Mi5 Networks came into the Lab on Friday, July 13 to talk about an all-in-one Web security appliance that sits at the gateway to provide URL filtering, anti-spyware, anti-virus and botnet detection. The appliance, a standard Intel-based two-processor system uses Mi5’s software to quickly—according to the company—block bad stuff from coming onto the network. Without being snarky, the Mi5 appliance is what I call a Frankenstein. In this case, the brains of Sophos, IBM’s ISS and Sunbelt have been stitched together with Mi5 processing software and then animated in a commodity, rack mount server. According to Mi5’s way of thinking, Web-based security threats are understood well enough—as expressed in the efficacy of the products designed to defend against these threats—that the tools can now be safely combined onto a single device instead of buying the functionality separately. Further, Mi5 is hoping that IT security managers will look with disfavor on URL blocking tools when it is time to renew these products and choose instead to buy Mi5’s combined product. This might make sense if Mi5 really does meet their claims for speed, with the following additional qualifications from me. I think the product must also prove that it is accurate (low false-positive/negative) and competent (high positive-positive, i.e. that the anti-spyware/anti-virus/botnet detection catch the malware they are supposed to). These key metrics, along with speed must be considered when evaluating a high-performance gateway security device. Mi5 hopes to be seen positively when compared to competitive products from Websense, SurfControl and Barracuda. The reason? Mi5 posits that a caching-based security architecture isn’t the most effective for high performance Web security. This is where the “special sauce” the Mi5 provides comes into play. By sitting on a switch monitoring port, or running inline, Mi5’s appliances sees all ports and protocols looking for and according to the company, blocking malware. The appliances also blocks outbound bad traffic such as botnet “phone home” traffic to command and control servers. These are all big claims. We’ll likely be testing gateway security tools that sit at the gateway. When we do, we’ll be looking for speed, accuracy, competence … as well as the quality of the stitching holding the Frankenstein appliance together.