// Comparison

Applied Network Security Monitoring vs Zero Trust Networks: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52013

Applied Network Security Monitoring

Collection, Detection, and Analysis

Chris Sanders, Jason Smith

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

Intermediate

4/52017

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman, Doug Barth

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

Read this if

SOC analysts and aspiring detection engineers who want a structured mental model for collection, detection, and analysis rather than a pile of disconnected tooling tutorials.

Architects and platform engineers tasked with implementing zero-trust without buying a product called Zero Trust. The book is the rare resource that walks through the engineering substrate — service identity, attestation, policy decision points — instead of the marketing.

Skip this if

Anyone hoping for a current toolkit. Skip this if you want hands-on Zeek/Suricata/Elastic configs you can paste today, the commands here have aged out.

Readers wanting current vendor-comparison or specific cloud-native zero-trust (BeyondCorp, Tailscale, Cloudflare Access, Tetragon) detail. The 2017 publication pre-dates almost all of the productized zero-trust marketplace; the principles are durable, the products are not.

Key takeaways

Collection is a deliberate decision, not a default. Decide what data matters before you drown in everything.
The book's split of detection into signature, anomaly, and statistical approaches still maps cleanly onto how modern stacks work.
Analysis is a discipline with a workflow, not improvised packet-staring, and that framing is the most durable thing here.

Zero trust is a property of the architecture, not a product; the book makes this case convincingly enough that it should be the first read for anyone leading a ZT initiative.
Device and workload identity are the load-bearing layer most ZT deployments under-invest in.
Migration is the project — most organizations cannot adopt zero trust without a multi-year incremental plan, and the book's chapters on incremental rollout are the most useful in practice.

How they compare

Applied Network Security Monitoring and Zero Trust Networks are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Applied Network Security Monitoring and Zero Trust Networks both cover Networking, Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading