Is there such thing as an Antivirus appliance that would sit at the top of your network and identify/block threats? I'm just thinking that it would be nice, if all the traffic is being scanned by the antivirus software on individual computers anyway, to just have an appliance instead of rolling out software and virus definitions to every computer on the network.
SnapOverflow
Many different firewall appliances provide antivirus protection at the perimeter of your network. However, perimeter protection vs. endpoint protection is not an "either/or" question.
Two examples might help to illustrate the point:
A perimeter firewall cannot protect a workstation from an infected USB device or CD-ROM, nor can it protect against infection from another computer on your internal network.
The vast majority of antivirus firewalls in today's real-world installations either cannot or do not decrypt SSL traffic (e.g. for lack of a trusted wildcard certificate) and therefore cannot protect against malware delivered via HTTPS.
Decent enterprise-grade antivirus software provides simplified tools to deploy, manage, and monitor your network's antivirus protection. Definitions can be downloaded once to a server and propagated throughout your network. I normally recommend ESET NOD32 antivirus, but any top-tier enterprise antivirus product should provide decent tools for centralized monitoring and administration. I would encourage you to do your own research about feature sets and performance.
Be aware that some enterprise antivirus software performs extremely poorly in terms of detection/removal rates. Additionally, some of the most popular antivirus products may result in unacceptable system performance, particularly on older workstations and busy servers, even if you enable exclusions for legitimate applications and services. Try before you buy.
There are hardware/appliance devices from the likes of Barracuda or Watchguard, or for example you could repurpose an old box (preferably a server) and run something like Untangle (with Kaspersky addon) or pfSense with HAVP package.
However, I would only ever think of such devices as an extra layer of security against virii. Even if you had a totally perfect product filtering for any (un)known virus at your network perimeter, that doesn't help if one of your internal client machines gets infected and tries to infect the rest of your machines.
Bottom line, every machine needs to be adaquately protected.
Look around on Juniper's and Barracuda's products. They have plenty of products for this