Exclusive: Trend Micro packs a one-two security punch
IWSA 2500 keeps viruses and malware away from your systems
I liked the control IWSA provides for handling large files and compressed files. As I saw during my UTM firewall review, scanning large files can be a real problem for a gateway device. IWSA allows IT to set an upper limit to the size of files to be scanned -- 2GB (passed unscanned if larger) -- and to choose the method of the scan: scan before delivering, deferred, or scan after delivering.
No Denying It
To help prevent denial of service attacks on the gateway appliance, administrators can set limits on how compressed files are scanned. Some DoS attacks will use compressed files with many layers of compression to sap the gateway’s resources, effectively taking it off-line. IT, however, can set IWSA to block compressed files if the number of levels or the overall file size exceeds predefined limits.
IWSA’s spyware settings aren’t nearly as comprehensive as the virus rules, being limited to selecting only the types of threats to scan for and the course of action to follow on detection. Scan choices include dialers, hacking tools, joke programs, password cracking applications, adware, spyware, and remote access tools.
Don’t Go There
One of the more useful features in IWSA is its URL-filtering option. Although not the most popular feature among users, URL blocking can dramatically reduce the enterprise’s exposure to viruses and spyware by simply keeping users off of nonbusiness-critical Web sites. The category list is extensive and allows for work time/leisure time policies, and IT can exclude specific sites as well as create custom definitions.
During my tests, I found that many of the Web sites I use to test against anti-virus and anti-spyware packages were inaccessible because of the category they fell under in IWSA’s URL filtering. Admins can place any of IWSA’s many Web categories into different buckets, such as nonwork-related and after hours, to control which URLs are off limits.
IWSA’s reporting engine provides a wealth of information for auditing virus and spyware activity. Admins can see detailed information about the type of malicious code detected, which users were affected, the time of day, and many other factors. I liked that I could create a report at will and also schedule various reports to run automatically and have them e-mailed to me when complete. Raw log files are also available.
Trend Micro’s InterScan Web Security Appliance 2500 is a solid performer for protecting users from Internet-borne viruses and malware, but that security comes at a high cost. IWSA’s price tag will put it out of the reach of most small to midsize businesses, but large enterprises can really benefit from the protection and performance available in the appliance. I found the user interface to be easy to navigate and policy creation was straightforward. Although not as flexible as I might like, reporting is well-done and easy to use, and the URL filtering was first-rate.