Cyber Shelf

// Comparison

Applied Network Security Monitoring vs Network Security Through Data Analysis: Which Should You Read?

Two cybersecurity books on Detection, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
4/52013
Applied Network Security Monitoring

Collection, Detection, and Analysis

Chris Sanders, Jason Smith

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

Intermediate
4/52017
Network Security Through Data Analysis

From Data to Action

Michael Collins

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Read this if

SOC analysts and aspiring detection engineers who want a structured mental model for collection, detection, and analysis rather than a pile of disconnected tooling tutorials.
Detection engineers and SOC analysts who've graduated from "what alert is this" to "is this alert worth triaging at all." Collins is the quantitative-detection text the field needed.

Skip this if

Anyone hoping for a current toolkit. Skip this if you want hands-on Zeek/Suricata/Elastic configs you can paste today, the commands here have aged out.
Beginners with no NSM background, or readers who only do log-based detection. The book leans heavily on flow data and statistical thinking; pair with The Practice of Network Security Monitoring (Bejtlich) first if you're new to the discipline.

Key takeaways

  • Collection is a deliberate decision, not a default. Decide what data matters before you drown in everything.
  • The book's split of detection into signature, anomaly, and statistical approaches still maps cleanly onto how modern stacks work.
  • Analysis is a discipline with a workflow, not improvised packet-staring, and that framing is the most durable thing here.
  • Detection engineering at scale is a statistical problem; the book teaches the framing every modern SOC eventually reinvents.
  • Flow-data analytics (NetFlow / IPFIX / sFlow) catch lateral movement that packet-based detection misses; the book is the cleanest treatment in print.
  • Time-series anomaly detection can be done well with off-the-shelf tooling and clear thinking; the chapters on baseline calibration are the practical core.

How they compare

Applied Network Security Monitoring and Network Security Through Data Analysis are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Applied Network Security Monitoring and Network Security Through Data Analysis both cover Detection, Networking, Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Applied Network Security Monitoring

Alternatives to Applied Network Security MonitoringWhat to read after Applied Network Security Monitoring

Network Security Through Data Analysis

Alternatives to Network Security Through Data AnalysisWhat to read after Network Security Through Data Analysis

Related topics

DetectionNetworkingDefensive