25 Aug
2005
25 Aug
'05
12:21 p.m.
We use both -- NetFlow gives us trending data which helps us identify issues and patterns, Snort allows us to perform a deeper analysis -- I don't think you could use one and not the other and have effective traffic inspection.
Of course, but you do this to support certain processes in your organization. I just wonder how a process might look like which actually needs data gathered by an IDS, at the ISP level. (Drawing pretty charts showing the number of attacks you've blocked doesn't count, IMHO.)