Traditional intrusion detection and logfile analysis are no longer enough to protect today’s complex networks. In the updated second edition of this practical guide, security researcher Michael Collins shows InfoSec personnel the latest techniques and tools for collecting and analyzing network traffic datasets. You’ll understand how your network is used, and what actions are necessary to harden and defend the systems within it.

In three sections, this book examines the process of collecting and organizing data, various tools for analysis, and several different analytic scenarios and techniques. New chapters focus on active monitoring and traffic manipulation, insider threat detection, data mining, regression and machine learning, and other topics.

You’ll learn how to:

• Use sensors to collect network, service, host, and active domain data


• Work with the SiLK toolset, Python, and other tools and techniques for manipulating data you collect


• Detect unusual phenomena through exploratory data analysis (EDA), using visualization and mathematical techniques


• Analyze text data, traffic behavior, and communications mistakes


• Identify significant structures in your network with graph analysis


• Examine insider threat data and acquire threat intelligence


• Map your network and identify significant hosts within it


• Work with operations to develop defenses and analysis techniques