Their specific concerns included:​

​

• ICMP Scans: Identifying unauthorized network reconnaissance attempts.

• TCP Port Scans: Detecting attackers probing for open vulnerabilities.

• Lateral Movement: Tracking unauthorized traversal between endpoints.

• Large File Transfers: Monitoring unusual data uploads, downloads, or deletions.Command and Control (C2)

• Beaconing: Detecting malicious external communications.

• Real time identification in the ABBI (After Breach Before Impact) phase of the attack

• Decrease the MTTI (Mean TIME to IDENTIFY) time from 271 days to days, weeks

• Internal Threats