One of the best methods for detecting hard-to-find hackers, such as those using APTs, is through network traffic flow analysis. Lancopes StealthWatch is a tool that detects abnormalities and generates alerts. StealthWatch gathers all computers into two or three logical containers: Inside Hosts, Outside Hosts and Command & Control servers. Each logical group is assigned a Concern Index — basically, a criticality ranking — to the criticality of the system. The tool is available as a virtual or physical appliance and works by collecting network flow statistics.”]
Source: https://www.csoonline.com/article/2848768/detect-network-anomalies-with-stealthwatch.html