Packet capture has been the definite tool for network visibility for many years but its time for evolution. Increasing use of encryption prevents payload visibility. Bandwidth increases in LAN and WAN increases the amount of data collect and analyse. Speed increases make it more and more challenging to collect, store, archive and analyse packet data.
Enter flow export, statistical analysis and machine learning. Data collection at scale using flow exports (sFlow/IPfix) provides data that can be analysed at scale. Events in the data are recognised and fingerprinted.
Patterns in encrypted flows combined with meta data such as domain name . . .