A method, device, and computer-program product of forwarding data packets in a virtual switch is provided. The virtual switch comprises: first, second and third virtual ports for respectively receiving/transmitting: LAN traffic from/to a physical LAN port; secured traffic from/to a physical secured traffic port; and Internet traffic from/to a physical Internet port. The method comprises: determining, for selected data packets of the outbound traffic, signature information; storing the signature information and information identifying associated packets; outputting the outbound traffic for processing by a virtual machine; receiving at least a portion of the outbound traffic as outbound secured traffic for supply to the secured port; determining whether each data packet of the outbound secure traffic matches the dedicated signature information and responsively controlling the forwarding of the respective data packet as part of the outbound secured traffic to the secured port and/or creating a SUSPICIOUS SOURCE alarm.