I've received a series of questions relating to Network Security Monitoring (NSM) recently, via email, blog comments, IRC questions, and so on. Just over five years ago (2 Dec 02) Bamm Visscher and I recorded a Webcast for SearchSecurity.com titled Network Security Monitoring Is More Than IDS. That URL links to a series of questions submitted in response to the podcast.
I still have a copy of our slides, which I just exported to .pdf and uploaded as bejtlich_visscher_techtarget_webcast_4_dec_02.pdf. Remarkably, I would hardly change any of the content. All of the arguments we made back then still hold today. The only real changes involve replacing one or two defunct Web sites.
Anyone who is trying to understand NSM will enjoy this presentation. Please post questions here, and I will either answer the comments directly or save them for a follow-on blog post. Thank you.