I should have included a diagram on the SANS blog to illustrate the concepts a bit better. I’ll work on one shortly. The main point behind the blog is that it takes time recognize an ongoing hack. The example I cited is actually quite optimistic. Many operators might not make the connections that a well […]