Security Monitoring and over one million other books are available for Amazon Kindle. Learn more
Buy New
$40.30
Qty:1
  • List Price: $44.99
  • Save: $4.69 (10%)
Only 7 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Security Monitoring Paperback – February 26, 2009

ISBN-13: 978-0596518165 ISBN-10: 0596518161 Edition: 1st

Buy New
Price: $40.30
29 New from $22.02 20 Used from $1.75
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$40.30
$22.02 $1.75
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Frequently Bought Together

Security Monitoring + The Tao of Network Security Monitoring: Beyond Intrusion Detection + The Practice of Network Security Monitoring: Understanding Incident Detection and Response
Price for all three: $116.29

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 256 pages
  • Publisher: O'Reilly Media; 1 edition (February 26, 2009)
  • Language: English
  • ISBN-10: 0596518161
  • ISBN-13: 978-0596518165
  • Product Dimensions: 9.1 x 7.2 x 0.6 inches
  • Shipping Weight: 12 ounces (View shipping rates and policies)
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #1,004,522 in Books (See Top 100 in Books)

Editorial Reviews

Book Description

Proven Methods for Incident Detection on Enterprise Networks

About the Author

Chris Fry has been a member of the Computer Security Incident Response Team (CSIRT) at Cisco Systems, Inc for 5 years, focusing on deployment of intrusion detection, network monitoring tools, and incident investigation. He began his career at Cisco in 1997 as an IT analyst, supporting Cisco's production services. His four years as a Network Engineer in Cisco IT's internal network support organization give him valuable knowledge about and unique insight into monitoring production enterprise networks. Chris holds a BA in Corporate Financial Analysis and an MS in Information and Communication Sciences from Ball State University.

Martin Nystrom is an InfoSec Investigations Manager for the Computer Security Incident Response Team (CSIRT) at Cisco Systems. He leads the global security monitoring team and provides guidance for incident response and security initiatives. Prior to joining Cisco's CSIRT, he was responsible for designing and consulting on secure architectures for IT projects. Martin worked as an IT architect and a Java programmer for 12 years prior, where he built his experience in the pharmaceutical and computer industries. He received a bachelor's degree from Iowa State University in 1990, a master's degree from NC State University in 2003, and his CISSP certification in 2004.


More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.8 out of 5 stars
5 star
8
4 star
2
3 star
0
2 star
0
1 star
0
See all 10 customer reviews
This is one of the books that get dog-eared and notes in the margin quickly.
RobR
I think this book belongs on the shelf of anyone who has any responsibility for the security of systems, whether that responsibility is ultimate or partial.
M. Helmke
By selecting monitoring targets, you can narrow your focus to the most critical systems, making the most of your security monitoring equipment and staff.
calvinnme

Most Helpful Customer Reviews

14 of 16 people found the following review helpful By calvinnme HALL OF FAMETOP 1000 REVIEWERVINE VOICE on March 1, 2009
Format: Paperback
This book is not an introduction to network, server, or database administration. Neither is it an introduction to security tools or techniques. You need to have a foundational understanding of these areas and seek to build on them through specialization of your base skills. If you need a more introductory book I highly recommend The Tao of Network Security Monitoring: Beyond Intrusion Detection. This book attempts to take you deeper into your network, guiding you to identify the more sensitive, important parts of the network for focused monitoring. The first chapter is just an overview chapter and introduces the fictitious company used throughout the book, Blanco Wireless. Like most tech books, the good stuff starts in chapter two.

The second chapter discusses the wide variety of approaches for selecting the policies to monitor. It then discusses the the environment in which these policies are to be applied. Chapter three explores two primary methods of learning about a network: network taxonomy and network telemetry. Chapter four provides a third and final foundation, guiding you to select broad targets on which to focus your monitoring. Deep, proactive security monitoring is overwhelming and unproductive if it isn't targeted to specific systems. By selecting monitoring targets, you can narrow your focus to the most critical systems, making the most of your security monitoring equipment and staff.

Once you've worked through the steps of defining security policies, you know your network, and you've selected your targets, you can build on that foundation by choosing your event sources.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
6 of 6 people found the following review helpful By Parentsof4 on March 18, 2009
Format: Paperback
There is a lot of very practical information packed into this little book, no fluff or filler anywhere to be found. It will defiantly add value to any Network Security Monitoring implementation. This is a perfect book for a Network or System Engineer crossing over into Security. The only complaint is that it is way to pricey for such a small book printed on what feels like cheap newsprint.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By RobR on April 19, 2009
Format: Paperback
This book is a quick read "how-to" book to take your company to the next level. This is a real reality check written with an assumption that the reader is already familiar with networks and security. This book attempts to drive the value home with case studies, maintenance recommendations (yes, you do have to maintain the beast) and scripts to get started, and collected best practices. This is one of the books that get dog-eared and notes in the margin quickly.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 6 people found the following review helpful By Christopher Burgess on August 4, 2009
Format: Paperback
Martin and Chris do a great job in providing the network security professional with a hands-on guide to incident detection on enterprise networks.

The authors state at the outset - this is not a guide for the novice, but rather a guide for the journeyman who has a good working knowledge of network, server and database administration, as well as security tools and techniques.

The guide is as stated a professional guide, with exemplars which can be used in a sandbox, or to assist you in noodling through specific infrastructure monitoring issues - such as "tuning" so the incident logs tell you the story, and don't drown you in event data.

Their chosen format draws upon the authors' experiences and of course discusses the tools they use on a daily basis. To their credit, they also point out and list other tools which are substantially similar to those they use in their everyday work, and this alone is a benefit to the reader - you've the makings of your list of potential vendors, ready at hand.

I have the privilege of seeing the result of these gentleman's work and impact. That said, I also hear their voices clearly and distinctly in their verbiage - their articulation and emphasis is spot-on.

Worthy of the read, essential for the impact provided - a book of reference and exemplars which should be required in every incident response tool-box.

Christopher Burgess
Author: Secrets Stolen, Fortunes Lost
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 6 people found the following review helpful By M. Helmke on May 1, 2009
Format: Paperback
There are many good books that discuss the basics of systems administration. This is not one of those books. This book is much deeper and more specific and fills a niche that I think needed to be filled.

If you are in charge of a group of servers, especially as your company's setup becomes larger and more complex, knowing how to check for problems and intruders is vital. It is also something that can be difficult to learn because of the dearth of materials readily available. This book seeks to remedy that problem.

The authors are experienced security analysts and speakers who refined their materials over many years of giving security related presentations at conferences. They know what they are talking about, and their manner of presenting the material is clear and logical. The book's subtitle is "Proven Methods for Incident Detection on Enterprise Networks." It fits.

When I first noticed the deep ties each of the authors have with Cisco, I was concerned that the book might focus solely on their products, but they discuss software and methods from many vendors, including free and open source options. I found their discussions honest, open, and balanced.

The book begins by answering what security monitoring is, why it would be useful and desirable, and discusses several of the challenges involved in doing it well. We then move to the implementation of policies for monitoring, including a good description of the many types of monitoring that can be done, their strengths and weaknesses.

Next, we are led to know our network. This is foundational, but something that many systems administrators and IT workers don't do, either because of time constraints or they just don't think about it.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images