cahunt It looks like your organization is improving on visibility and can give you guys better picture of what's going on.
Interestingly enough that NetFlow was not originally created with security in mind, but over the years, vendors promoted it as a information security tool. What can be better when you have a full view of packets/flows in the network? NetFlow tools always have canned top-talkers report. With that tools can build baseline and from that can alert any abnormality.
The security folks always prefer Full NetFlow. However, when the advancement of 40G/100G bandwidth in the data center switches, there is a trend to move to Sampled NetFlow. I was told it's due to the ASIC limit for 40G/100G traffic.
