Threat Engines are a Necessity

In today's web world, with 1 in 10 websites being infected according to Google, it's easy to see why a "threat engine" is a critical part of the Proxy architecture in any network. While the proxy was originally placed in the network to help save bandwidth and speed up access to the internet, it's edge location in the network, also makes it the ideal place to detect malicious intent coming from websites on the Internet.

We've talked about scanning for malicious content in previous postings, but what about the actual "threat engine" behind the scanner? How good a "threat engine" do you need to detect the malware that's out there, and do you need more than one threat engine? Those are all good questions, and ones worth researching when deploying a threat scanner on your proxy.

It's also nice to have a choice among threat engines in your proxy. Different vendors, such as McAfee, Symantec, Kaspersky, Sophos, Panda, etc. each have their own strengths and weaknesses, not to mention price points. Make sure your proxy lets you select the threat engine you use to scan for malware. The threat engine is separate from the URL filtering we've talked about in the past, but should be able to work in conjunction with your URL filter to offer you a full level of protection. The URL category databases allows blocking of categorized sites, while the threat engine helps prevent any new uncategorized sites from infecting your organization.