Real-time network monitoring and security

What is claimed is: 1. An apparatus for analyzing data streams comprising data packets formed according to a predetermined data transfer protocol, the apparatus comprising: a network transceiver which receives one or more data streams being conveyed over a network; a bit sequence storage memory array which stores one or more predetermined bit sequences to be recognized in a received data stream; a hardware search engine logic coupled to the network transceiver and with access to the bit sequence storage memory array, configured to perform a bit-wise comparison of a bit sequence stored in the bit sequence storage memory array with data in the one or more received data stream; a delay buffer, coupled to the network transceiver, having a plurality of outputs for outputting the one or more received data streams with different respective lengths of delay; and a software application coupled to the delay buffer and configured to receive data packets in the one or more received data streams from one or more of said plurality of outputs, wherein the software application is triggered, in the event that the hardware search engine logic recognizes a stored bit sequence in one or more data packets of a given received data stream, to perform further processing on data packets of the given data stream being output from the delay buffer with a first level of delay, to at least identify the given data stream, and wherein the software application is further triggered, in dependence upon a result of said further processing, to perform one or more further stages of processing on data packets of the given data stream being output from the delay buffer at one or more of said plurality of outputs, the further processed data packets including one or more packets belonging to a same data stream which was identified. 2. The apparatus as in claim 1 , wherein the software application is provided with access to the bit sequence memory array to store one or more different bit sequences, generated as a result of said further processing or said one or more further stages of processing, for use by the hardware search engine logic. 3. The apparatus as in claim 1 , wherein at least one of the one or more predetermined bit sequences comprises two sub-patterns, each sub-pattern being stored as a separate bit sequence entry in the bit sequence storage memory array; and wherein the hardware search engine logic is configured to compare the two sub-patterns with bit sequences contained in each data packet of the one or more received data streams and to identify each data packet that contains a bit sequence that matches one of the two sub-patterns. 4. The apparatus as in claim 1 , wherein the software application performs a protocol based search in which data packets in the one or more received data streams are identified by virtue of a recognized bit sequence occurring in at least one data field within each data packet. 5. The apparatus as in claim 4 , wherein the at least one data field is a header field, the header field comprising data relating to one or more of the group including: address information; to/from port number information; and data packet type identifier information. 6. The apparatus as in claim 1 , wherein the bit sequence storage memory array comprises a plurality of bit offset entries corresponding to one or more predetermined bit sequences. 7. The apparatus as in claim 6 , further comprising at least one other hardware search engine logic, wherein each of the at least one other hardware search engine logic is configured to operate upon another bit sequence having a different predetermined offset relative to the bit sequence operated upon by the hardware search engine logic. 8. The apparatus as in claim 7 , wherein each of the at least one other hardware search engine logic is provided with access to an identical copy of contents of the bit sequence storage memory array. 9. The apparatus as in claim 1 , wherein the predetermined data transfer protocol is the internet protocol (IP) and wherein the hardware search engine logic and the bit sequence storage memory array are implemented by means of one or more IP coprocessors. 10. A method for analyzing data streams comprising data packets formed according to a predetermined data transfer protocol, the method comprising: (a) receiving one or more data streams being conveyed over a network; (b) performing, by a hardware search engine logic coupled to the network, a bit-wise comparison of a predetermined bit sequence with data in the received one or more data streams to thereby identify a target data stream; (c) passing the one or more received data streams through a delay buffer having a plurality of outputs to thereby impart a plurality of different delays to data packets in the one or more received data streams; (d) upon identifying a target data stream at operation (b), triggering a software application to perform further processing on data packets of the target data stream being output from the delay buffer with a first level of delay, to at least identify a given data stream; and (e) in dependence upon a result of said further processing carried out at operation (d), triggering one or more further stages of processing by the software application on data packets of the target data stream when output from the delay buffer at one or more of said plurality of outputs, the further processed data packets including one or more packets belonging to a same data stream which was identified. 11. The method of claim 10 , wherein at the operation (e) the one or more further stages of processing are carried out on the same data packets of the target data stream as those subjected to further processing at the operation (d). 12. The method of claim 10 , further comprising: (f) in dependence upon the results of the further processing at the operation (d) or the one or more further stages of processing at the operation (e), generating a different predetermined bit sequence for use at the operation (b). 13. An apparatus for analyzing data streams comprising data packets formed according to a predetermined data transfer protocol, the apparatus comprising: a network transceiver which receives a data stream being conveyed over the network; a bit sequence storage memory array which stores one or more predetermined bit sequences to be recognized in the received data stream; a hardware search engine logic coupled to the network transceiver and with access to the bit sequence storage memory array, for performing a bit-wise comparison of a bit sequence stored in the bit sequence memory array with data in the received data stream to thereby identify one or more target data packets; a computer, coupled to the hardware search engine logic, configured to execute a software application for performing further analysis on target data packets identified by the hardware search engine logic, and a delay buffer coupled to the network transceiver, having a plurality of outputs for outputting the received data stream with different respective lengths of delay, wherein the computer is configured to receive target data packets from one or more of said plurality of outputs for processing by the software application, and where the software application is triggered to perform further processing on target data packets being output from the delay buffer with a first level of delay, to at least identify a given data stream and, in dependence upon a result of said further processing, to perform one or more further stages of processing on the same or different target data packets being output from the delay buffer at one or more of said plurality of outputs, th