// Comparison

The Practice of Network Security Monitoring vs Sécurité et espionnage informatique: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52013

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Advanced

4/52015

Sécurité et espionnage informatique

Connaissance de la menace APT et du cyberespionnage

Cédric Pernet

A technical French guide to advanced persistent threats and cyber-espionage — how APT campaigns work, how to detect them, and how to defend — by one of France's APT specialists.

Read this if

Every SOC analyst and detection engineer. Bejtlich's foundational text on NSM: collect-everything, alert-on-narrow, investigate-broadly. Defines the vocabulary the modern detection field still uses.

Defenders, threat-intel analysts and SOC engineers who want to understand the APT kill chain, attacker tradecraft and detection, from a French practitioner who has hunted these groups.

Skip this if

Readers wanting current SIEM tooling specifics. The book pre-dates EDR-as-default and modern cloud-native telemetry; the principles transfer, the tooling specifics don't.

Beginners without a security background; it assumes familiarity with networks and incident response, and is aimed at professional defenders.

Key takeaways

Detection without prevention is a strategic choice, not a fallback; Bejtlich was years ahead in arguing the case and the book remains the clearest argument.
The four data types (full content, session, transactional, statistical) are still the right framework for thinking about detection coverage.
Most SOC failures are organizational and procedural, not tooling; the book's chapters on workflows, runbooks, and analyst growth are still the best in print.

One of the first serious French books dedicated to APTs and cyber-espionage.
Practitioner-grounded: the attacker lifecycle and the detection/defence response, not vendor marketing.
A strong bridge between threat intelligence and hands-on detection engineering for French-speaking defenders.

How they compare

We rate The Practice of Network Security Monitoring higher (5/5 against 4/5 for Sécurité et espionnage informatique). For most readers, that means The Practice of Network Security Monitoring is the primary pick and Sécurité et espionnage informatique is a useful follow-up.

The Practice of Network Security Monitoring is pitched at intermediate level. Sécurité et espionnage informatique is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

The Practice of Network Security Monitoring and Sécurité et espionnage informatique both cover Defensive, Detection, so reading them in sequence reinforces the same material from different angles.

Keep reading