The widespread use of interconnected computers has greatly enhanced the free flow of information worldwide. The commonly used TCP/IP standard has become particularly widespread, and is utilized by computers operated by academia, industry, government and consumers to share information.
In certain instances, however, the owners and/or users of these computer systems do not wish to have certain information stored on these computers shared with the outside world, and/or they do not wish for the users of these computers to access certain types of information available on other computers also connected to the network. This presents a problem. If a computer is disconnected from a network that allows the user to share information with other computers, it is more difficult for the user of that information to communicate information with the outside world. However, it is also more difficult to access acceptable information that is available by were that computer connected to the network.
Typically, a user's need to have access to the outside world is sufficient that the user's computer remains connected to the network, even though this presents a risk that an undesirable transfer of digital data may take place between that user's computer and the outside world. As a result of this risk, there is a need for methods by which computers that are connected to a network may be monitored, to detect undesirable transfers of digital data either to or from those computers.
One problem associated with the need to monitor these computer systems is associated with the large amounts of digital data that may flow through these systems. For example, and not meant to be limiting, an organization might have hundreds of different computers all connected to the internet, all of which are operated by users who are constantly uploading and downloading digital files from computers outside of the organization. Since any system set up to monitor large data flows is inherently limited by considerations including, but not limited to processor speed, memory, and memory access, there exists a need for better systems and methods that can monitor large data flows with limited system resources.