Practical Intrusion Analysis and over one million other books are available for Amazon Kindle. Learn more
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image
Sell yours for a Gift Card
We'll buy it for $8.31
Learn More
Trade in now
Have one to sell? Sell on Amazon

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century Paperback – July 4, 2009

ISBN-13: 978-0321591807 ISBN-10: 0321591801 Edition: 1st
$15.77 - $15.78
Buy new
Used & new from other sellers Delivery options vary per offer
42 used & new from $15.80
Rent from Amazon Price New from Used from
"Please retry"
Paperback, July 4, 2009
"Please retry"
$19.50 $15.78
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now
$41.42 FREE Shipping. Only 4 left in stock (more on the way). Ships from and sold by Gift-wrap available.

Frequently Bought Together

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century + Snort IDS and IPS Toolkit (Jay Beale's Open Source Security) + Information Security Intelligence: Cryptographic Principles & Applications
Price for all three: $200.92

Buy the selected items together

Special Offers and Product Promotions

  • Save Big On Open-Box & Used Products: Buy "Practical Intrusion Analysis: Prevention and Detec...” from Amazon Open-Box & Used and save 33% off the $59.99 list price. Product is eligible for Amazon's 30-day returns policy and Prime or FREE Shipping. See all offers from Amazon Open-Box & Used.

Editorial Reviews

From the Back Cover

Practical Intrusion Analysisprovides a solid fundamental overview of the art and science of intrusion analysis.

   -Nate Miller, Cofounder, Stratum Security


The Only Definitive Guide to New State-of-the-Art Techniques in Intrusion Detection and Prevention


Recently, powerful innovations in intrusion detection and prevention have evolved in response to emerging threats and changing business environments. However, security practitioners have found little reliable, usable information about these new IDS/IPS technologies. InPractical Intrusion Analysis, one of the field's leading experts brings together these innovations for the first time and demonstrates how they can be used to analyze attacks, mitigate damage, and track attackers.


Ryan Trost reviews the fundamental techniques and business drivers of intrusion detection and prevention by analyzing today's new vulnerabilities and attack vectors. Next, he presents complete explanations of powerful new IDS/IPS methodologies based on Network Behavioral Analysis (NBA), data visualization, geospatial analysis, and more.


Writing for security practitioners and managers at all experience levels, Trost introduces new solutions for virtually every environment. Coverage includes


  • Assessing the strengths and limitations of mainstream monitoring tools and IDS technologies
  • Using Attack Graphs to map paths of network vulnerability and becoming more proactive about preventing intrusions
  • Analyzing network behavior to immediately detect polymorphic worms, zero-day exploits, and botnet DoS attacks
  • Understanding the theory, advantages, and disadvantages of the latest Web Application Firewalls
  • Implementing IDS/IPS systems that protect wireless data traffic
  • Enhancing your intrusion detection efforts by converging with physical security defenses
  • Identifying attackers' “geographical fingerprints and using that information to respond more effectively
  • Visualizing data traffic to identify suspicious patterns more quickly
  • Revisiting intrusion detection ROI in light of new threats, compliance risks, and technical alternatives


Includes contributions from these leading network security experts:


Jeff Forristal, a.k.a. Rain Forest Puppy, senior security professional and creator of libwhisker

Seth Fogie, CEO, Airscanner USA; leading-edge mobile security researcher; coauthor ofSecurity Warrior


Dr. Sushil Jajodia, Director, Center for Secure Information Systems; founding Editor-in-Chief,Journal of Computer Security


Dr. Steven Noel, Associate Director and Senior Research Scientist, Center for Secure Information Systems, George Mason University


Alex Kirk, Member, Sourcefire Vulnerability Research Team


About the Author

Ryan Trost is the Director of Security and Data Privacy Officer at Comprehensive Health Services where he oversees all the organization’s security and privacy decisions. He teaches several Information Technology courses, including Ethical Hacking, Intrusion Detection, and Data Visualization at Northern Virginia Community College. This enables him to continue exploring his technical interests among the endless managerial meetings. In his spare time, Ryan works to cross-pollinate network security, GIS, and data visualization. He is considered a leading expert in geospatial intrusion detection techniques and has spoken at several conferences on the topic, most notably DEFCON 16. Ryan participated as a RedTeamer in the first annual Collegiate Cyber Defense Competition (CCDC) and now fields a team of students in the annual event. Ryan has been a senior security consultant for several government agencies before transitioning over to the private sector. In 2005, Ryan received his masters of science degree in computer science from George Washington University where he developed his first geospatial intrusion detection tool.

See all Editorial Reviews

Shop the new
New! Introducing the, a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 480 pages
  • Publisher: Addison-Wesley Professional; 1 edition (July 4, 2009)
  • Language: English
  • ISBN-10: 0321591801
  • ISBN-13: 978-0321591807
  • Product Dimensions: 7 x 1.1 x 9 inches
  • Shipping Weight: 1.7 pounds (View shipping rates and policies)
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (14 customer reviews)
  • Amazon Best Sellers Rank: #508,144 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

3.9 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

20 of 21 people found the following review helpful By Richard Bejtlich on July 11, 2009
Format: Paperback
I must start this review by stating the lead author lists me in the Acknowledgments and elsewhere in the book, which I appreciate. I also did consulting work years ago for the lead author's company, and I know the lead author to be a good guy with a unique eye for applying geography to network security data. Addison-Wesley provided me a review copy.

I did not participate in the writing process for Practical Intrusion Analysis (PIA), but after reading it I think I know how it unfolded. The lead author had enough material to write his two main sections: ch 10, Geospatial Intrusion Detection, and ch 11, Visual Data Communications. He realized he couldn't publish a 115-page book, so he enlisted five contributing authors who wrote chapters on loosely related security topics. Finally the lead author wrote two introductory sections: ch 1, Network Overview, and ch 2, Infrastructure Monitoring. This publication-by-amalgamation method seldom yields coherent or helpful material, despite the superior production efforts of a company like Addison-Wesley. To put a point on PIA's trouble, there's only a single intrusion analyzed in the book, and it's in the lead author's core section. The end result is a book you can skip, although it would be good for chapters 4 and 10 to be published separately as digital "Short Cuts" on InformIT.

Chapters 1 and 2 are not needed. Anyone who needs to learn about networking can read a basic book already published. Ch 2 does mention that 802.1AE (if ever implemented) will hamper network traffic inspection, but you could read that online.

Ch 3 is odd because it begins by mentioning well-worn methods to evade network detection, followed by a discussion of the merits of Snort vs Bro.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By Dr Anton Chuvakin on September 30, 2009
Format: Paperback
This book is not really a book: it is a collection of papers about security and intrusion detection. The book bears unfortunate, but noticeable signs of being written by multiple people who didn't talk to each other much.

I just finished reading the book and I can say I enjoyed it. It does have interesting ideas peppered in some places. Overall presentation consistency, however, is not lacking - it is absent. Also, the book is not terribly practical if you define practice as "protection of systems and networks from attacks." Many chapters are shallow and make the impression of being added to get the book to 450 pages threshold.

So, some chapters are fun and insightful ("Geospatial ID", "Physical IDS", the sections on signature tuning), some are funny (example: one chapter talks about SIEM, SIM and SEM, but errs about what "M" in those stands for... seriously!) and some are sad (example: the one that mentions IDMEF), while others are very shallow ("Wireless IDS/IPS"). The chapter on ROI made me fall under my desk; I experience an actual literal ROFL.

Here are some of the highlights. Ch3 has a lot of useful Bro NIDS tips; if you have never used Bro in production, give it a try. In Ch4, I liked vulnerability-based signature definition worklfow, which takes into account sig performance tuning. Ch5 was written by an academic, who doesn't get out much; if works great if you want to really know what the word "befuddled" means (it also mentioned IDMEF for extra punch :-)) Ch6 is fine if you never dealt with network flows; not a bad intro. Ch7 is a very shallow intro to web application firewalls, while ch8 is the same for wireless IDS/IPS. Ch9 deals with physical security and I loved; such information rarely shows in IT books and it was great to learn it.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By C. Irvin on August 19, 2009
Format: Paperback
When I first began reading Practical Intrusion Analysis by Ryan Trost, I was a little put-off. He begins the book with an overview of IP Addressing, subnetting, and packets. This is a touchy way to begin any book as you will either lose your audience if they are new to this subject, or annoy them if they are already familiar. Ryan was able to expand on this subject without going too far in to the weeds, and provide a backbone that makes the next chapters easier to understand.

The following chapters are the real meat of the book and I really got a lot out of them. Ryan covers the entire area of intrusion detection and prevention solutions from the end-point to geographic-based. I'd recommend this book to any IT Professional who deals with network security, as it helps simplify a fairly complicated subject.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Jeyaprakash Kopula on September 3, 2009
Format: Paperback
My search for one book that gives me a bird's eye view of enterprise Intrusion detection and preventions systems process ends with this book. Any one who climbs up the ladder from different back ground in Information Security can easily understand the `ABCD' of Intrusion Prevention/Detection Analysis by reading this book. The author explained everything from the ground up. For e.g. when he writes about Network Intrusion Analysis, he started to explain from basic OSI reference model and TCP/IP model and goes on explaining how to capture data at various levels of the network.

This book starts with explaining how Enterprise IT infrastructure looks like and explained in brief what each technology mean for the reader. Another good outcome of reading this book is to understand the management aspect of handling Intrusion detection/ Prevention systems and process.

Let me briefly describe how this book is structured in terms of chapters and technology implementations. First the author went ahead and described two open source IDS/IPS platforms namely Snort and Bro. He then analyzed and compared (Apple to Orange) both tools to give us an idea which one is best. Obviously snort came out as winner. The reason quoted is that Bro is not a simple solution to implement. You have to define what is normal so that you can trigger abnormal if some intrusion happens. Second, Vulnerability lifecycle which describes how vulnerability goes through a cycle from detection to patching the systems. Other Chapters are arranged in this order to provide a holistic approach to Intrusion Analysis.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
This item: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Price: $41.42
Ships from and sold by

What Other Items Do Customers Buy After Viewing This Item?