what's inline AV scan & its advantages : pls suggest a couple of products

http://www.experts-exchange.com/Security/Q_22086234.html
"Also agree with AVG but you should use a layered approach we put all the servers behind a firewall with
AV and IDS and 2 inline AV network boxes (Pandagate and network virus wall) ... "

Q1:
What's inline Antivirus scan mentioned above?  So it does not sit inside the endpoint
but just filtering the traffic for malware?

Q2:
In what way it's different & better (or worse) that AV solutions that sit inside the server
(in our case, it's VMs in a virtual cluster).  Inline scan is less disruptive to applications?
Chews no resource in the endpoints?

Q3:
Kindly suggest a few products that offer this inline scanning
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrej PirmanCommented:
Well, "inline scanning" is quite a wide term, and in case of AV solutions it might appear in variety of paths:
- Firewall might have "inline" scanner built into hardware, which scans TCP/IP streams without disrupting end-user or draining his resources. One fine product of this kind is Sophos UTM, which we also use.
- installed AV products might also use "inline" scanning for streams like web and mail content. They sit between your browser or mail client and scan traffic on-the-fly, without actually scanning e-mail file itself. Most modern AV use this technique.
- on SERVERS "inline" scanning would sit on data streams upon file transfers from server to client. But this would decrease network performance. I do not know at the moment, which product is best at this field.
sunhuxAuthor Commented:
> - installed AV products might also use "inline" scanning for streams like web and mail content
By "installed", does it reside inside the PC or server OS?

> on SERVERS "inline"
is the above sitting inside the servers' OS as well?

In Cloud/virtual environment, an agentless AV would sit inside the hypervisor/ESXi
layer, is this considered inline?


Our Checkpoint vendor told me their blade product which acts as firewall plus IPS
could also do AV scanning : so is this inline AV scanning?
sunhuxAuthor Commented:
If "inline" AV scan is in place, is file-level AV scanning still needed (ie does
"inline" scan renders traditional file level AV scan obsolete?)

I think in layered security, it's still good to have file-level AV scan on top
of inline scan unless performance of the servers/endpoint is so badly
affected, then only get exemption from file-level scan?
btanExec ConsultantCommented:
Rather than playing with the term "inline", I rather see t as layered defense measures at Perimeter egress/ingress, network, endpoibt/device OS, and application. Largely focusing specifically on web, file, removable ext media and email that are highly exploited threat carrier to malware.

For hypervisor or virtualisation space, it applies as well where by host hypervisor enforce the scan to all guest managed system and apps including those of container based. They normally termed them as hypervisor Dom0 virtual appliance conducting introspection to each guest.

For the actual non virtualised environment, it applies physical at those tier and scan at those specific carrier. I doubt there is a all in one provider (including UTM) for all. Hence candidate provider on solution for anti malware can varied for best fit to lead reliably those area.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.