Hey there,
Are you talking about a Network Monitor implementation? If so the following may be useful:
Network Monitor uses a TAP or a SPAN to permiscuously gather traffic for content inspection. Depending on the traffic volume, (low traffic volume = Windows, High volume = Linux) you would select your appropriate operating system and capture type (Ethernet, Endace). This cannot degrade the performance of your of your network, since it's just a copy of everything in transport on the eagress of the network anyway.
Another consideration that you may entertain is Network Prevent (for Web). This would work in conjunction with an ICAP enabled proxy such as Bluecoat or Ironport to inspect traffic that's in route to the internet. If your proxy can handle the load, then the appropriately matched DLP server can as well.
~Ryan