North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: A useful oversimplification for network surveillance?
- From: Florian Weimer
- Date: Thu Aug 25 12:23:15 2005
> We use both -- NetFlow gives us trending data which helps us
> identify issues and patterns, Snort allows us to perform a deeper
> analysis -- I don't think you could use one and not the other and
> have effective traffic inspection.
Of course, but you do this to support certain processes in your
organization. I just wonder how a process might look like which
actually needs data gathered by an IDS, at the ISP level.
(Drawing pretty charts showing the number of attacks you've blocked
doesn't count, IMHO.)