Corporate Endpoint FTP and SMTP Data Exfiltration Detection

Identifies outbound connections to FTP (21, 990) and SMTP (25, 465, 587) ports from endpoints to external public IPs, indicative of possible data exfiltration using unauthorized file transfer or email protocols outside security policy