SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, July 11, 2009

Review of Security Monitoring Posted

Posted on 11:56 AM by Unknown
Amazon.com just posted my four star review of Security Monitoring by Chris Fry and Martin Nystrom. From the review:

I must start this review by noting that the authors of Security Monitoring (SM) cite my blog and books several times, which is appreciated. I must also mention that their boss Gavin Reid, who posted a review below, has offered to sponsor my company's application to the Forum of Incident Response and Security Teams (FIRST). O'Reilly kindly provided a review copy of SM.

I think SM should be positioned as an Introduction to Basic Security Monitoring. At just over 200 pages, it's not written to be much more than that. I'm not sure I will change the mind of the reviewer who considers my first book to be "introductory," but it might help to remember that my first book is just shy of 800 pages and covers every aspect of Network Security Monitoring.

SM is technically correct, but its approach to incident detection will fall far short of what is needed in the real world. SM concentrates on a paradigm it calls "policy-based monitoring," (abbreviated PBM here) with this goal: "to compare events discovered on the network to ensure that they are approved and acceptable... PBM is practical where acceptable conditions can be documented as policies... [Y]ou must codify acceptable behavior as policies, providing a reference point against which to survey" (pp 16-17) This sounds great, but it has several real flaws...

Please read the rest of the review for the whole story.

Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Vegas registration ends 22 July.
Email ThisBlogThis!Share to XShare to Facebook
Posted in reviews | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Review of Intelligence, 4th Ed Posted
    Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall . From the review : I was a...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • C-SPAN Posts Video of Tuesday Hearing
    You can now access video of Tuesday's House Select Committee on Intelligence Hearing on Cybersecurity at C-SPAN . Some people are alread...
  • Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"
    Twenty-two years ago today I flew to Colorado Springs, CO and reported for Basic Cadet Training with the class of 1994 at the United States ...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Bejtlich Teaching at Black Hat West Coast Trainings
    I'm pleased to announce that I will be teaching at  Black Hat West Coast Trainings  9-10 December 2013 in Seattle, Washington. This is a...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Tort Law on Negligence
    If any lawyers want to contribute to this, please do. In my post Shodan: Another Step Towards Intrusion as a Service , some comments claim ...
  • Review of America the Vulnerable Posted
    Amazon.com just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below. I'...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ▼  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ▼  July (21)
      • Thoughts from Black Hat USA 2009
      • What is Cloud?
      • Notes from OISF Meeting in DC
      • Guest Post at Fudsec.com
      • Review of Voice over IP Security Posted
      • Direct Financial Cost of Intrusions
      • SANS Forensics and Incident Response 2009 Summit R...
      • Free Issue of Linux+ Magazine Posted
      • Review of vi(1) Tips Posted
      • Cisco Routers for the Desperate, 2nd Ed
      • White Hat Budgeting
      • FreeBSD Pf and Tftp-proxy
      • Review of Practical Intrusion Analysis Posted
      • Must-Read Verizon Post Demolishes More Myths
      • Review of Security Monitoring Posted
      • You Down with APT?
      • Traffic Talk 6 Posted
      • Still Blogging
      • Bejtlich on Black Hat Briefings Panel
      • Review of Hacking Exposed: Windows, 3rd Ed Posted
      • NSA to "Screen" .gov Now, I Predict .com Later
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile