Monitoring software is well known for gathering information from a computer network and/or improving the security of a computer network. Specifically, software may be provided that monitors all network communications coming into and going out of a network. A network event may be identified, based on user defined parameters, and a relevant action may be taken in response to the identified event. Typical network events, for example, may include violations of a security policy, or may be related to email use, Internet use, document management, or software use or compliance.
Increasingly, computer networks interconnect numerous devices and span regional, national, or even global areas. Although it may be desirable to keep such a regional or global network secure, there may not be a legal right to do so. Restrictions that could make monitoring improper can come from many sources, including laws, privacy or employment policies, terms-of-service agreements, and other contracts that govern the different physical locations, or jurisdictions, of the network. Violating these restrictions could lead to negative publicity, civil liability, and even criminal sanctions.
A method of determining the origin of a communication, such as a network communication, is described in U.S. Pat. No. 7,155,484. Specifically, the originating IP address of an incoming email is determined and compared to a list of overseas IP addresses. If the originating IP address is an overseas IP address and, therefore, deemed undesirable, specific content of the incoming email is extracted or the email is deleted entirely. Although this method provides a means for determining the origin of specific communications, namely email messages, it does not contemplate determining the origin of all network communications and, thereafter, monitoring only network communications originating from monitored jurisdictions.
The present disclosure is directed to one or more of the problems set forth above.