dlp-china

Explanation

The dlp-china NDM is designed to detect potential data loss to China. This NDM looks for large traffic transfers headed towards an IP identified as being in China.

What to Look For

When analyzing the results of the dlp-china NDM event, you should look for outbound network traffic to IP addresses located within China. Also, look for possible data exfiltration using webmail or file transfer services.

Remediation actions may include blocking identified IP addresses, encrypting sensitive data, and implementing strong access controls to limit the ability of unauthorized entities to access sensitive data. It is recommended that the security team conduct a comprehensive review of their current security policies to protect against potential data loss to China.