No more DIY - Athena NetFlow and Athena Netica, combined with just enough operating system (JeOS) to run optimally in a virtual machine, up and run in minutes.
Statistical Anomaly rules to monitor network traffic and alerts to any sudden increase in traffic; or Behavioural Anomaly rules to detect constant network traffic from a web server, etc.
Numerous DNS requests were being sent from internal servers to DNS servers outside of the country, during off-hours., likely a DNS Exfiltration.
HTTP POST to an image file, to an IP address without associated DNS hostname(s) & checking WHO AM I. These are common behaviours of malware.
Provide immediate visibility & detection for extreme ingress network traffic, ports and protocols, sources and destinations.
Look back in time and understand how exactly the attacker was able to get in, which systems were compromised and how the bad actors progressed inside the network.