For enterprise networks, you can still analyze the pattern of packets to match fingerprints of C2 traffic. There are solutions such as Cisco's Encrypted Traffic Analytics, that do just this: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Camp...