FREE Delivery in the UK.
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Applied Network Security ... has been added to your Basket
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Applied Network Security Monitoring: Collection, Detection, and Analysis Paperback – 5 Dec 2013

5.0 out of 5 stars 4 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£20.49 £27.67
Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£30.99 FREE Delivery in the UK. In stock. Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

Frequently Bought Together

  • Applied Network Security Monitoring: Collection, Detection, and Analysis
  • +
  • Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
  • +
  • Rtfm: Red Team Field Manual
Total price: £41.56
Buy the selected items together

Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 496 pages
  • Publisher: Syngress (5 Dec. 2013)
  • Language: English
  • ISBN-10: 0124172083
  • ISBN-13: 978-0124172081
  • Product Dimensions: 19 x 2.8 x 23.5 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 141,397 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description


"... an extremely informative dive into the realm of network security data collection and analysis...well organized and thought through...I have only positive comments from my study." -The Ethical Hacker Network, Oct 31, 2014

About the Author

Chris Sanders is a computer security consultant, author, and researcher. A SANS Mentor who holds several industry certifications, including CISSP, GCIA, GCIH, and GREM, he writes regularly for WindowSecurity.com and his blog, ChrisSanders.org. Sanders uses Wireshark daily for packet analysis. He lives in Charleston, South Carolina, where he works as a government defense contractor.

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
I was impressed by the top quality of the content of this book, on a field that although few other books have been written , it is simple, well written, detailed with the necessary theory and practical examples along with valuable practical advice from security experts.

One of the most interesting IT security books I have read and definitely the best book on the topic. Credit to the author who donates his royalties from the book to charities. Great book , great authors.

Note: This book is not about setting up Security Onion and filling 3-4 chapters with screenshots and step by step instructions, like another book on the same topic which should be avoided.
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Been reading this on safaribooksonline.com and its a great all round NSM primer. Some good ideas and food for thought. As other reviews have stated, this isn't a step by step guide but instead offers reasons why certain monitoring methods should be implemented and how effective that data can be.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
The book gives a very clear overview of Network Security Monitoring and the various tools that are available. The author gives a lot of tips
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
Just great.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9947dea8) out of 5 stars 28 reviews
7 of 7 people found the following review helpful
HASH(0x992f2330) out of 5 stars Written by Analysts for Analysts. 27 Mar. 2014
By Danny Akacki - Published on Amazon.com
Format: Paperback Verified Purchase
Here's what you need to know about Applied NSM.

1. It's an amazingly easy read.

Those of us who have ever been forced into digesting anything ever published by Cisco Press know easy to read textbooks are diamonds in the rough. It's clear the authors of Applied NSM went to great lengths to be as technically thorough as possible while maintaining an easy, entertaining and conversational tone throughout the book. It's the anti "Makes Me Want To Bash My Face Into My Desk Just To Stay Awake" book.

2. The right tool for the job but...

The goal of any analyst is simple but crucial, find evil by any means necessary. To that end you need better weapons than your adversary. In this book Security Onion is your arsenal and the authors perform a deep dive into all wonderful toys Security Onion has to offer. The tools listed within the pages of this book are your ticket to a better way to find the badness lurking on your clients network. That being said...

3. ...tools alone will not save you and the authors know it.

Of all the weapons at your disposal in the never-ending hunt for evil, unequivocally the most important is that big spongy thing between your ears. This book isn't just a stack of man pages with a fancy cover thrown on, it provides valuable insight and guidance to aid your own unique thought process and hunting style. On that topic, a special note...

4. Get your mind right.

Chapter 15 "The Analysis Process" should be required reading for both every newbie working in a SOC and every jaded veteran. This chapter could be it's own book and if I have any complaint about Applied NSM it's that this chapter wasn't long enough for me. It's so absolutely crucial I recommend you read it first, then read it again. If you buy the book for no other reason, buy it for Chapter 15.

So that's it, whether you're a n00b looking to find his footing in this industry or a battle tested warrior looking for new ways to catch the bad guys, Applied Network Security Monitoring is an absolute must have. Good hunting!
5 of 5 people found the following review helpful
HASH(0x992ca114) out of 5 stars Excellent guide for starting and expanding a Network Security Pratice. 17 Dec. 2013
By Wesley Allen - Published on Amazon.com
Format: Paperback
Great book! If you are totally new to the practice of NSM then all you need to get set up, capture some data and start doing some analysis is in here. If you are already doing some NSM work, then this will help you extend and expand into new areas. The authors focus on open source / free programs and utilities, so the only cost to start a IDS is some hardware and your time.

I have been doing security for awhile, but not much focused intrusion detection before my current position. This book really helped "fill in the gaps" in my knowledge of NSM and give me a push in the right direction as far as using SiLK and a couple of the other tools. There is more then enough info to get started, but not to much that would be overly specific to a given setup, so it is still up to you to do a bit of research and dig deeper into the areas that the book introduces that you might want to use in your day to day work. You do need to have the basics of networking, security and TCP/UDP/IP down first, but they do a good job starting slow and building up.

I read through the book pretty quickly to pick up the areas I want to work in more, and will continue to use it as a reference in my work.
3 of 3 people found the following review helpful
HASH(0x99302624) out of 5 stars Well worth your time 3 April 2014
By Michael W Lucas - Published on Amazon.com
Format: Kindle Edition
Some of Applied Network Security Monitoring will be very familiar to anyone who has read any other security book–I’ve read many times that risk equals impact times probability. Every book on this topic needs this information, however, and Sanders and company cover it in sufficient detail to ground a probie while letting the rest of us easily skim it as a refresher.

Then they take us through selecting data collection points and how they make decisions on where to collect data and what kind of data to collect. Ideally, of course, you collect full packet data everywhere, but in my semi-rural gigabit ISP world I don’t have enough electricity to spin that much disk. Where can you get by with session data, and where do you need full packet capture? ANSM takes you through the choices and the advantages and disadvantages of each, along with some guidance on the hardware needs.

Data is nice, but it’s what you do with the data that makes security analysis interesting. ANSM uses Security Onion as an underlying toolkit. Security Onion is huge, and contains myriad tools for any given purpose. There’s reasons for this–no one NSM tool is a perfect fit for all environments. ANSM chooses their preferred tools, such as Snort, Bro, and SiLK, and takes you through configuring and using them on the SO platform. Their choices give you honeypots and log management and all the functionality you expect.

Throughout the book you’ll find business and tactical advice. How do you organize a security team? How do you foster teamwork, retain staff, and deal with arrogant dweebs such as yours truly? (As an aside, ANSM contains the kindest and most business-driven description of the “give the arrogant guy enough rope to hang himself” tactic that I have ever read.) I’ve been working with the business side of IT for decades now, and ANSM taught me new tricks.

The part of the book that I found most interesting was the section on analysis. What is analysis, anyway? ANSM takes you through both differential analysis and relational analysis, and illustrates them with actual scenarios, actual data. Apparently I’m a big fan of differential diagnosis. I use it everywhere. For every problem. Fortunately, Sanders and crew include guidelines for when to try each type of analysis. I’ll have to try this “relational analysis” thing some time and see what happens.

Another interesting thing about ANSM is how it draws in lots of knowledge and examples from the medical field. Concepts like morbidity and mortality are very applicable to information technology in general, not just network security monitoring, and adding this makes the book both more useful and more interesting.

Applied Network Security Monitoring is a solid overview of the state of security analysis in 2014, and was well worth my time to read. It’s worth your time as well.
5 of 6 people found the following review helpful
HASH(0x9930475c) out of 5 stars Great book on Network Security Monitoring 2 Feb. 2014
By Ryan Stillions - Published on Amazon.com
Format: Kindle Edition Verified Purchase
I’m a long time NSM practitioner and I work with Smith & Bianco.
Chris was gracious enough to provide me with a PDF copy of the book for review.
- - - -

Applied NSM is a powerhouse of practitioner knowledge. Divided into three primary sections (Collection, Detection, & Analysis) ANSM focuses on the key staples necessary for establishing a successful NSM program and how to get up and running.

The book weighs in at an impressive 465 pages (including appendixes). However, depending on the readers familiarity with NSM and exposure to other related works on the subject, there could be some overlap.

The areas I found most valuable that contributed new concepts to my “NSM library" included:

Chapter 2’s discussion on the Applied Collection Framework
Chapter 4’s coverage of SiLK for analysis of flow data
Chapter 6’s coverage of LogStash and Kibana
Chapter 10’s coverage on Bro
Chapter 11’s coverage on Anomaly based detection via SiLK tools
Appendix 3 makes for a handy desk side reference if you work with raw packet captures on a daily basis.

For these sections alone, ANSM makes it well worth the purchase and addition to your collection. Speaking of which, all of the proceeds from this book go to several charities, and after having initially reviewed it for free, I still decided to purchase a copy on Kindle to have as a desk side reference and support such great causes.

Great job guys!
2 of 2 people found the following review helpful
HASH(0x9931a360) out of 5 stars Should be read by anyone starting or involved in network security monitoring! 11 July 2014
By Bryon Hundley - Published on Amazon.com
Format: Paperback
Another outstanding PRACTICAL approach by Chris Sanders accompanied by Jason Smith this round. This book should be required reading for all intrusion analyst and those looking to develop a security monitoring program. The ACF mentioned in the book should be the standard for building a data collection architecture in my opinion. Organizations use the "everything and the kitchen sink" approach all to often (like let's throw everything into Arcsight) without looking at what they should really be collecting and defining out the results that should be achieved.
I am also a strong believer and practitioner of the Threat Centric approach mentioned in the book. It seems the industry is turning in that direction and seeing threats for what they are instead of each falling into a neat category. It's the right approach and this book applies it in a practical manner that makes sense.
Were these reviews helpful? Let us know