Trend Micro InterScan Web Security Appliance 2500

For some time, Trend Micro has sold a gateway-based antimalware product in the form of software that is installed on a server. The InterScan Web Security Appliance (IWSA) 2500 is the hardware embodiment of that software product, enhanced to handle network traffic more quickly as it detects incoming malware. In our tests, the 1U IWSA 2500 parried 68 out of 70 instances.

The device added a 16 msec to 25 msec latency for nonexecutable files, and it took 150 msec to 190 msec to investigate executable file packets for malware. Trend Micro updates malware definitions at least daily, and will distribute them multiple times per day during outbreaks. The update frequency is configurable by the user, and can be done every 30 minutes (default), hourly, daily, weekly or on demand.

The appliance identifies malware via signatures and a proprietary heuristics algorithm. It uses SNMP to integrate with network-management systems, and for each spyware event records date, time, spyware ID, spyware source, category, type of scan that detected the spyware, file name and destination (client) IP address.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For some time, Trend Micro has sold a gateway-based antimalware product in the form of software that is installed on a server. The InterScan Web Security Appliance (IWSA) 2500 is the hardware embodiment of that software product, enhanced to handle network traffic more quickly as it detects incoming malware. In our tests, the 1U IWSA 2500 parried 68 out of 70 instances.

The device added a 16 msec to 25 msec latency for nonexecutable files, and it took 150 msec to 190 msec to investigate executable file packets for malware. Trend Micro updates malware definitions at least daily, and will distribute them multiple times per day during outbreaks. The update frequency is configurable by the user, and can be done every 30 minutes (default), hourly, daily, weekly or on demand.

The appliance identifies malware via signatures and a proprietary heuristics algorithm. It uses SNMP to integrate with network-management systems, and for each spyware event records date, time, spyware ID, spyware source, category, type of scan that detected the spyware, file name and destination (client) IP address.

The optional Damage Cleanup Services component, which installs on a Windows server, can automatically clean an infected desktop after the IWSA 2500 notes the presence of malware.

< Previous: ThreatWall | Next: WebWasher >

Read more about security in Network World's Security section.