I came across this book on Safari during the week and the title definitely caught my eye as I'm always interested to see new material in the area of data analytics and security. Additionally, when I saw that the book was only around 180 pages, I figured this would be a nice easy read and intro to analytics that I could learn a few bits from and potentially recommend to others.
Unfortunately, the book really disappoints in both aspects and while there are one or two good chapters, I can't recommend reading the whole thing or paying full price for it.
The book starts off really well, giving an overview of what the authors mean by security analytics and mention many of the concepts that are, or can be, used to derive meaning out of data, such as statistics, machine learning, regression, text mining, simulations and clustering.
The second and third chapters give an intro to some of the tools of the trade that are most often used, mentioning R, Python, Simulation Software, Hadoop, Mapreduce and NoSQL databases and then work through some practical examples and exercises around the analysis of log file data, covering loading data into Hive, doing fuzzy searching on the data. What was nice in this chapter is that they use freely available data sets so you can easily download the data and follow along.
The fourth chapter moves on to simulations and unfortunately at this point I felt the book went downhill. Seeing as simulations are a new area for me, I was looking forward to learning something really new in this chapter but I felt that there wasn't enough context put around how simulations could be used for security analytics and while a practical example using anti-virus data is used, it really doesn't flow as well from the previous chapter and appeared a bit contrived.
The fifth chapter then seems to revert back to similar content as the third chapter and covers Access Analytics. However, the structure of this chapter is very strange and starts off with a explanation of what VPNs are, the threats around VPN access and then talks a lot about Python, which seems strange to include here for such a short book and really should have been covered in the second chapter on tools. Unfortunately, this entire chapter effectively is simply an example of using Python and doing haversine analysis, which while really cool and definitely worthwhile, shouldn't really be a full chapter on itself.
I have to say that at this point I was pretty much ready to put the book down but figured I'd continue on seeing as there wasn't much left and I'm definitely glad I did as chapter six provides a really nice introduction to text mining and touches on word association, correlation and clustering. This is a really solid chapter that I'd highly recommend people new to the area read.
The last chapter finishes off with a discussion on the importance of utilizing data more and promotes the reader to go and dig more using the techniques outlined in the book.
Overall, while the book starts off well and has one or two good chapters, I really can't recommend people buy this book or read all the chapters. There's definitely good content in here but the structure, focus and level of detail seems to vary dramatically across each of the chapters and there's overlapping areas that should really have been consolidated.
I really couldn't recommend purchasing it at the current price of around €50 and honestly can't see how the publishers could even justify trying to price the book in this bracket.
I'd really love to see a second edition of this where the material is restructured a bit and made to flow better as I think it could really be a great intro to security analytics if this was done and it was priced closer to the €15 price point.
If you have a Safari or other eBook subscription and can read some of the chapters for free then it's definitely worth a quick flick through, especially to read the first three chapters and the chapter on text mining.
Links:
Amazon http://www.amazon.com/Information-Security-Analytics-Insights-Anomalies/dp/0128002077/
Safari http://techbus.safaribooksonline.com/book/networking/security/9780128002070
Unfortunately, the book really disappoints in both aspects and while there are one or two good chapters, I can't recommend reading the whole thing or paying full price for it.
The book starts off really well, giving an overview of what the authors mean by security analytics and mention many of the concepts that are, or can be, used to derive meaning out of data, such as statistics, machine learning, regression, text mining, simulations and clustering.
The second and third chapters give an intro to some of the tools of the trade that are most often used, mentioning R, Python, Simulation Software, Hadoop, Mapreduce and NoSQL databases and then work through some practical examples and exercises around the analysis of log file data, covering loading data into Hive, doing fuzzy searching on the data. What was nice in this chapter is that they use freely available data sets so you can easily download the data and follow along.
The fourth chapter moves on to simulations and unfortunately at this point I felt the book went downhill. Seeing as simulations are a new area for me, I was looking forward to learning something really new in this chapter but I felt that there wasn't enough context put around how simulations could be used for security analytics and while a practical example using anti-virus data is used, it really doesn't flow as well from the previous chapter and appeared a bit contrived.
The fifth chapter then seems to revert back to similar content as the third chapter and covers Access Analytics. However, the structure of this chapter is very strange and starts off with a explanation of what VPNs are, the threats around VPN access and then talks a lot about Python, which seems strange to include here for such a short book and really should have been covered in the second chapter on tools. Unfortunately, this entire chapter effectively is simply an example of using Python and doing haversine analysis, which while really cool and definitely worthwhile, shouldn't really be a full chapter on itself.
I have to say that at this point I was pretty much ready to put the book down but figured I'd continue on seeing as there wasn't much left and I'm definitely glad I did as chapter six provides a really nice introduction to text mining and touches on word association, correlation and clustering. This is a really solid chapter that I'd highly recommend people new to the area read.
The last chapter finishes off with a discussion on the importance of utilizing data more and promotes the reader to go and dig more using the techniques outlined in the book.
Overall, while the book starts off well and has one or two good chapters, I really can't recommend people buy this book or read all the chapters. There's definitely good content in here but the structure, focus and level of detail seems to vary dramatically across each of the chapters and there's overlapping areas that should really have been consolidated.
I really couldn't recommend purchasing it at the current price of around €50 and honestly can't see how the publishers could even justify trying to price the book in this bracket.
I'd really love to see a second edition of this where the material is restructured a bit and made to flow better as I think it could really be a great intro to security analytics if this was done and it was priced closer to the €15 price point.
If you have a Safari or other eBook subscription and can read some of the chapters for free then it's definitely worth a quick flick through, especially to read the first three chapters and the chapter on text mining.
Links:
Amazon http://www.amazon.com/Information-Security-Analytics-Insights-Anomalies/dp/0128002077/
Safari http://techbus.safaribooksonline.com/book/networking/security/9780128002070
