Friday, January 31, 2014

A Look at Applied NSM

After my interview with the authors of Applied Network Security Monitoring, lead author Chris Sanders was kind enough to provide me with a preview release of the book. If you haven't pick up a copy yet, I strongly recommend you do.

Applied NSM provides readers with a process for building a production-ready network monitoring system from the ground up. From building sensors, to tuning them, and ultimately to answering, "what do I do with this data and these alarms?", Sanders et al. have laid out a solid foundation for analysts entering the network security profession. Personally, I found the sections on Bro (duh) and open source intelligence the most beneficial. I felt Bianco's practical example of using Bro to monitor a  netblock's unused IP space was a fantastic way to learn the basics of Bro scripting.

Not only is the book great reference material, all the proceeds go to charity, which is quite outstanding. Great job, guys!