Generally described, computing devices utilize a communication network, or a series of communication networks, to exchange data. In a common embodiment, data to be exchanged is divided into a series of packets that can be transmitted between a sending computing device and a recipient computing device. In general, each packet can be considered to include two primary components, namely, control information and payload data. The control information corresponds to information utilized by one or more communication networks to deliver the payload data. For example, control information can include source and destination network addresses, error detection codes, and packet sequencing identification, and the like. Typically, control information is found in packet headers and trailers included within the packet and adjacent to the payload data. Payload data may include the information that is to be exchanged over the communication network.
In practice, in a packet-switched communication network, packets are transmitted among multiple physical networks, or sub-networks. Generally, the physical networks include a number of hardware devices that receive packets from a source network component and forward the packet to a recipient network component. The packet routing hardware devices are typically referred to as routers. With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware rather than actual routers.
A typical packet-switched communication network can implement data loss prevention (DLP) systems or techniques to monitor data transmitted via the network in order to detect and/or prevent unauthorized transmission of data. As the scale and scope of data transmission has increased or in packet-switched communication networks in which at least a portion of the network is implemented in a virtualized environment, the administration and management of DLP systems has become increasingly complicated.