First, the current crop of anti-malware gateway products are migrating from the classic approach of referencing a local (customer premises) database of malware signatures and instead using a "just-in-time" approach of querying a central (vendor site) malware database in order to deal with brand new malware instances.
Also, vendors strongly recommend inserting a gateway device inline, between the Internet and the local network, rather than connecting it to a span/tap port.
The need for greater security is behind both these trends. Vendors told us even frequent updates of a local customer-site database of malware signatures, URLs and IP addresses can't always keep up with the rapid spread of new malware instances. (In the future, companies may need to plan for a little extra speed in their Internet links in order to accommodate what will likely be a growing number of cloud-based queries of vendor malware databases.)
Next, deep and thorough inspection of network traffic has become the only effective way to keep malware off the network. An approach that simply monitors for malware and reports the results to administrators, who then manually clean up the mess, is cumbersome and nearly unworkable.
Similarly, an approach that uses zero-latency "TCP RESET" commands to cancel malware traffic leaves open a small window of risk (see related story).
Today, malware takes many different forms -- malicious Web sites, hijacked advertising banners on otherwise innocent-looking but insidious sites, phishing attempts, spyware, spam, viruses, Trojans, botnets, rootkits, Instant Messaging (both public IM and that offered by Microsoft Office Communications Server and IBM Lotus Sametime) malware, peer-to-peer (P2P) file sharing malware, Skype malware, social networking malware, hijacked Facebook applications, gaming malware and Web 2.0 application malware.
The list is long, and these Internet-borne threats cannot be ignored.
Web attacks are now one of the most dangerous and sophisticated vectors used by cyber criminals. Attacks can come from malicious Web pages, redirects, hijacked legitimate sites, phishing e-mails and social networks.
For example, you may think you're safe because your users visit only "good" Web sites. Unfortunately, because cyber criminals quite often hijack advertising banners, even this reason for avoiding putting an effective security barrier between you and the Internet is no longer valid.
If you don't protect yourself now, you could find that criminals have sucked corporate and personal information quickly and silently out of your computers. Moreover, the advent of extremely sophisticated rootkits has made spyware a stubborn, intractable problem. Removing the latest spyware threats "by hand" is, to say the least, problematic.
The quest for perfection
The ideal anti-malware gateway identifies and thwarts virtually all malware. It performs with alacrity (such as low latency), thus giving users a responsive Internet experience -- as if the device weren't even present.