The theft of business secrets is often carried out unnoticed by planting malware in a company's computer network. Attacks of this type sometimes make use of self-developed malware individually adjusted to the specific use, which is not detected by commercially available antivirus products or not until very late. As potential victims of a digital espionage attack, it is possible for companies to prepare themselves, but the exact circumstances such as place, time and configuration are generally unknown. To detect and repel attacks of this type, an attacked company may sometimes face the challenge of linking a large volume of heterogeneous protocol data from different security and operating systems to form a meaningful and informative picture.