An adversary may exfiltrate data in fixed size chunks instead of whole files or limit packet sizes below certain thresholds. This approach may be used to avoid triggering network data transfer threshold alerts.
Detection Strategy for Data Transfer Size Limits and Chunked Exfiltration
Network Intrusion Prevention: Use intrusion detection signatures to block traffic at network boundaries.