The Tao of Network Security Monitoring Beyond Intrusion Detection

3. Deployment Considerations

This chapter lays the foundation for Part II, where I discuss NSM products. A product is worthless unless it can see packets. Before analysts investigate events, security engineers must devise a way to access network traffic, and system administrators must install hardware and software to support NSM applications. Network administrators must ensure that NSM platforms are remotely accessible. Before solving any of these problems, however, it's appropriate to consider the threat model that drives product deployment choices.

Threat Models and Monitoring Zones

The threat model represents the threats for which the NSM solution is engineered and the assets it is supposed to monitor. A threat model is an expression of expectations. ...

Get The Tao of Network Security Monitoring Beyond Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Tao of Network Security Monitoring Beyond Intrusion Detection by

3. Deployment Considerations

Threat Models and Monitoring Zones

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly