NetFlow (Cisco) and sFlow (vendor-neutral) are protocols that enable network devices to send traffic statistics to a central collector. You receive details such as source and destination IPs, ports, protocol types, and data volumes per connection. This data is valuable for anomaly detection, capacity planning, and forensic investigations. Unlike packet captures (PCAP), flow protocols collect only metadata, which significantly reduces data volume and storage requirements. For your ISMS, NetFlow/sFlow provides the data foundation to detect unusual communication patterns such as data exfiltration or command-and-control traffic.