The Practice of Network Security Monitoring: Understanding Incident Detection and Response

The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Richard Bejtlich


Network protection isn't easily approximately construction impenetrable partitions — made up our minds attackers will ultimately triumph over conventional defenses. the simplest laptop defense ideas combine community defense tracking (NSM): the gathering and research of knowledge that will help you discover and reply to intrusions.

In The perform of community defense Monitoring, Mandiant CSO Richard Bejtlich indicates you the way to exploit NSM so as to add a strong layer of defense round your networks — no past event required. that can assist you steer clear of high priced and rigid options, he teaches you the way to set up, construct, and run an NSM operation utilizing open resource software program and vendor-neutral tools.

You'll learn the way to:

  • Determine the place to install NSM structures, and dimension them for the monitored networks
  • Deploy stand-alone or disbursed NSM installations
  • Use command line and graphical packet research instruments, and NSM consoles
  • Interpret community facts from server-side and client-side intrusions
  • Integrate possibility intelligence into NSM software program to spot subtle adversaries

There's no foolproof option to preserve attackers from your community. but if they get in, you will be ready. The perform of community protection Monitoring will assist you to construct a safety internet to observe, include, and keep watch over them. assaults are inevitable, yet wasting delicate information won't be.

Show sample text content

Download sample