Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks
By Martin Nystrom and Chris Fry
A Network monitoring guide? Absolutely
Martin and Chris do a great job in providing the network security professional with a hands-on guide to incident detection on enterprise networks. The authors state at the outset – this is not a guide for the novice, but rather a guide for the journeyman who has a good working knowledge of network, server and database administration, as well as security tools and techniques. The guide is as stated a professional guide, with exemplars which can be used in a sandbox, or to assist you in noodling through specific infrastructure monitoring issues – such as “tuning” so the incident logs tell you the story, and don’t drown you in event data.
Their chosen format draws upon the authors’ experiences and of course discusses the tools they use on a daily basis. To their credit, they also point out and list other tools which are substantially similar to those they use in their everyday work, and this alone is a benefit to the reader – you’ve the makings of your list of potential vendors, ready at hand. I have the privilege of seeing the result of these gentleman’s work and impact. That said, I also hear their voices clearly and distinctly in their verbiage – their articulation and emphasis is spot-on.
Worthy of the read, essential for the impact provided – a book of reference and exemplars which should be required in every company’s incident response tool-box.
(NB: The authors gifted me a copy of their book)