Computer networks and systems have become indispensable tools for modern business. Modern enterprises use such networks for communications and for storage. The information and data stored on the network of a business enterprise is often a highly valuable asset. Modern enterprises use numerous tools to keep outsiders, intruders, and unauthorized personnel from accessing valuable information stored on the network. These tools include firewalls, intrusion detection systems, and packet sniffer devices.
FIG. 1 illustrates a simple prior art configuration of a local area network (LAN) 100 connected to the Internet 102. Connected to LAN 100 are various components, such as servers 104, clients 106, and switch 108. Numerous other networking components and computing devices may be connected to the LAN 100. The LAN 100 may be implemented using various wireline (e.g., Ethernet) or wireless technologies (e.g., I19 802.11x). LAN 100 could also be connected to other LANs.
In this prior configuration, LAN 100 is connected to the Internet 102 via a router 110. Router 110 may be used to implement a firewall. Firewalls are used to try to provide users of LANS with secure access to the Internet as well as to provide a separation of a public Web server (e.g., one of the servers 104) from an internal network (e.g., LAN 100). Data leaving LAN 100 and going to the Internet 102 passes through router 110. Router 110 simply forwards packets as is from LAN 100 to the Internet 102.
Once an intruder has gained access to sensitive content inside a LAN such as LAN 100, presently there is no network device that can prevent the electronic transmission of the content from the network (e.g., LAN 100) to outside the network. Similarly, there is no network device that can analyze the data leaving the network in order to monitor for policy violations, and/or make it possible to track down information leaks. What is needed is a comprehensive system to capture, store, and analyze data communicated using the enterprise's network.