There s more legitimate traffic between corporate networks and the Internet than ever before. This opens up new vectors for attack by hackers and cybercriminals as more traffic types are allowed through firewalls. The result is an increase in diversity of covert command and control channels, which hide inside legitimate traffic in order to bypass perimeter security. Using event correlation, it is now possible to look for patterns of activity that could indicate a threat. Using this technique, we can now detect some very complex behavior.
Source: https://threatpost.com/uncovering-covert-command-and-control-channels-110510/74643/