This book demonstrates how to boil down complex security monitoring and incident response ideas into their most basic elements. Using a data-centric approach, the authors share how to create your own unique incident detection strategy, how to keep your ideas and methods fresh, how to discover and develop your own threat intelligence, how to get the most out of participating in the security community, and how to compete against the malicious actors already attacking your network. Most Information Security books tend to fall into the same trap of spending page after page describing how to configure open-source security software packages, or drone on about various configuration options replete with screenshots. This book focuses on strategy and technique, and is intended to give those in the know - as well as those just getting started - practical advice and examples of not just how to install and configure tools, but how to strategically use them in real-world settings.
With over ten years of information security experience, Jeff Bollinger has worked as a security architect and incident responder for both academic and corporate networks. Specializing in investigations, network security monitoring, and intrusion detection, Jeff Bollinger currently works as an information security investigator, and has built and operated one of the world's largest corporate security monitoring infrastructures. Jeff regularly speaks at international FIRST conferences, and writes for the Cisco Security Blog. His recent work includes log mining, search optimization, threat research, and security investigations.
Brandon Enright is a senior information security investigator with Cisco Systems. Brandon has a bachelor's degree in computer science from UC San Diego where he did research in the Systems and Networking group. Brandon has coauthored several papers on the infrastructure and economics of malware botnets and a paper on the impact of low entropy seeds on the generation of SSL certificates. Some of his work in cryptography includes presenting weaknesses in some of the NIST SHA3 competition candidates, fatally knocking one out of the competition, and authoring the Password Hashing Competition proposal OmegaCrypt. Brandon is a long-time contributor to the Nmap project, a fast and featureful port scanner and security tool. In his free time Brandon enjoys mathematical puzzles and logic games.
Matthew Valites is a senior investigator and site lead on Cisco's Computer Security Incident Response Team (CSIRT). He provides expertise building an Incident Response and monitoring program for cloud and hosted service enterprises, with a focus on targeted and high-value assets. A hobbyist Breaker and Maker for as long as he can recall, his current professional responsibilities include security investigations, mining security-centric alerts from large data sets, operationalizing CSIRT's detection logic, and mobile device hacking. Matt enjoys speaking at international conferences, and is keen to share CSIRT's knowledge, best practices, and lessons-learned.