Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM.

Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major disaster.

The book follows the three stages of the NSM cycle: collection, detection, and analysis. As you progress through each section, you will have access to insights from seasoned NSM professionals while being introduced to relevant, practical scenarios complete with sample data.

If you've never performed NSM analysis, Applied Network Security Monitoring will give you an adequate grasp on the core concepts needed to become an effective analyst. If you are already a practicing analyst, this book will allow you to grow your analytic technique to make you more effective at your job.

• Discusses the proper methods for data collection, and teaches you how to become a skilled NSM analyst
• Provides thorough hands-on coverage of Snort, Suricata, Bro-IDS, SiLK, and Argus
• Loaded with practical examples containing real PCAP files you can replay, and uses Security Onion for all its lab examples
• Companion website includes up-to-date blogs from the authors about the latest developments in NSM

Table of Contents

CHAPTER 1 The Practice of Applied Network Security Monitoring

SECTION 1 COLLECTION

CHAPTER 2 Planning Data Collection

CHAPTER 3 The Sensor Platform

CHAPTER 4 Session Data

CHAPTER 5 Full Packet Capture Data

CHAPTER 6 Packet String Data

SECTION 2 DETECTION

CHAPTER 7 Detection Mechanisms, Indicators of Compromise, and Signatures

CHAPTER 8 Reputation-Based Detection

CHAPTER 9 Signature-Based Detection with Snort and Suricata

CHAPTER 10 The Bro Platform

CHAPTER 11 Anomaly-Based Detection with Statistical Data

CHAPTER 12 Using Canary Honeypots for Detection

SECTION 3 ANALYSIS

CHAPTER 13 Packet Analysis

CHAPTER 14 Friendly and Threat Intelligence

CHAPTER 15 The Analysis Process

APPENDIX 1 Security Onion Control Scripts

APPENDIX 2 Important Security Onion Files and Directories

APPENDIX 3 Packet Headers

APPENDIX 4 Decimal / Hex / ASCII Conversion Chart

About the Author

Chris Sanders is an information security author, trainer, and researcher originally from Mayfield, KY now living in Gainesville, GA.

He is the founder of Applied Network Defense, a company focused on delivering high quality, accessible information security training. In previous roles, Chris worked with the US Department of Defense, InGuardians, and Mandiant to build security operation centers and train practitioners focused on defending defense, government, and Fortune 500 networks. Chris is also the founder and director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. To date, the RTF has put computer science education resources into the hands of over 100,000 students in all 50 states.

Chris has authored several books and articles, including the international bestseller “Practical Packet Analysis” from No Starch Press, currently in its third edition and in seven languages, and “Applied Network Security Monitoring” from Syngress. His current research focus is on the intersection of cybersecurity and cognitive psychology with the goal of enhancing the field of infosec investigative disciplines through a better understanding of the human thought and learning processes.

Chris blogs at http://www.chrissanders.org. You can learn more about Applied Network Defense at http://www.networkdefense.co and the RTF at http://www.ruraltechfund.org.