[rando444]

For some clients we use tools that alert if large amounts of data are transferred outside the network in a single flow.

So even if it's someone with valid access, it would be investigated immediately.

[jftuga]

Which tools do you use? I have been looking for something that does this.

[kylel]

In the Marriot hack post-mortem, they shared that one of the tools they used (which successfully identified the attack) was IBM Guardium.

> Accenture told Marriott's IT staff that one of their security products, a database monitoring system called IBM Guardium, had detected an anomaly on the Starwood guest reservation database

https://www.zdnet.com/article/marriott-ceo-shares-post-morte...

[pnutjam]

I'm guessing snort or one on the similar products.