Security Analyst’s Notebook: Beyond Netflow

White Paper


NetFlow was originally designed to provide network administrators the ability to monitor network traffic and pinpoint network congestion. Security analysts discovered that NetFlow was also useful as a profiling tool for finding network intrusions. 

However, NetFlow was never designed for detecting network intrusions. The lack of design intent around intrusion detection greatly limits its ability to provide quality data and analytic capabilities that incident response experts require when they are rolling up their sleeves at their computers day in and day out looking for threats.