> We use both -- NetFlow gives us trending data which helps us > identify issues and patterns, Snort allows us to perform a deeper > analysis -- I don't think you could use one and not the other and > have effective traffic inspection.
Of course, but you do this to support certain processes in your organization. I just wonder how a process might look like which actually needs data gathered by an IDS, at the ISP level. (Drawing pretty charts showing the number of attacks you've blocked doesn't count, IMHO.)
