By Andrew Garcia  |  Posted 2006-02-06 Print this article Print

Mi5s enterprise Spygate appliances have a bit of an identity crisis: They are designed to handle enterprise-grade traffic, but they also feature overly simple management tools, designed for small-business administrators who would likely get overwhelmed by too many choices.

eWEEK Labs tested 005, the middle model in Mi5s five-product Enterprise Spygate line. Designed to accommodate up to 100M bps of throughput and 1,000 concurrent users, the 005 is priced at $5,995 for the appliance plus $2,995 for a one-year signature subscription.

The 005 can be easily deployed via a switch monitor port, which gave us insight into the networks spyware conditions without having to reconfigure the network. However, unlike FaceTimes RTG 500, Mi5s 005 cannot block Web activity in this configuration. For blocking, we deployed the 005 in-line, transparently bridging between the firewall and LAN. Unlike McAfees SWG 3300, all Mi5 appliances include Ethernet port pass-through, which allows the devices to pass traffic to the Internet even if the appliances crash or die.

In download tests, the 005 performed the worst among the three products reviewed, missing several rogue anti-spyware applications and even giving a pass to a site infecting others with a Windows Metafile exploit.

The 005 did catch FTP-borne threats, although in an unusual fashion. Due to some irregularities with the FTP implementation in Microsofts Internet Explorer, the 005 cannot terminate the FTP download outright. Instead, the device replaces the infected download with garbage bits. The infection is thwarted and the central log is notified, but the user is not aware that anything occurred and is left wondering why the downloaded file doesnt work right.

We have a laundry list of management-related concerns with the Enterprise Spygate appliances: We could not configure additional HTTP ports to monitor; we could not initially use wild cards when creating customized blacklist rules; we could not create policies that enforce different rules for different computers or IP ranges; and we had to manually stop and start the anti-spyware module to implement any filter changes, which required some annoying switching between in-line management and out-of-band management.

Mi5 officials readily acknowledged the shortcomings of their infant product line and said they are implementing upgrades at a furious pace. During our time with the product, in fact, we saw four firmware upgrades emerge, including one that addressed the URL wild-card problem.

Next page: Evaluation Shortlist: Related Products.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel