Applied Network Security Monitoring
Collection, Detection, and Analysis
Book Details:
Publisher: | Syngress |
Series: |
Springer
|
Author: | Chris Sanders |
Edition: | 1 |
ISBN-10: | 0124172083 |
ISBN-13: | 9780124172081 |
Pages: | 496 |
Published: | Dec 19 2013 |
Posted: | Nov 19 2014 |
Language: | English |
Book format: | PDF |
Book size: | 41.5 MB |
Book Description:
Applied Network Security Monitoringis the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM. Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, your ability to detect and respond to that intrusion can be the difference between a small incident and a major disaster. The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical knowledge that you can apply immediately. Discusses the proper methods for planning and executing an NSM data collection strategy Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, PRADS, and more The first book to define multiple analysis frameworks that can be used for performing NSM investigations in a structured and systematic manner Loaded with practical examples that make use of the Security Onion Linux distribution Companion website includes up-to-date blogs from the authors about the latest developments in NSM, complete with supplementary book materials If you've never performed NSM analysis,Applied Network Security Monitoringwill help you grasp the core concepts needed to become an effective analyst. If you are already working in an analysis role, this book will allow you to refine your analytic technique and increase your effectiveness. You will get caught off guard, you will be blind sided, and sometimes you will lose the fight to prevent attackers from accessing your network. This book is about equipping you with the right tools for collecting the data you need, detecting malicious activity, and performingthe analysis that will help you understand the nature of an intrusion. Although prevention can eventually fail, NSM doesn't have to. ** Note: All author royalties from the sale of Applied NSM are being donated to a number of charities selected by the authors.
Beyond Intrusion Detection
"The book you are about to read will arm you with the knowledge you need to defend your network from attackers-both the obvious and the not so obvious.... If you are new to network security, don't put this book back on the shelf! This is a great book for beginners and I wish I had access to it many years ago. If you've learned the basics of TCP/IP protocols and run an open source or commercial IDS, you may be asking 'What's next?' If so, this book is for you." -Ron Gula, founder and CTO, Tenable Network Security, from the Foreword "Richard Bejtlich has a good perspective on Internet security-one that is orderly and practical at the same time. He keeps readers grounded and addresses the fundamentals in an accessible way." -Marcus...
Understanding Incident Detection and Response
Network security is not simply about building impenetrable walls - determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions. In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks - no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. You'll learn how to: Determine where to deploy NSM platforms, and size them for the monitor...
Security Monitoring with Cisco Security MARS Threat mitigation system deployment Gary Halleen Greg Kellogg Networks and hosts are probed hundreds or thousands of times a day in an attempt to discover vulnerabilities. An even greater number of automated attacks from worms and viruses stress the same devices. The sheer volume of log messages or events generated by these attacks and probes, combined with the complexity of an analyst needing to use multiple monitoring tools, often makes it impossible to adequately investigate what is happening. Cisco Security Monitoring, Analysis, and Response System (MARS) is a next-generation Security Threat Mitigation system (STM). Cisco Security MARS receives raw network and security data and performs correlatio...
2007 - 2021 © eBooks-IT.org