The key for the perspective that LEM is responsible for handling logs and NTA is responsible for handling flow is that they get integrated, and a security use case layer gets applied on the NTA side.
I can tell you the NTA and DPI product management folks ARE aware of the security value of that data (thresholds/alerting from flow/DPI data, being able to go back into flow/DPI data during an investigation, a security dashboard, etc) . Many of these use cases can be furthered if/when LEM data gets more of a presence in Orion.
Since NTA is purpose-built for flow data we didn't really want to re-invent the wheel, but like I said, for that to work in the long term, the dots have to get connected.
What kind of use cases do you see yourself using flow data for? I guess I seeded that with thresholds/alerting, being able to go back during an investigation, and a security dashboard... maybe the next step is correlating those flow alerts with log data, which would be the ultimate endgame.