▲ | perching_aix 14 hours ago | |||||||
Network traffic monitoring is routinely done at enterprises. It's usually part-automated using the typical approaches (rules and AI), and part-manual (via a dedicated SOC team). There are actual compromises caught this way too, it's not (entirely) just for show. A high-profile example would be Kaspersky catching a sophisticated data exfiltration campaign at their own headquarters: https://www.youtube.com/watch?v=1f6YyH62jFE So it is definitely possible, just maybe not how you imagine it being done. | ||||||||
▲ | lxgr 10 hours ago | parent [-] | |||||||
I do believe that it sometimes works, but it's effectively like missile defense: Immensely more expensive for the defender than for the attacker. If the attacker has little to lose (e.g. because they're anonymous, doing this massively against many unsuspecting users etc.), the chance of them eventually succeeding is almost certain. | ||||||||
|