Thursday, July 06, 2006
Subscribe to:
Post Comments (Atom)
Blogging Since 8 Jan 2003
About Me
twitter.com/taosecurity
Practice of NSM Pre-Orders
Save 30% With Code NSM101
Network Security Monitoring 101
Two sessions, 27-28 and 29-30 July at Black Hat USA in Las Vegas
Bejtlich on Bloomberg West
Watch My Most Recent TV Interview
Books by Richard Bejtlich
Detect and respond to intrusions using tools and techniques that work. Plenty of free excerpts online.
Blog Archive
Labels
- afcert (31)
- Air Force (18)
- aix (1)
- analysis (1)
- announcement (2)
- appsec (4)
- apt (56)
- attribution (4)
- bestbook (7)
- blackhat (30)
- books (5)
- breakers (4)
- bro (6)
- bruins (1)
- business (24)
- ccna (6)
- certification (26)
- china (82)
- cisco (30)
- cissp (7)
- cloud (4)
- clowns (12)
- commodore (6)
- conferences (34)
- controls (5)
- correlation (5)
- counterintelligence (18)
- crime (13)
- cybercommand (3)
- cyberwar (21)
- dan geer (1)
- databases (1)
- detection (16)
- dfm (1)
- disasters (10)
- dns (1)
- dod (7)
- education (8)
- engineering (11)
- exploits (15)
- favorites (261)
- feds (17)
- finance (2)
- fisma (21)
- forensics (6)
- fraud (2)
- freebsd (434)
- GE (11)
- ge-cirt (2)
- hakin9 (11)
- hardware (20)
- history (2)
- impressions (18)
- incidents (35)
- information warfare (1)
- infrastructure (1)
- insiders (10)
- insurance (2)
- interviews (5)
- ips (9)
- ipv6 (61)
- ir (16)
- law (19)
- leadership (2)
- linux (15)
- malware (15)
- mandiant (6)
- metasploit (5)
- metrics (2)
- microsoft (31)
- mssp (1)
- net optics (14)
- network (5)
- novasec (3)
- nsm (308)
- offense (19)
- oisf (2)
- open source (1)
- openpacket (12)
- packetstash (1)
- philosophy (73)
- pirates (5)
- powerpoint (4)
- pre-review (51)
- predictions (3)
- press (10)
- psirt (5)
- reading (12)
- redteam (3)
- regulations (1)
- reports (6)
- research (1)
- reviews (246)
- risk (13)
- roi (14)
- routing (1)
- russia (1)
- sans (34)
- scada (1)
- sec (1)
- sguil (189)
- snorby (1)
- snort (51)
- Snort Report (22)
- solaris (2)
- spying (3)
- standards (8)
- sysadmin (16)
- threat model (11)
- threats (97)
- tools (43)
- Traffic Talk (10)
- training (50)
- TTP (9)
- tufte (8)
- tv (1)
- ubuntu (5)
- usenix (1)
- verizon (5)
- virtualization (32)
- vulnerabilities (36)
- warranties (1)
- wisdom (13)
- writing (44)
Blogshares
6 comments:
"The network security monitoring philosophy is both obvious and completely revolutionary." yup!
"The network security monitoring philosophy is both obvious and completely revolutionary." yeah but how can we market it? :)
Wow thats pretty friggin awesome.
I was (probably still am) naive when I read the book; it seems to me the essence of NSM is tying together the most useful streams of data. Who doesn't want correlation? Well, turns out most IDS/IPS vendors. But any points I unfairly deducted for obviousness were swamped by the points awarded for the picking the right types of information for that correlation. I did a lot of this stuff manually without seeing that there was a pattern to what I was doing - I always wanted to know who was involved in an event, to see the packet, and often wanted to see the packet in context. This was really hard before sguil.
I'm not aware of anything like the compelling, comprehensive, disciplined approach Tao covers. Awesome freakin' book.
That is weird! :-) The book is truly awesome, but some few folks actually follow its advice that I am actually shocked that it got to top10.
It's cheating.. Half the article is written by David Bianco!
(congrats ;)
Post a Comment