A useful oversimplification for network surveillance?

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> We use both -- NetFlow gives us trending data which helps us
> identify issues and patterns, Snort allows us to perform a deeper
> analysis -- I don't think you could use one and not the other and
> have effective traffic inspection.

Of course, but you do this to support certain processes in your
organization.  I just wonder how a process might look like which
actually needs data gathered by an IDS, at the ISP level.

(Drawing pretty charts showing the number of attacks you've blocked
doesn't count, IMHO.)

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]