ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
1-2 Introduction
v1.1, March 2009
About Stream Scanning
Stream scanning is based on the simple observation that network traffic travels in streams. The
STM150 scan engine starts receiving and analyzing traffic as the stream enters the network. As
soon as a number of bytes are available, scanning commences. The scan engine continues to scan
more bytes as they become available, while at the same time another thread starts outputting the
bytes that have been scanned.
This multi threaded approach, in which the receiving, scanning, and outputting processes occur
concurrently, ensures that network performance remains unimpeded. The result is that the time to
scan a file is up to five times faster than traditional antivirus solutions – a performance advantage
that is easily noticeable to the end user.
Stream scanning also enables organizations to withstand massive spikes in traffic, as in the event
of a malware outbreak.
Key Features and Capabilities
The STM150 is a true appliance that provides comprehensive protection against malware and uses
real-time scanning technology to stop spyware, viruses, and other types of malware at the gateway,
without stopping the Internet. This section highlights the STM150’s primary features as a Web and
Email security solution:
• Real-time Protection – The patent-pending stream scanning technology enables scanning of
previously undefended real-time protocols, such as HTTP. Network activities susceptible to
latency (for example, Web browsing) are no longer brought to a standstill.
• Comprehensive Protection – Provides both Web and email security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The STM uses enterprise-
class scan engines employing both signature-based and heuristic detection to stop both known
and unknown threats. Malware database contains millions of signatures of spyware, viruses,
and other malware.
• Automatic Signature Updates – Malware signatures are automatically updated on an hourly
basis. Critical new signatures are typically deployed hours before they are available from other
security vendors.
• True Appliance – Deploys in-line in a matter of minutes, anywhere in the network. Runs
automatically and unobtrusively. Simply set and forget.