The collection and analysis of network metadata, such as NetFlow, is an effective way to identify advanced attacks, insider threats or data exfiltration.
There are three major features/activities required by an effective NetFlow management tool:
- Deduplicate the flow to remove redundant information
- Directionality to determine the relationship between flow endpoints
- Robust Querying capabilities
There is a Part 2 coming up soon, which will focus on the Analytics aspects of this.
Title Image courtesy: jimjansen.blogspot.com