most important is that big spongy thing between your ears. This book isn't just a stack of man pages with a fancy cover thrown on, it provides valuable insight and guidance to aid your own unique thought process and hunting style. On that topic, a special note...
4. Get your mind right.
Chapter 15 "The Analysis Process" should be required reading for both every newbie working in a SOC and every jaded veteran. This chapter could be it's own book and if I have any complaint about Applied NSM it's that this chapter wasn't long enough for me. It's so absolutely crucial I recommend you read it first, then read it again. If you buy the book for no other reason, buy it for Chapter 15.
So that's it, whether you're a n00b looking to find his footing in this industry or a battle tested warrior looking for new ways to catch the bad guys, Applied Network Security Monitoring is an absolute must have. Good hunting!
I've been doing NSM on/off for the past 2-3 years, and about 50% of the material in this book was new to me. Gives a solid foundation to just about every aspect of NSM, anyone looking to start in this field or if your already in it, I would recommend this book. A few mistakes here and there, but nothing you can't read past.
One of the most attention holding technical books I have ever read. Would recommend getting another book from this guy. It's not just the how tos and technical stuff, but goes into detail on the hows and whys of your tools and various network topographies in relation to optimal monitoring. Also covers things from a management perspective and how to justify the tools, placement and other factors in planning your NSM course of action.
I have been looking for some reference material to help me with the ins and outs of security monitoring. Great book, easy read. Although I wouldn't recommend it for the IT beginner as some practical hands-on experience would be required for the type of work that is outlined. I would recommend it for anyone supporting or even contemplating a NSM solution.
Chris....great job! I like the technical level of your writing it keeps the reader engaged and doesn't me to sleep.