Enriched Flow Data

Lately I've had a number of discussions with colleagues about how enriching network flow data (netflow) can take it from being a good analytical data source to a great and incredibly powerful analytical data source. Netflow is a data source with an incredible amount of breadth -- it's more or less a record of every transaction on your network. The good news for us analysts is that nowadays there is enough technology around to enrich netflow with layer 7 (application level) data. Once you do this, there is seemingly no limit to the creative and interesting analytical techniques you can develop. Something to think about for sure.