I was fortunate enough to have an article I wrote on a methodology for network traffic analysis published in the April ISSA Journal. The article lays out the jumping off points approach and gives some practical techniques for monitoring an enterprise network. Here is the abstract from the article:
"This article describes practical techniques for the cyber security professional to efficiently sift through the voluminous amounts of network data. These techniques leverage different views of the data to discern between patterns of normal and abnormal behavior and provide tangible jumping off points for deeper investigation."
If you are interested, give it a read and share your thoughts!