Sunday, July 17, 2005

Draft of Extrusion Detection Submitted for Copyeditin

I am happy to report that I just submitted the final draft of my next book Extrusion Detection: Security Monitoring for Internal Intrusions to my publisher, Addison-Wesley. The new book is a sequel to The Tao of Network Security Monitoring: Beyond Intrusion Detection. I think readers will find the new book very interesting. Thus far my reviewers have provided positive feedback.

For those interested in the mechanics of book writing: I thought of the idea last summer, just after my first book arrived. I signed a contract in November, then began writing in January. My first due date was 1 April for half the book in draft form, followed by the rest of the book in draft form by 1 June. I've been working on addressing reviewer feedback since late June, and now the book is ready for copyediting.

The chapter-level table of contents is listed next.

  1. Network Security Monitoring Revisited

  2. Defensible Network Architecture

  3. Extrusion Detection Illustrated

  4. Enterprise Network Instrumentation

  5. Layer 3 Network Access Control (by Ken Meyers)

  6. Traffic Threat Assessment

  7. Network Incident Response

  8. Network Forensics

  9. Traffic Threat Assessment Case Study

  10. Malicious Bots (by Mike Heiser)

Furthermore, there are these elements:

  • Foreword by Marcus Ranum

  • Preface

  • Appendix A. Collecting Session Data in an Emergency

  • Appendix B. Minimal Snort Installation Guide

  • Appendix C. Survey of Enumeraiton Methods (by Ron Gula)

  • Appendix D. Open Source Host Enumeration (by Rohyt Belani)

I'm estimating the book will be between 450 and 500 pages, but I usually err on the low side. Expect to see the book on shelves in December 2005 or January 2006. I'll probably provide excerpts as publication approaches as well.

You can also get a thorough look at material from the new book at day two of my class at USENIX Security in two weeks. If I am accepted to USENIX LISA in December, I hope to teach three days. The third day will also be based on Extrusion.


Jim said...

Looking forward to the book.

Anonymous said...


If you don't mind me asking, how did this work for you? Did you submit the idea right after your first book came out?

I went to my editor with the idea of doing another book...first a second edition, but then a different book...and was told that they would not even consider it until the second set of numbers came out in Oct '05.

H. Carvey
"Windows Forensics and Incident Recovery"

Richard Bejtlich said...

Hi Harlan,

I originally planned to write a book on writing Snort rules, but I decided to wait until the new Snort rules language was released. I submitted a proposal for a Snort Rules Handbook right after Tao arrived. When I saw that a new Snort rules language was delayed indefinitely, I submitted the proposal for Extrusion in November.

I review lots of draft books for Pearson and Addison-Wesley. Some end up being published elsewhere, like several of James Foster's books. If you are not satisfied with AWL, you might find another publisher more eager to work with you -- especially since you are already published.

I cannot explain my situation, but I think we work with different parts of the Pearson house, and we have different editors.

Anonymous said...


I'd guess that you're right about working in different parts of the AWL/Pearson house...

I've got some time, and an overall plan in mind for how I'm going to go about things this time...was just wondering how things had worked out for you.

Congrats on the new book...we'll have to plan to catch up at a conference after it's published so that I can get you to sign my copy of that one... ;-)

H. Carvey
"Windows Forensics and Incident Recovery"