Statistical flow analysis helps identify compromised machines in a vast network, approves or disapproves Data Leakage Prevention (DLP) system findings by cross references, and profiles individuals when needed. This style of analysis can reveal a lot of information. It can help you find a compromised machine or critical business files being leaked to the outside world. You can profile someone to find out their work schedule, hours of inactivity, or sources of entertainment while at work.
We will cover the following key concepts in this chapter:
- Statistical flow analysis
- Collecting and aggregating data
- Key concepts around Internet Protocol Flow Information Export (IPFIX) and NetFlow