To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
I just finished this, my first "blue team" read. I don't have anything to compare it to but, man -- I feel like everything I need to know is in it. It starts from the beginning and ends at the end and seems to tell you everything you need to know along the way.
It's almost like a reference book. Find the subject your looking for and it will tell you everything you need to know to start searching online for help with your particulars. It's not a fun read, but it's thorough and very readable.
Recommended read for whatever reason you're looking at defensive security.
I can tell it's a good book, however, not friendly to beginners. Very early on in the book it states that it doesn't teach networking basics. Should've known better, but definitely not downgrading the book! Just a personal mistake that I made and I don't want you to do the same!
Chris Sanders knows his stuff. This is by far one of the best books I've read on this subject. Very thorough and indepth yet presented in a way that makes it easy to grasp the material. You will have a firm grasp of network security monitoring after reading this book.
The good: Applied NSM is a good book to read to learn about this topic. The author knows his stuff, and he's a pretty good teacher. Technical terms are defined before they're used, so you won't get lost. Everything is approached step-by-step, you won't run into the Draw An Owl Meme (google it) problem. Also the text is comprehensive, important topics are not left out.
Who the book is written for: I'm a network administrator with over a decade of experience, I manage a decent sized network by myself, and wanted more knowledge about this area of network security. The book is more aimed at, "I have a beginners level knowledge of networks and I want to get hired somewhere where my job title is "Network Security Analyst". So the explanations are woven with the thread of a team in mind, but not in a way that detracts from your ability to learn if you're a lone wolf.
The bad: I wish I could give the book 4.5 stars. The only problem I ran into is that for my taste, which is borne out of decades of reading technical documentation, the author is a bit long winded. It's not terse enough. Explanations that could be offered in one short sentence are drawn out into a paragraph. I suppose this is good if you're a complete beginner, but it made the text a big of a slog for me, and I found myself skipping first paragraphs and then pages.
For example, suppose I wanted to communicate to you this brief and technical point: "The lsof command prints a list of open files, the -i argument lists network connections." The author would render that into this:
"Various commands are able to display the current status of the computer. From time to time, users may want the ability to view which files on the computer are open and which files are not. Fortunately, the computer provides a tool that is able to do this. If you want to view open files on the computer, for example, you can use the lsof command, which is typed into your terminal. The lsof command provides various options as well in order to change its output. For example, -i is one of the available options. -i allows lsof to view the activity of the network interface in the form of active and listening connections."
Overall, though, if you're a beginner and you want knowledge on this topic, this book will give it to you.
Most enterprises split (as covered in the book) NSM into tiers up to three. This book will assist anyone just getting in the field and help with foundational processes to unlock tier 2. Coverage of monitoring tools is spot on and does a decent job of proposing monitoring strategies. The book recommends good habits such as keeping an analyst journal and takes the perspective of an operator in the trenches.
Would have liked to read about some novel approaches that leverage monitoring or, techniques to automate the most routine tasks but overall the book is an excellent desktop reference and guidance to NSM by analyst, for analyst.
This is the book that started it all for me. If you are an MSSP and you are trying to get the hang of the whole security thing this books is for you. While content is somewhat outdated this book teaches you how to think and how to get you SOC going. Highly recommended.
A must read for everyone working (or planning to work) to protect an operational network. Filled with practical advice in building fundamental skills and solutions in environments with constrained budgets.