Next-Generation Firewalls, by definition, include integrated threat prevention capabilities, typically anchored by a robust intrusion prevention feature set. Malware prevention builds on this core strength by adding one or more components focused specifically on the eradication of viruses, spyware, and other forms of malware.
- What are the performance implications of scanning large files or numerous files?
- Is malware scanning supported for all protocols and applications? Is it bi-directional?
- What detection mechanisms are employed and how many signatures are supported?
SonicWALL capabilities and strengths.
The SonicWALL RFDPI engine allows both arbitrarily large files (i.e., there is no size limitation) and large numbers of small files to be scanned for all types of malware while still maintaining high performance. Malware scans are bi-directional (enabling threat detection upon “phoning home”), and are applicable for all protocols and applications regardless of port. In addition, SonicWALL supplements its onboard signature language with additional malware detection capabilities using its Intelligent Cloud Malware Detection Engine. Flows susceptible to malware infections are tokenised by the RFDPI engine and these tokens are then compared in real-time – much like a high-speed DNS query – to a cloud database containing millions of malware signatures.
In comparison.
Cisco, Fortinet, Palo Alto Networks, and Juniper all have file count and/or size limitations for malware scanning that either result in significant performance penalties or traffic being allowed to pass without inspection. Malware scanning technologies for Check Point, Cisco, Fortinet, and Palo Alto Networks are limited to a relatively small subset of protocols. In addition, none of the competing solutions include cloud-based augmentation for malware scanning.
Questions purchasers should ask:
- To what extent does the solution rely on proxy-oriented inspection techniques?- What are the performance implications of scanning large files or numerous files?
- Is malware scanning supported for all protocols and applications? Is it bi-directional?
- What detection mechanisms are employed and how many signatures are supported?
or
Back to article
