March 05, 2004, 3:45 PM — Author Eugene Schultz, increasingly frustrated with the limited scope of existing books on the subject of intrusion detection, set out to write a book that covers how to implement top intrusion detection products into real-world networked environments - from the perspective of someone who lives and breathes intrusion detection.
Title: Intrusion Detection & Prevention
Authors: Carl Endorf, Eugene Schultz & Jim Mellander
Sample chapter: Understanding Intrusion Detection
Q: What led you to write this book?
A: I work in intrusion detection day-to-day and have put together a course on this topic that I teach quite often. As I was looking through various books on intrusion detection to get ideas for the course a little over a year ago, I started to realize that many, if not most, of these books don't get at what intrusion detection is really all about. I even started hesitating listing the names of some of these books in the bibligraphy section of my course materials, fearing that I might be doing course attendees a disservice. This is what started me thinking about writing a book on this subject.
Does this book fill a need that others have failed to fill? Please explain.
Definitely - in two major respects. First, this book is written from the perspective of people who actually do intrusion detection. We know "the good, the bad, and the ugly" about this area and have tried to reflect this knowledge in what we have written. Second, some people (and even professional organizations) have reduced intrusion detection to reading data in packets and recognizing attack signatures. I view intrusion detection as something much, much bigger - something that may at times require analyzing packet data, but something that also requires planning an entire capability, creating operational procedures, using different types of software (of which intrusion detection systems are only one of many useful types), deploying systems and software properly, taking into account legal considerations, and so forth. This book is, to the best of my knowledge, the only one that attempts to cover all major areas - technical and non-technical - of intrusion detection and prevention.
Why this book? Why now?
The book represents very current knowledge and thinking about intrusion detection and prevention and takes on the many myths that too often prevail (especially in vendor rhetoric). I also like the fact that the book covers emerging trends and technologies and future directions - something intended to help readers in planning for what's in store in the near future.