The Practice of Network Security Monitoring: Understanding Incident Detection and Response (Paperback)

Richard Bejtlich



Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks — no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:

  • Determine where to deploy NSM platforms, and size them for the monitored networks
  • Deploy stand-alone or distributed NSM installations
  • Use command line and graphical packet analysis tools, and NSM consoles
  • Interpret network evidence from server-side and client-side intrusions
  • Integrate threat intelligence into NSM software to identify sophisticated adversaries

There's no foolproof way to keep attackers out of your network. But when they get in, you'll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.


網絡安全不僅僅是建立堅不可摧的防禦牆 - 決心的攻擊者最終會克服傳統的防禦措施。最有效的電腦安全策略是整合網絡安全監控(NSM):收集和分析數據,以幫助您檢測和應對入侵。

在《網絡安全監控實踐》一書中,Mandiant CSO Richard Bejtlich向您展示如何使用NSM在您的網絡周圍添加強大的保護層 - 無需任何先前經驗。為了幫助您避免昂貴且不靈活的解決方案,他教您如何使用開源軟件和供應商中立的工具部署、構建和運行NSM操作。

- 確定在哪裡部署NSM平台,並根據被監控的網絡大小進行規模化
- 部署獨立或分佈式的NSM安裝
- 使用命令行和圖形化的封包分析工具和NSM控制台
- 解釋來自服務器端和客戶端入侵的網絡證據
- 將威脅情報整合到NSM軟件中,以識別複雜的對手