Tuesday, January 08, 2013

Bejtlich's New Book: Planned for Summer Publication

Nearly ten years after I started writing my first book, the Tao of Network Security Monitoring, I'm pleased to announce that I just signed a contract to write a new book for No Starch titled Network Security Monitoring in Minutes.

From the book proposal:

Network Security Monitoring in Minutes provides the tactics, techniques, and procedures for maximum enterprise defense in a minimum amount of time.

Network Security Monitoring (NSM) is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. Network Security Monitoring in Minutes teaches information technology and security staff how to leverage powerful NSM tools and concepts immediately.

Using open source software and vendor-neutral methods, the author applies lessons he first began applying to military networks in 1998. After reading this book, the audience will be able to integrate the same winning approaches to better defend his or her company’s data and networks.

Network Security Monitoring in Minutes is an important book because nearly all organizations operate a network. By connecting to the Internet, they expose their intellectual property, trade secrets, critical business processes, personally identifiable information (PII), and other sensitive information to attackers worldwide. Without the network level vigilance provided by this book, organizations will continue to be victimized for months, and in many cases years, before learning they have been breached.

This book consists of the following chapters:

Chapter 1, Network Security Monitoring Rationale, explains why NSM matters and help readers gain the support needed to deploy NSM in their environment.

Chapter 2, Accessing Network Traffic, addresses the challenges and solutions surrounding physical access to network traffic.

Chapter 3, Sensor Deployment and Configuration, introduces Security Onion (SO), and explains how readers can install the software on spare hardware to gain an initial NSM capability at low or no cost.

Chapter 4, Tool Overview, guides the reader through the core SO tool set, focusing on those capabilities most likely to help handle digital intrusions.

Chapter 5, Network Security Monitoring Operations, shares the author’s experience building and leading a global Computer Incident Response Team (CIRT), such that readers can apply those lessons to their own operations.

Chapter 6, Server-Side Compromise, is the first NSM case study, wherein readers will learn how to apply NSM principles to identify and validate a compromise of an Internet-facing application.

Chapter 7, Client-Side Compromise, is the second NSM case study, offering readers an example of a user being victimized by a client-side attack. NSM data will again identify and validate the compromise, prompting efficient incident response.

The Conclusion extends NSM principles beyond the enterprise into hosted and Cloud settings, offering future options for those environments.

The Appendix discusses tools that are not open source, but which may be helpful to those conducting NSM operations.

My goal is to finish this short book (roughly 220 pages) in time for publication at Black Hat this summer. Thank you to Pearson/Addison-Wesley for giving me the flexibility to write this complementary NSM book, and to No Starch for signing me to their publishing house.

13 comments:

Scott Runnels said...

Congratulations! Definitely looking forward to reading this one as well!

Anonymous said...

at last....

congrats!

Anonymous said...

For the love of god, when can I pre-order this?

Jeremy Hoel said...

Looking forward to an updated NSM book.. should be a great read!

Richard Bejtlich said...

Thanks everyone. Anonymous, I appreciate your interest, but I just signed the contract yesterday night. It will take No Starch a while to get details online. :)

Anonymous said...

@Richard Yeah, I guess so... When you said you stopped reading tech books, I figured you would likely be done writing them as well. I'm glad to be wrong.

Congrats, and thanks! :)

Chris Buechler said...

I was also surprised to see this given your other recent posts, but definitely glad. An updated NSM book is definitely needed. Looking forward to it!

w1resh4rk said...

Congrats, really can't wait to read it.

leBolide said...

Looking forward to it!

Anonymous said...

Shouldn't we start betting who from Bruins 2011 team is going to make it to the new book? Surely Lucic for the SO box.

Ron Sinclair said...

Gotta put the book on my wish list!

Anonymous said...

This sounds great. Far too few good books on this subject. Please try to incorporate what you consider to be the best open source visualization tools. This is the most critical tool that is overlooked by most NSM pros in my opinion. Ironically it is the one tool that if implemented correctly can help initially alert the "average" IT Admin that there is a problem. Then the packet sniffers/log aggregators/parsers can be utilized to drill down to determine cause and effect. Regardless, this book will be added to my shelf.

rot26 said...

Great news Richard! Looking forward to this.