An important aspect of Data Loss Prevention (DLP) involves monitoring network traffic for presence of sensitive information. Typically, fingerprints of sensitive information that requires protection are created and provided to a DLP monitoring device. The DLP monitoring device uses the fingerprints to detect the presence of sensitive information in various messages sent and received by computing devices of an organization. Sensitive information may be stored in a structured form such as a database, a spreadsheet, etc., and may include, for example, customer, employee, patient or pricing data. In addition, sensitive information may include unstructured data such as design plans, source code, CAD drawings, financial reports, etc.
A DLP monitoring device is usually a passive device that relies on network adapter cards and packet capture software which record network traffic to designated buffers. Because of the large amount of network traffic, the buffers may become full, causing some of the data packets to be lost. Currently, a DLP monitoring device drops data streams including lost data packets and does not scan such incomplete data streams for sensitive information. This, however, leads to severe implications with respect to reliability and integrity of DLP solutions.