In the electronic information age, people may share, access, and disseminate high volumes of information. The ease of disseminating information electronically is empowering. At the same time, the workforce has become increasingly mobile, and the ubiquity of high-speed Internet access, smart mobile devices, and portable storage means that “the office” may be anywhere. As a consequence, it has become more difficult than ever for organizations to prevent the loss of sensitive data. Organizations are therefore increasingly looking to Data Loss Prevention (“DLP”) solutions to protect their sensitive data.
A typical endpoint DLP system may monitor, analyze, and filter content transferred through a variety of network protocols (such as FTP, HTTP, SMTP, and various instant messaging protocols). Many of these protocols may transfer a file in multiple packets. Unfortunately, traditional DLP systems may need to access the entire file to properly analyze the file (e.g., certain file formats may not be readable without the entire file intact). Thus, traditional DLP systems may have to stop all packets containing portions of a file before determining whether to block the file. For large files, such a process may greatly delay the file transfer and may waste computing resources. Some traditional DLP systems may rely on contextual analysis (e.g., the file sender, the destination of the file, the file format, etc.) instead of fully analyzing the content of the file, which may result in less accurate filtering decisions.