Access to and use of protocols such as the Domain Name System (DNS), Internet Control Message Protocol (ICMP), Network Time Protocol (NTP), and Simple Network Time Protocol (SNTP) are necessary to proper network operation. Such traffic was traditionally considered ‘safe’ from malicious internet activity, and was therefore allowed to flow freely in and out of secure networks. Recently, however, bad actors have employed these protocols to tunnel information through secure network firewalls. Preventing malicious data exfiltration thus requires monitoring traffic in these protocols, and in outgoing traffic in particular.