CP Secure CSG Internet Content Security Gateway Anti-Spam Anti Spam Anti-Virus Anti Virus Spyware Content Security Solution UTM AntiVirus Threat IPS Web Security Intrusion Prevention Internet Security Appliance Malware Filter Worm Attack Anti-Spyware HTTP Website

Stream-Based Scanning

Most organizations are aware that some varieties of malicious software enter their networks and computers through web traffic. A user only needs to browse a web page, click on a URL link in an email, or view web email to unwittingly activate HTTP-based spyware and worms. As IDC and InfoWorld have pointed out, the web is the new vector for malware attacks.

But most organizations are not aware of the magnitude of this problem. To see the thousands of malware that come in through web traffic and realize the true extent of this threat, they would need to deploy an extremely high performance gateway anti-malware product that could detect and stop malware on HTTP without generating latency and impeding network performance. They would be alarmed to learn that the majority of the malware CP Secure customers catch is on HTTP. How is this possible?

The Traditional Approach

Today's scanning technology, used in everything from desktop anti-virus software to gateway anti-virus appliances, is batch-based. Many anti-virus vendors built their batch-based scan engines during an era when viruses were transmitted via removable media. They based their algorithms on the assumption that the entity to be scanned could be randomly accessed.

In this batch-based method, scanning commences only after the entire file is received, and outputting starts only after the entire file has been scanned (see figure 1). Therefore, end-users often experience long delays or sometimes even timeouts while the file is transferred and scanned. When applied to the new malware threats in real-time web traffic, the traditional scanning approach introduces unacceptable levels of latency that bring enterprise web activities to a standstill.

CP Secure's Solution

Stream-based scanning is based on the simple observation that network traffic travels in streams. CP Secure's scan engine starts receiving and analyzing traffic as the stream enters the network (see figure 2). As soon as a number of bytes are available, scanning commences. The scan engine continues to scan more bytes as they become available, while at the same time another thread starts outputting the bytes that have been scanned. CP Secure's pipeline approach, in which the receiving, scanning, and outputting processes occur concurrently, ensures that network performance is not impeded. The result is that internet traffic is scanned virtually in real-time – a performance advantage that is easily noticeable to the end-user. Anti-malware scanning of real-time web traffic at the internet gateway is now feasible.

Figure 1 : Traditional Batch-based Scanning

Figure 2 : CP Secure's Stream-based Scanning

The Benefit

CP Secure’s patent-pending stream-based scanning architecture enables, for the first time, the scanning of very high volumes of real-time internet traffic for malware, without bringing enterprise internet activities to a standstill. Organizations can now protect their confidential data and maintain organizational continuity by stopping spyware and viruses at the internet gateway, without stopping the internet.