Data Exfiltration

bob.bartlett · ‎06-20-2012

How can i detect low and slow data exfiltration with the Cisco IPS?

chris.cumbaa · ‎06-26-2012

This is a valid question. Let's get some discussion going here.

Bob, you wouldn't happen to be talking about 3.H.1. would you?

bob.bartlett · ‎06-26-2012

Yes I am talking about 3.H.1 also looking at 3.H.1.B I was going to create a custom Signatures that looks for ZIP and RAR files for the compressed files.