How to review information flow? Does Cisco Netflow offers this?

In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunhuxAuthor Commented:
I asked the presenter if reviewing the firewall rules (as it shows source & destination)
is good enough: he felt it's more of what data is viewed & entered for the various
IT services.

I tend to think along the line of "top talkers" (ie top sources & destinations of traffic).
Any free tools (PRTG?) that helps us do such reviews is appreciated
JustInCaseCommented:
Netflow can provide network traffic baseline. There is a need for longer period of gathering monitoring information to create proper baseline. The benefit is  that we can compare typical network throughput (including types of traffic) with current traffic (per host, between specific hosts etc). If there is sudden increase of traffic in some part of the network it can mean that someone is stealing data (for example by using ICMP or DNS traffic :) ) or that there is is DoS attack etc.
Netflow (IPFIX is standardized IETF protocol) provides information about traffic flows:
- Source IP
- Destination IP
- Source Port
- Destination port
- Protocol
- Amount of sent data in session
- Amount of received data in session
- Source interface
- Destination interface
- CoS/DCSP field
etc

PRTG can be analyze netflow information.
sunhuxAuthor Commented:
is Netflow something we need to purchase or it's free for Cisco customers?
Do we need to configure something on the various Cisco switches/routers to enable Netflow to capture the data?
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

JustInCaseCommented:
Netflow is already present on devices just need to be configured (at least middle to high end devices). Netflow increases CPU utilization, so monitor device parameters.
Configuration commands may differ from device to device, but pattern is generally the same. Need to be configured:
- Flow Record
- Flow Exporter
- Flow Monitor
- And need to be associate with interface

Configuration  example:
Solarwinds - How-To Configure NetFlow v5 & v9 on Cisco Routers

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
excellent, let me review this with colleagues & if there's no further
doubts, will close this in two days' time
sunhuxAuthor Commented:
Can the free version of Solarwinds extract & email us the reports of the
Netflow traffic (Top talkers, top Source/Destinations) on daily basis
or can help suggest other free tools that could do this (PRTG)
JustInCaseCommented:
I am not sure which tool(s) that could satisfy your requirements.
One note - PRTG is not free, it is free up to 100 sensors.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.