Thinking specifically about an attack on our network, how could we monitor or what tools are out there for preventing data theft from our network? I'm talking about suddenly a large amount of data leaving our network which may be as a result of a compromise. Is there anything that could identify this?
We do use LANGaurdian here and there which has a quota function I believe but I'm not sure if this is for users. I.e. it alerts when a user exceeds their daily quota, not necessarily when an unknown or external user is shifting vast amount of data from a file server.