A useful oversimplification for network surveillance?

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'd most certainly use an IDS (i.e. SNORT) for this instead of
> netfow....

Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?

(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]