Applied Network Security Monitoring: Collection, Detection, and Analysis

Here's what you need to know about Applied NSM.1. It's an amazingly easy read.Those of us who have ever been forced into digesting anything ever published by Cisco Press know easy to read textbooks are diamonds in the rough. It's clear the authors of Applied NSM went to great lengths to be as technically thorough as possible while maintaining an easy, entertaining and conversational tone throughout the book. It's the anti "Makes Me Want To Bash My Face Into My Desk Just To Stay Awake" book.2. The right tool for the job but...The goal of any analyst is simple but crucial, find evil by any means necessary. To that end you need better weapons than your adversary. In this book Security Onion is your arsenal and the authors perform a deep dive into all wonderful toys Security Onion has to offer. The tools listed within the pages of this book are your ticket to a better way to find the badness lurking on your clients network. That being said...3. ...tools alone will not save you and the authors know it.Of all the weapons at your disposal in the never-ending hunt for evil, unequivocally the most important is that big spongy thing between your ears. This book isn't just a stack of man pages with a fancy cover thrown on, it provides valuable insight and guidance to aid your own unique thought process and hunting style. On that topic, a special note...4. Get your mind right.Chapter 15 "The Analysis Process" should be required reading for both every newbie working in a SOC and every jaded veteran. This chapter could be it's own book and if I have any complaint about Applied NSM it's that this chapter wasn't long enough for me. It's so absolutely crucial I recommend you read it first, then read it again. If you buy the book for no other reason, buy it for Chapter 15.So that's it, whether you're a n00b looking to find his footing in this industry or a battle tested warrior looking for new ways to catch the bad guys, Applied Network Security Monitoring is an absolute must have. Good hunting!

While it is somewhat dated you won't find all the tools needed for SEC503/GCIA anywhere else. Organized better than my SANS books for the class with easy to understand examples. Immediately applicable. Best breakdown of packet analysis you can find. Much appreciated to Chris Sanders the author.

Disclaimers:I’m a long time NSM practitioner and I work with Smith & Bianco.Chris was gracious enough to provide me with a PDF copy of the book for review.- - - -Applied NSM is a powerhouse of practitioner knowledge. Divided into three primary sections (Collection, Detection, & Analysis) ANSM focuses on the key staples necessary for establishing a successful NSM program and how to get up and running.The book weighs in at an impressive 465 pages (including appendixes). However, depending on the readers familiarity with NSM and exposure to other related works on the subject, there could be some overlap.The areas I found most valuable that contributed new concepts to my “NSM library" included:Chapter 2’s discussion on the Applied Collection FrameworkChapter 4’s coverage of SiLK for analysis of flow dataChapter 6’s coverage of LogStash and KibanaChapter 10’s coverage on BroChapter 11’s coverage on Anomaly based detection via SiLK toolsAppendix 3 makes for a handy desk side reference if you work with raw packet captures on a daily basis.For these sections alone, ANSM makes it well worth the purchase and addition to your collection. Speaking of which, all of the proceeds from this book go to several charities, and after having initially reviewed it for free, I still decided to purchase a copy on Kindle to have as a desk side reference and support such great causes.Great job guys!

I just finished this, my first "blue team" read. I don't have anything to compare it to but, man -- I feel like everything I need to know is in it. It starts from the beginning and ends at the end and seems to tell you everything you need to know along the way.It's almost like a reference book. Find the subject your looking for and it will tell you everything you need to know to start searching online for help with your particulars. It's not a fun read, but it's thorough and very readable.Recommended read for whatever reason you're looking at defensive security.

If you are currently practicing network security monitoring or considering getting in to this field you should read this book.The depth and breadth of this text walks you through the establishment of an NSM capability through the staffing of a SOC and the processes one should consider implementing to run a successful NSM practice.All the examples in the text are accompanied by a practical demonstration utilizing Security Onion which is a self contained NSM environment which has been successfully implemented in numerous enterprises.The books covers the technical aspects of NSM without sacrificing the management aspect of running an NSM. Additionally, incident responders will also find value in this text. It includes topics related to post event log analysis as well is the use of netflow data in the day to day operation of NSM.If you practice NSM, manage a SOC or are just curious, this is the book to read.