The scanning engine looks at traffic in real time as it enters the network as opposed to a cache-based scanning engine. We did not test for performance characteristics, but this feature should allow the appliance to quickly react to threats. The anti-malware scanning engine is licensed from Kaspersky Lab. Zero-day threat protection is accomplished through an advanced heuristic analysis and an "in the cloud" infrastructure to identify zero-hour threats. The "in the cloud" feature uses hundreds of millions of relevant URLs divided into 64 categories. There is a tool for managing unwanted web use allowing users to block specific application types. Certificate management is also available for trusted and nontrusted certificates. Users can configure web and email access policies for individual users and groups based on the tool's local database on a group IP address, on a lightweight directory access protocol (LDAP) domain, group, or user, or on a RADIUS VLAN.
The user interface is through a web browser. The default screen is a clean dashboard providing a graphical summary of threats. Reporting is complete and comes with numerous canned reports. Logging, alerting and event notification features are also quite good.
Email and phone support is included 24/7 for the first year. This is an easy-to-use solution covering a wide spectrum of malware protection.