Egress controls and other network boundaries are doing the work there, not MITM. If I can connect to a remote server, I can encrypt my payload before sending it, too. This is a really hard battle to win - you need to store tons of data, have robust analysis systems, rooms full of analysts, etc. before you’re going to be able to tell that, say, the random looking cookie sent to an ad server-like hostname is actually encrypted data, that my Zoom video stream wasn’t company data, or that the “ad” was a control message.
That last is one of the reasons why I think enterprise ad blocking is an important security measure, and a likely outcome for sensitive jobs will be separating sessions - e.g. if you have general purpose browsing happening on a separate computer, some kind of remote session, etc. you will have a much easier time being able to restrict the network connectivity of the system with more sensitive data.
That last is one of the reasons why I think enterprise ad blocking is an important security measure, and a likely outcome for sensitive jobs will be separating sessions - e.g. if you have general purpose browsing happening on a separate computer, some kind of remote session, etc. you will have a much easier time being able to restrict the network connectivity of the system with more sensitive data.