ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
1-4 Introduction
v1.0, September 2009
Stream Scanning for Content Filtering
Stream Scanning is based on the simple observation that network traffic travels in streams. The
STM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon
as a number of bytes are available, scanning starts. The scan engine continues to scan more bytes
as they become available, while at the same time another thread starts to deliver the bytes that have
been scanned.
This multithreaded approach, in which the receiving, scanning, and delivering processes occur
concurrently, ensures that network performance remains unimpeded. The result is file scanning is
up to five times faster than with traditional anti-virus solutions—a performance advantage that you
will notice.
Stream Scanning also enables organizations to withstand massive spikes in traffic, as in the event
of a malware outbreak. The scan engine has the following capabilities:
• Real-time protection. The patent-pending Stream Scanning technology enables scanning of
previously undefended real-time protocols, such as HTTP. Network activities susceptible to
latency (for example, Web browsing) are no longer brought to a standstill.
• Comprehensive protection. Provides both Web and e-mail security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The STM uses enterprise-
class scan engines employing both signature-based and Distributed Spam Analysis to stop
both known and unknown threats. The malware database contains hundreds of thousands of
signatures of spyware, viruses, and other malware.
• Objectionable traffic protection. The STM prevents objectionable content from reaching
your computers. You can control access to the Internet content by screening for Web
categories, Web addresses, and Web services. You can log and report attempts to access
objectionable Internet sites.
• Automatic signature updates. Malware signatures are updated as frequently as every hour,
and the STM can check automatically for new signatures as frequently as every 15 minutes.
Autosensing Ethernet Connections with Auto Uplink
With its internal 10/100/1000 ports, the STM can connect to either a 10 Mbps standard Ethernet
network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The
interfaces are autosensing and capable of full-duplex or half-duplex operation.
The STM incorporates Auto Uplink
TM
technology. Each Ethernet port automatically senses
whether the Ethernet cable plugged into the port should have a “normal” connection such as to a
PC or an “uplink” connection such as to a switch or hub. That port then configures itself to the
correct configuration. This feature eliminates the need to think about crossover cables, as Auto
Uplink accommodates either type of cable to make the right connection.