One of the goals of this book is achieving situational awareness or, to put it another way, an understanding of the environment you are operating in. This book is about collecting data and looking at networks in order to understand how the network is used.
The author mentions the target for this book are network administrators and operational security analyts. I would add networking students and hackers on the top of this target. The content is very easy to follow though.
The book is divided into three sections (data, tools and analytics). It contains a total of 15 self-contained chapters.
The data section (chapters 1-4) covers the way to collect, storage and organize data. This part discuss about sensors, the best place to set them, the tooling to interface them and the issues/solutions related to the vast amount of data generated.
The tool section (chatpers 5-9) keeps the focus on tools. It covers analysis, visualization and reporting aspects. Some of these tools are SiLK, R, Graphviz, nmap, Wireshark or netcat.
The analytics section (chapters 10-15) studies the nature of the networking traffic and how some mathematical and statistical models can be used to examine data. Among the different analysis you can find useful information related to DDoS attacks, scanning patterns or port correlations approaches.
This book is interesting. It is a great update in this topic and it faces the recent issue of ‘big data’ and massive analysis from a network security perspective.
At the same time, I found the jargon of the author a bit thick along some chapters. I guess it is the result of trying to generalize some concepts and techniques while he introduces concrete examples.
As mentioned, I think this book contains good stuff. It covers a broad spectrum of topics so it could be a great book to jump in this area too. The author makes a good job and he talks from experience.
I found this book available here:
The next technical review 