Buy new:
-32% $34.20
FREE delivery Tuesday, July 23 on orders shipped by Amazon over $35
Ships from: Amazon.com
Sold by: Amazon.com
$34.20 with 32 percent savings
List Price: $49.95

The List Price is the suggested retail price of a new product as provided by a manufacturer, supplier, or seller. Except for books, Amazon will display a List Price if the product was purchased by customers on Amazon or offered by other retailers at or above the List Price in at least the past 90 days. List prices may not necessarily reflect the product's prevailing market price.
Learn more
Get Fast, Free Shipping with Amazon Prime FREE Returns
FREE delivery Tuesday, July 23 on orders shipped by Amazon over $35. Order within 10 hrs 57 mins
Only 19 left in stock - order soon.
$$34.20 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$34.20
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Sold by
Amazon.com
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
Eligible for Return, Refund or Replacement within 30 days of receipt
This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.
Read full return policy
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.
Read full return policy
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
$21.93
Get Fast, Free Shipping with Amazon Prime FREE Returns
No highlights or markings. A copy that has been read, but remains in clean condition. All pages are intact, and the cover is intact. The spine and cover may show signs of wear. The copy can include library stickers, used stickers, or previous owner inscriptions. No highlights or markings. A copy that has been read, but remains in clean condition. All pages are intact, and the cover is intact. The spine and cover may show signs of wear. The copy can include library stickers, used stickers, or previous owner inscriptions. See less
FREE delivery Wednesday, July 24 on orders shipped by Amazon over $35. Order within 10 hrs 57 mins
Only 1 left in stock - order soon.
$$34.20 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$34.20
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the author

Richard Bejtlich
Follow
Something went wrong. Please try your request again later.

The Practice of Network Security Monitoring: Understanding Incident Detection and Response 1st Edition

by Richard Bejtlich (Author)
4.6 4.6 out of 5 stars 171 ratings
See all formats and editions
{"desktop_buybox_group_1":[{"displayPrice":"$34.20","priceAmount":34.20,"currencySymbol":"$","integerValue":"34","decimalSeparator":".","fractionalValue":"20","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"5jJgOo6luUIMu76%2FiPzVZQUEDe5mvM9mR9XmrzMpO4C7xAGl%2FoT8llZVDCD%2FSBIAqoggrfZu8dP9h%2Fof8q8KqYt4tL8u87JODmNVQfIx%2B0ingb00Dc5UvD0XPSAhrl9iOnYBLnXaSKx4IQzotcaxBQ%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$21.93","priceAmount":21.93,"currencySymbol":"$","integerValue":"21","decimalSeparator":".","fractionalValue":"93","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"5jJgOo6luUIMu76%2FiPzVZQUEDe5mvM9m%2BrbfLLCBci4bDPUgWx8fWiroui%2BJmgt%2Fq2WCRRHhu5eSA7gkil0YSuHsF8ue2ldvk9tFr3BFt0eLrHPb7MFX3ugswQSuzShSs%2FHORNHcXkaN0KbKHonzxQ5jL8nNnSU%2F1gLO3Zaqr9MS25PiMCK%2FlkbGGI%2FaieFP","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.

In The Practice of Network Security Monitoring, Mandiant CSO Richard Bejtlich shows you how to use NSM to add a robust layer of protection around your networks—no prior experience required. To help you avoid costly and inflexible solutions, he teaches you how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools.

You'll learn how to:
–Determine where to deploy NSM platforms, and size them for the monitored networks
–Deploy stand-alone or distributed NSM installations
–Use command line and graphical packet analysis tools, and NSM consoles
–Interpret network evidence from server-side and client-side intrusions
–Integrate threat intelligence into NSM software to identify sophisticated adversaries

There’s no foolproof way to keep attackers out of your network. But when they get in, you’ll be prepared. The Practice of Network Security Monitoring will show you how to build a security net to detect, contain, and control them. Attacks are inevitable, but losing sensitive data shouldn't be.
Previous slide of product details
  1. ISBN-10
    1593275099
  2. ISBN-13
    978-1593275099
  3. Edition
    1st
  4. Publisher
    No Starch Press
  5. Publication date
    July 15, 2013
  6. Language
    English
  7. Dimensions
    7 x 0.92 x 9.25 inches
  8. Print length
    376 pages
  9. See all details
Next slide of product details
Amazon First Reads | Editors' picks at exclusive prices

Frequently bought together

The Practice of Network Security Monitoring: Understanding Incident Detection and Response
$34.20
Get it as soon as Tuesday, Jul 23
Only 19 left in stock - order soon.
Ships from and sold by Amazon.com.
+
Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunt
$41.29
In Stock
Ships from and sold by Amazon.com.
+
Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS
$37.99
Get it as soon as Wednesday, Jul 24
In Stock
Ships from and sold by Amazon.com.
Total price:
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Control
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

Editorial Reviews

Review

"A comprehensive guide. Certain to make the reader a better information security practitioner, and their network more secure."
—Ben Rothke, Slashdot

"If you are in cyber security, this is a must read. The book is the best resource for tools I have seen anywhere."
—Stephen Northcutt, SANS Institute 

"A very well written technical book. I would recommend this for anyone getting into the field of incident response who doesn't have a great understanding of NSM."
—Greg Hetrick, PaulDotCom 

"Deploying NSM not only means you can quickly identify, contain, and remediate intrusions, it gives you insight into the network as a whole."
—Michael W. Lucas, author of Absolute OpenBSD, 2nd Edition 

"The Practice of Network Security Monitoring: the best surveillance book you'll read anytime soon."
—Peter N. M. Hansteen, author of The Book of PF 

"This gem from No Starch Press covers the life-cycle of Network Security Monitoring (NSM) in great detail and leans on Security Onion as its backbone. I recommend an immediate download of the latest version of Security Onion and a swift purchase of Richard’s book."
—Russ McRee, senior security analyst, Microsoft 

"The principles Bejtlich outlines for running your security monitoring are the kind of best practice you should apply to any important server."
—Mary Branscombe, ZDNet 

"If you want to know what to do when intruders arrive on your network and how to best prepare for that eventuality, you must read this book."
—Sandra Henry-Stocker, ITWorld

"Bejtlich is a master of his craft and also possesses the rare gift of being able to share his knowledge in a comprehensible way."
—Richard Austin, IEEE Cipher

"As tech books go, it's a pretty fun ride."
—Michael Larsen, Testhead

About the Author

Richard Bejtlich is Chief Security Strategist at FireEye, and was formerly Chief Security Officer at Mandiant. He also served as Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is a graduate of Harvard University and the United States Air Force Academy. His previous works include The Tao of Network Security Monitoring, Extrusion Detection, and Real Digital Forensics (all from Addison-Wesley). He blogs (http://taosecurity.blogspot.com/) and writes on Twitter as @taosecurity.

Product details

  • Publisher ‏ : ‎ No Starch Press; 1st edition (July 15, 2013)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 376 pages
  • ISBN-10 ‏ : ‎ 1593275099
  • ISBN-13 ‏ : ‎ 978-1593275099
  • Item Weight ‏ : ‎ 1.62 pounds
  • Dimensions ‏ : ‎ 7 x 0.92 x 9.25 inches
  • Customer Reviews:
    4.6 4.6 out of 5 stars 171 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.
Richard Bejtlich

Richard Bejtlich

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Mr. Bejtlich has been an author for two decades. Please see www.linkedin.com/in/richardbejtlich/ for details on Mr. Bejtlich's biography. As an Amazon Associate I earn from qualifying purchases.

Customer reviews

4.6 out of 5 stars
4.6 out of 5
171 global ratings

Customers say

Customers find the book well-written and easy to read. They also appreciate the nice walkthroughs and security-focused content.

AI-generated from the text of customer reviews

Select to learn more
ReadabilityWriting style
15 customers mention "Readability"15 positive0 negative

Customers find the book very interesting and say it starts with the basics and gives thorough explanations. They also say it takes them through a difficult process and gets them up and running.

"...This book walks you through understanding the concepts, installing the needed software, configuring network monitoring components, and using some of..." Read more

"...Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do..." Read more

"This book takes what can be a dry topic to some and adds punch and power to explanation and gives you a basis to understand what to look for...." Read more

"This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security..." Read more

4 customers mention "Writing style"4 positive0 negative

Customers find the writing style well written, competent, and thorough. They also say the material is golden and the author is thorough.

"Richard is a competent author, and the material is golden! I have gleaned numerous tips and tricks from this book, and highly recommend it!" Read more

"...It is well written and presented in a way that flows nicely. Lots of helpful tips and insight." Read more

"Well written and a great guide to assist you in security focused architecture design and implementation...." Read more

"Well done, very thorough !..." Read more

A New Candidate for the Cybersecurity Canon
5 out of 5 stars
A New Candidate for the Cybersecurity Canon
Richard Bejtlich is one of the most respected security practitioners in the community. If he publishes something, we should all take notice. In "The Practice of Network Security Monitoring," Bejtlich provides the theory and the hands-on tutorial on how to do network security monitoring the right way. The book is a primer on how to think about network security monitoring and incident response. For seasoned security practitioners, working through the examples in this book will only increase your understanding of the subject. For the beginners in the crowd, Bejtlich provides step-by-step instructions on how to install, configure, and use some of the best open-source tools available that will help any security program improve its network security monitoring capability. Newbies working through the examples in this book will demonstrate to themselves, once and for all, if they have what it takes to work in this field. This book is absolutely a Cybersecurity Canon Candidate and you should have read it by now.You can read the full review, and all of the book reviews in the Cybersecurity Canon Candidate list, at the official website.
Hide
Thank you for your feedback
Sorry, there was an error
Sorry we couldn't load the review

Top reviews from the United States

Francis McNally
5.0 out of 5 stars Don't be blindsided by the IoT - read and put this book into practice!
Reviewed in the United States on September 3, 2015
Verified Purchase
As we enter the murky age of Internet of Things (or "Internet of Insecure Things", "Internet of Evil Things", "Botnet of Things", take your pick) monitoring your home network has to become a common skill. Although by no means confined to application in home environments, The Practice of Network Security Monitoring does allow a modestly technically adept user to do just that. This book walks you through understanding the concepts, installing the needed software, configuring network monitoring components, and using some of the many free solutions for detecting unwanted or malicious traffic.

For those who want to apply this work at home, allow me to make a few suggestions about corollary purchases you may need to make. I recommend dedicating a desktop or tower computer to the task of server. It doesn't need an especially powerful CPU, but it should have a lot of RAM, at least 8 GB. Purchase your RAM with a view to exanding; using 8GB as an example, don't buy 4 2GB sticks, but rather 2 4GB sticks. Later you could by 2 x 4GB or 2 x 8GB sticks to upgrade memory. You will also need at least 1 extra NIC (Network Interface Card), which will be in permanent 'listen only' (aka "promiscuous") mode. You will be using the free Security Onion solution, running on the free Ubuntu 12.04 Linux, so you can skip buying a license for Windows if you purchase everything from scratch. Finally you will need at least one network device that can duplicate traffic. The book will explain the difference between spanning (or 'mirroring') and tapping, but unless you are a sufficiently knowledgeable about networking, you will probably do well to buy a  Dualcomm DCSW-1005 USB Powered 5-Port 10/100 Fast Ethernet Switch TAP (Port Mirroring)  - it is drop dead simple to install and use.
You really can do this - enjoy!
12 people found this helpful
Helpful
 Report
steven p dietz
5.0 out of 5 stars Great Read for anyone practicing NSM.
Reviewed in the United States on May 16, 2015
Verified Purchase
I thought the Practice of Network Security Monitoring was a great book. I see companies spend millions of dollars on their NSM solution all while there is an open source solution. Spend some money on hardware and network taps and your ready to go! I really like how Bejtlich went into sensor placement and NAT issues. There is nothing worse then doing investigations with with multiple layers or NAT. I would have like to seen a little bit more on how to handle event load that a IDS will produce in a network and maybe some best practices on what signatures to enable.

I really enjoyed chapter 12 extending SO, being able to track Binaries and do MD5's and compare them against tools like virus total and other external tools helps stay ahead of the bad guys. It would have been also neat to show how to extract URLs out of SMTP emails and run them against third party analysis. I believe email attachments are not as easy as getting a user to click on URL. I also would of liked to see a little bit more advanced solution that automatically queries virus total via API then the results are sent back into the monitoring solution via syslog, so the analyst never has to leave the console.

Overall a great book!
One person found this helpful
Helpful
 Report
sipy
4.0 out of 5 stars and highly recommend it!
Reviewed in the United States on March 19, 2017
Verified Purchase
Richard is a competent author, and the material is golden! I have gleaned numerous tips and tricks from this book, and highly recommend it!
One person found this helpful
Helpful
 Report
Matthew
5.0 out of 5 stars Great Product
Reviewed in the United States on September 12, 2023
Verified Purchase
Item arrived as advertised--no problems.
Helpful
 Report
Robin T. Wernick
5.0 out of 5 stars Nitty Gritty of Network Security Management
Reviewed in the United States on March 20, 2014
Verified Purchase
The "Cybersecurity and Cyberwar" book told you what was going on and how to protect yourself in general. This book gives you the ninja skills to actually seal your network borders and measure the level of the threat. Various methods and opensource tools are used to build a high level of protection for the reader's system.

Some of the tools demonstrated have a user interface, but most of the operating system defense requires command line operation so be prepared to do some heavy screen reading. Also, a large amount of filtering of log files may be required to see a pattern in the attacks. Be serious about this or be prepared to be a victim. The current state of network protection doesn't have a middle ground.
7 people found this helpful
Helpful
 Report
Jim
3.0 out of 5 stars Three Stars
Reviewed in the United States on April 23, 2018
Verified Purchase
this is a new field for me--still trying to get that hang of all the nieuences
Helpful
 Report
W S
5.0 out of 5 stars Great book
Reviewed in the United States on May 7, 2021
Verified Purchase
This book takes what can be a dry topic to some and adds punch and power to explanation and gives you a basis to understand what to look for. Good as a starting point to not be lazy and start understanding threat hunting.
2 people found this helpful
Helpful
 Report
Bigskipper
5.0 out of 5 stars The unofficial Security Onion Manual
Reviewed in the United States on January 6, 2014
Verified Purchase
This book has a lot of great content regarding Network Security Monitoring in general, but is especially helpful if you are rolling out Security Onion. There are a lot of videos and online tutorials out there but I like to be able to put my hands on it and have it all in one place. It's not necessarily for beginners, but readers in all stages of professional development will benefit from the content. It is well written and presented in a way that flows nicely. Lots of helpful tips and insight.
6 people found this helpful
Helpful
 Report

Top reviews from other countries

Translate all reviews to English
Anon
3.0 out of 5 stars A little bit too basic and too much tutorial-oriented
Reviewed in Germany on April 28, 2021
Verified Purchase
The content is somewhat basic, and there are numerous tutorials and installation/configuration walk-throughs, which makes it more like a tutorial/blog than a book.
Report
Blaine Losier
5.0 out of 5 stars Good Reference
Reviewed in Canada on October 23, 2018
Verified Purchase
Good reference for anyone studying in Cyber Security
Report
Fernando Nistal Méndez
5.0 out of 5 stars Práctico, conciso y didáctico.
Reviewed in Spain on February 22, 2020
Verified Purchase
Práctico, conciso y didáctico.
Report
Amazon Customer
5.0 out of 5 stars Five Stars
Reviewed in the United Kingdom on June 3, 2016
Verified Purchase
Great. Thanks :-)
Report
Florent
4.0 out of 5 stars J'en attendais plus
Reviewed in France on June 18, 2014
Verified Purchase
Il s'agit d'un livre type listing d'outils, et en particulier security onion.
J'attendais de Richard un vrai retour d'expérience avec des cas d'étude complexes, mais là c'est vraiment la base pure et dure de la mise en place d'un système de monitoring.

Intéressant, mais sans plus. Ca ne restera pas un livre culte.
Report