The Tao of Network Security Monitoring: Beyond Intrusion Detection

Once your security is breached, everyone will ask the same question: now

what? Answering this question has cost companies hundreds of thousands of

dollars in incident response and computer forensics fees. This book reduces

the investigative workload of computer security incident response teams

(CSIRT) by posturing organizations for incident response success.

Firewalls can fail. Intrusion-detection systems can be bypassed. Network

monitors can be overloaded. These are the alarming but true facts about

network security. In fact, too often, security administrators' tools can serve as

gateways into the very networks they are defending.

Now, a novel approach to network monitoring seeks to overcome these

limitations by providing dynamic information about the vulnerability of all

parts of a network. Called network security monitoring (NSM), it draws on a

combination of auditing, vulnerability assessment, intrusion detection and

prevention, and incident response for the most comprehensive approach to

network security yet. By focusing on case studies and the application of opensource

tools, the author helps readers gain hands-on knowledge of how to

better defend networks and how to mitigate damage from security incidents.