When the security team identifies a suspicious activity, they often turn to NetFlow or IPFIX first to gain insight into how the bad actor gained access to the internal network. Should a network incident response system used for tracking down malicious communication activities place emphasis on flow directionality?
Determining NetFlow Direction is the process of trying to ascertain who initiated a flow. Although “NetFlow Direction” is the title of this post, the word ‘Direction’ in NetFlow means something entirely different. According to the IETF standard for flow technologies called IPFIX, direction has to do with the observation point of a flow. (i.e. ingress …
NetFlow Direction and it’s Value to Troubleshooting Read More »