Low latency leaders
The McAfee Web Gateway exhibited the lowest latency -- 28 ms -- when we downloaded executable files through these anti-malware gateways. The Facetime Unified Security Gateway gave us 34 ms latency, the Websense Web Security Gateway V10000's latency was 36 ms and the Trend Micro Interscan Web Security Virtual Appliance and Interscan Messaging Security Virtual Appliance achieved 48 ms latency. The Symantec Web Gateway and Mail Security devices trailed the other gateways with a latency of 62 ms.
Moving into the cloud
We looked at the extent to which these products access a central vendor Internet site with malware queries (or plan to in the future)? Symantec's Mail Security appliance uses both a local (onboard) malware database and queries to a "cloud" database maintained at Symantec. Its Web Gateway uses a local malware database. Trend Micro's approach is a hybrid of local (onboard) scanning and, for executables not found in the local database, queries to a "cloud" database at Trend Micro's central site. McAfee proactively uses "spider" programs that traverse the Web to examine Web pages' active (such as executable) content for bad behavior, and McAfee additionally relies on TrustedSource's Web reputation technologies to distribute malware database updates to its customers. Websense uses a multi-phased approach that consists of a local (onboard) database and, if a downloaded executable program isn't in the local database, a Real Time Security Scanning engine that goes beyond signatures to statistically profile executables for malicious intent. Facetime's appliance contains a malware database updated by both Facetime and Sophos, from which Facetime licenses its database. Facetime indicated that it is migrating toward a hybrid approach combining queries of a local malware database and a "cloud" database.
These vendors update their products' local (onboard) malware databases hourly or, when a significant threat surfaces, on demand.
Coincidentally, the McAfee, Facetime and Websense appliances we tested were all Dell PowerEdge 1950 computers (Dell EMU01s). The Symantec Mail Security 8300 device was also a Dell PowerEdge 1950, while the Symantec Web Gateway 8450 was a Dell R200 computer. All were 1-U rack-mountable.
For parity's sake, we installed Trend Micro's software (Interscan Web Security Virtual Appliance, Interscan Messaging Security Virtual Appliance and Advanced Reporting and Management) also on Dell PowerEdge 1950s.
For performance-measuring purposes, then, all the products except for the Symantec Web Gateway 8450 ran on essentially the same hardware.
Ease of use
McAfee's Web Gateway (formerly Secure Computing's Webwasher) sports an easy-to-use, intuitive browser-based interface that's especially responsive. Reports are quick and informative, and the Web Gateway dashboard is completely customizable.The McAfee Web Gateway installation was the slickest. A USB memory stick containing a configuration program accompanies the device. Insert the memory stick in a Windows machine, run the program, save your configuration, move the memory stick to the Web Gateway before boot time and -- voila! -- the Web Gateway uses the IP address and other configuration data you've specified.
Websense's Web Security Gateway V10000 has a browser-based interface that provides administrators with fingertip control over how more than 130 protocols (such as IM and P2P) affect applications on the network. It comes with more than 55 useful reports, and the user interface displays a thoughtfully-designed dashboard.