WINNER: Sophos WS1000
So many security devices, so many promises. But Sophos' WS1000 really delivers. From initial setup to testing, this security appliance did not disappoint. When setting up the device for the first time, in a less-than-20-minute time frame, the device ran a configuration test, registered itself with Sophos' network and updated to the latest software downloaded from the vendor's software repository.
The dashboard is resplendent with information on virus updates, Web traffic, bandwidth consumption and traffic patterns. Web traffic is represented in a gauge-type format—kind of like an odometer with a throughput reading that goes from 1 to 1,000 kbps. Latency is also represented this way on a scale from 1 to 1,000 ms. It is a quick and easy way to get an overview of bandwidth details and a nice deviation from standard pie charts and graphs.
Reviewers were impressed with the URL testing capability in which a systems administrator inputs a URL into a field and the WS1000 reports back, giving the category of site it falls under (for example, Gambling or Adult). It also will report the security risk for that site.
Sophos Labs scans every day for high-risk sites and updates its product based on this. Finding the latest threats is what this vendor is all about, and these folks take that very seriously. The WS1000's scanning capability differs from other scanning technologies, such as reputation scanning. Instead, the vendor uses behavioral genotype scanning, which catches unknown and zero-day threats by analyzing content pre-execution and analyzing the behavior of the code—sort of like picking up on the intent of the code rather than what the code does.