Exactly 20 years ago today, my inaugural publication, The Tao of Network Security Monitoring: Beyond Intrusion Detection, was officially launched by Addison-Wesley/Pearson.
In this article dating back to 2017, I discuss the distinctions among my first four literary works and the rationale behind penning Tao.
Receiving feedback that my publications have been beneficial always brings me immense joy.
While I have concluded writing about security matters, I maintain that the fundamental tactics and strategies detailed in all my books retain their relevance. Nonetheless, the fact that these strategies are still indispensable is somewhat disheartening. Ideally, I would have hoped to render these tactics and strategies obsolete. The advent of phenomena like “The Cloud” should have alleviated our concerns by now.
Illustrating this point is an excerpt from a report delineating CISA’s red team operation against a federal agency:
“[A]ttempts to retrieve forensic data via packet captures were executed directly on the compromised Solaris and Windows hosts, allowing the red team to witness data collection in real-time, thereby enabling the potential disruption of collection, tampering with evidence files, and refining their evasion tactics.”
This underscores why a sole dependency on EDR for comprehending adversary actions should be avoided. Adversaries possess the capability to disable or manipulate your endpoint security measures. For network security monitoring, it’s advisable to abstain from endpoint data collection and instead deploy network taps or resort to span ports if necessary.
None of the revelations stemming from this intrusion would have been unexpected back in 2004.
Here is the article I shared in 2004 upon receiving the first printed copy.
No feeling quite compares to holding a physical copy in your hands, a sentiment I truly value!
I may revisit this milestone in another 5 years. Until then!
About Author
