@eingfoan if you have a more mature cyber security environment the use of SEIM tools to detect specific protocols or executables associated with any un-authorized applications would be appropriate. In the case of blocking at the firewall, you could implement specific rules to prevent some of these applications from connecting to outside sources. Adopting a zero trust application execution environment permitting only allow listed programs can reduce the threat of future communication channels. Lastly, don't forget to think backwards. As we start to block and defend against new forms of encrypted communication also think about the old forms such as IRC and older blog platforms which can be used for command and control of compromised systems.
