These records can help security professionals when responding to an incident. During an attack, for example, network flow information often effectively reveals the quantity (but not content) of a network's extracted data. The logged info can also help identify systems infected with malicious code. Networking professionals can use the data to troubleshoot network anomalies and analyze bandwidth utilization. I strongly recommend network...
flow logging as part of a well-rounded security program.
Additionally, in a large enterprise, flow data may quickly consume large quantities of storage space. You'll need to estimate your storage needs and develop a retention policy that balances business needs with the technical capabilities of the system.
Dig deeper on Network Behavior Anomaly Detection (NBAD)
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.