Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.
The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.