We briefly tested the malware scanning and URL filtering. As with all URL filtering products, we had a very high success rate, but were able to slip through a few URLs in violation of policy. A selection of 10 recent viruses transmitted into our test lab network were all caught by the malware scanner.
A new feature in the IronPort S-Series is application visibility and control. This lets the network manager monitor and block various Web-based applications directly, separately from the URL filtering part of the product. The version we tested is more of a proof-of-concept than a fully-baked application visibility tool, with only eight categories, including "Blogging," "Facebook," "IM," "LinkedIn," "Media," "P2P/File Sharing," "Conferencing," and "Social Networking."
These are a bit of a mish-mash of different applications, many of which could be caught by simple URL filtering. However, the idea behind application visibility appears to go beyond the simple block/allow/warn of URL filtering, and get more specific in the controls.
For example, Facebook is broken down into 15 subcategories, such as "Facebook Applications: Games" and "Facebook Applications: Education," which would allow you to differentiate different types of Facebook usage, blocking those you don't allow. In our testing, the S-Series was able to differentiate different types of Facebook usage and blocked access accordingly. In fact, Facebook is one of the most sophisticated sets of controls. For example, you can block all Facebook Events, or you could just block posting of events but allow "Like" of events. In LinkedIn's controls, you can block the employment section separately from the messaging section, or you can block job searches separately from job postings.