An employee opens a malicious attachment that exploits an unpatched vulnerability. The Meterpreter payload launches and connects to TCP port 443 of an attacker-controlled IP address. The organization's firewall permits outbound connections to any IP address on TCP port 443. Which security device could still prevent the attacker from taking control of the system?