Data Exfiltration and Data Loss Prevention (DLP) is one of key topic of our discussion today. One of the ways to detect APT Groups and advanced ransomwares at early stage is by analyzing the outbound traffics. Most of the advanced treats will try to establish a C2 connection.
Profile 'outbound' traffic data:
Some outliers can be:
Dashboards are the good starting point.With the flow data you can develop a 'Top Level Domain(TLD) Dashboard' and look for following traffic patterns:
#Comment if you have additional tips.