The Practice of Network Security Monitoring
This book teaches readers how to use network security monitoring (NSM) to add a robust layer of protection around their networks. It covers deploying, building, and running an NSM operation using open source software and vendor-neutral tools, and shows how to interpret network evidence from server-side and client-side intrusions. Readers will learn how to determine where to deploy NSM platforms, deploy stand-alone or distributed NSM installations, use command line and graphical packet analysis tools, and integrate threat intelligence into NSM software to identify sophisticated adversaries. The book provides a comprehensive guide to building a security net to detect, contain, and control attacks, and is suitable for readers with no prior experience.
FEATURES
SIMILAR TOOLS
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
A comprehensive guide to understanding and responding to modern ransomware attacks, covering incident response, cyber threat intelligence, and forensic analysis.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A comprehensive reference guide providing practical examples and commands for using Hashcat to crack various types of password hashes.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.