Well, the simple approach is to connect a Data Diode to the outgoing ethernet cable and then run a traffic analyzer of your own on the data stream. Never connect the analysis system bidirectionally to the interwebs.
That should give you a quite good idea of what is transmitted out of your network.
Or just don't connect your sensitive systems to the outside via a bidirectional link.
A little bit of logical thinking can make a lot of actual security.