In case you missed it, Part 1 is here.
Let’s say a hacker has managed to establish a presence on your network through some means – email, malicious Website, direct compromise or unknowingly by a user or system administrator. If your host and network intrusion detection system, anti-malware or logging system doesn’t alert someone that something is amiss, you’re in big trouble. If the hacker is able to communicate out of your network without being detected, the situation has gone from bad to worse. But if this is the case, how will you ever know that a hacker is on your network?