Comment by sim7c00

you either need whitelisting, which ppl dont want because they need to send tweets and sync gdrive on their corpo laptops ;')...

so i guess that leaves u with modeling normal user behavior to spot anomalies without the actual packet data being an indicator.

then the bots could piggyback on regular coms still, but it'd definitely raise the bar...