These records can help security professionals when responding to an incident. During an attack, for example, network...
flow information often effectively reveals the quantity (but not content) of a network's extracted data. The logged info can also help identify systems infected with malicious code. Networking professionals can use the data to troubleshoot network anomalies and analyze bandwidth utilization. I strongly recommend network flow logging as part of a well-rounded security program.
Additionally, in a large enterprise, flow data may quickly consume large quantities of storage space. You'll need to estimate your storage needs and develop a retention policy that balances business needs with the technical capabilities of the system.
Related Q&A from Mike Chapple
The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works...continue reading
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.continue reading
A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.