During a review of incident response protocols, you are evaluating methods for collecting indicators of compromise (IoCs) that could signal a data exfiltration attempt on a heterogeneous network containing a mix of legacy and modern systems. The goal is to ensure minimal performance impact while maintaining comprehensive surveillance. Which collection method would provide the best balance between low system overhead and effective capture of potential IoCs?
Implementing a centralized logging solution with log correlation
Enabling full packet capture on all network traffic
Configuring endpoint detection and response (EDR) on all systems
Deploying network-based anomaly detection systems on all network segments