// Comparison

The Practice of Network Security Monitoring vs Tableaux de bord de la sécurité réseau: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52013

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Advanced

3/52010

Tableaux de bord de la sécurité réseau

Cédric Llorens, Laurent Levier, Denis Valois

A practitioner's manual for measuring and steering network security — metrics, dashboards, monitoring and risk indicators — for the people who run security operations.

Read this if

Every SOC analyst and detection engineer. Bejtlich's foundational text on NSM: collect-everything, alert-on-narrow, investigate-broadly. Defines the vocabulary the modern detection field still uses.

Network and security engineers, and security managers who need to instrument and report on security: what to measure, how to build dashboards, how to track risk over time.

Skip this if

Readers wanting current SIEM tooling specifics. The book pre-dates EDR-as-default and modern cloud-native telemetry; the principles transfer, the tooling specifics don't.

Readers wanting attacks or the latest cloud-native tooling; it's an operations-and-metrics book whose editions predate much of the modern stack.

Key takeaways

Detection without prevention is a strategic choice, not a fallback; Bejtlich was years ahead in arguing the case and the book remains the clearest argument.
The four data types (full content, session, transactional, statistical) are still the right framework for thinking about detection coverage.
Most SOC failures are organizational and procedural, not tooling; the book's chapters on workflows, runbooks, and analyst growth are still the best in print.

A rare French book focused on measuring security — metrics, indicators and dashboards, not exploits.
Written for security operations and management: how to make security legible to the organisation.
The principles of security measurement endure; check the specific tooling against current practice.

How they compare

We rate The Practice of Network Security Monitoring higher (5/5 against 3/5 for Tableaux de bord de la sécurité réseau). For most readers, that means The Practice of Network Security Monitoring is the primary pick and Tableaux de bord de la sécurité réseau is a useful follow-up.

The Practice of Network Security Monitoring is pitched at intermediate level. Tableaux de bord de la sécurité réseau is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

The Practice of Network Security Monitoring and Tableaux de bord de la sécurité réseau both cover Defensive, Detection, Networking, so reading them in sequence reinforces the same material from different angles.

Keep reading