So you're saying that I just spent 50K on a SIEM for my enterprise network and you were still able to maintain C2 and exfiltrate data over DNS without detection? The words echoed menacingly in the dim conference room. The client's hardened expression was clearly visible. Before the consultant could respond, the client continued. How is that possible? Our firewall blocks all outgoing DNS and we only permit DNS to our own internal server. The consultant carefully crafted his words as he explained.