Mi5s enterprise Spygate appliances have a bit of an identity crisis: They are designed to handle enterprise-grade traffic, but they also feature overly simple management tools, designed for small-business administrators who would likely get overwhelmed by too many choices.
Click here to read the full review of Mi5s Enterprise Spygate 005.
2
Mi5s enterprise Spygate appliances have a bit of an identity crisis: They are designed to handle enterprise-grade traffic, but they also feature overly simple management tools, designed for small-business administrators who would likely get overwhelmed by too many choices.
eWEEK Labs tested 005, the middle model in Mi5s five-product Enterprise Spygate line. Designed to accommodate up to 100M bps of throughput and 1,000 concurrent users, the 005 is priced at $5,995 for the appliance plus $2,995 for a one-year signature subscription.
The 005 can be easily deployed via a switch monitor port, which gave us insight into the networks spyware conditions without having to reconfigure the network. However, unlike FaceTimes RTG 500, Mi5s 005 cannot block Web activity in this configuration. For blocking, we deployed the 005 in-line, transparently bridging between the firewall and LAN. Unlike McAfees SWG 3300, all Mi5 appliances include Ethernet port pass-through, which allows the devices to pass traffic to the Internet even if the appliances crash or die.
In download tests, the 005 performed the worst among the three products reviewed, missing several rogue anti-spyware applications and even giving a pass to a site infecting others with a Windows Metafile exploit.
The 005 did catch FTP-borne threats, although in an unusual fashion. Due to some irregularities with the FTP implementation in Microsofts Internet Explorer, the 005 cannot terminate the FTP download outright. Instead, the device replaces the infected download with garbage bits. The infection is thwarted and the central log is notified, but the user is not aware that anything occurred and is left wondering why the downloaded file doesnt work right.
We have a laundry list of management-related concerns with the Enterprise Spygate appliances: We could not configure additional HTTP ports to monitor; we could not initially use wild cards when creating customized blacklist rules; we could not create policies that enforce different rules for different computers or IP ranges; and we had to manually stop and start the anti-spyware module to implement any filter changes, which required some annoying switching between in-line management and out-of-band management.
Mi5 officials readily acknowledged the shortcomings of their infant product line and said they are implementing upgrades at a furious pace. During our time with the product, in fact, we saw four firmware upgrades emerge, including one that addressed the URL wild-card problem.
Next page: Evaluation Shortlist: Related Products.
Page 3
Evaluation Shortlist
Blue Coat Systems ProxySG Leverages Blue Coats caching technology plus third-party Web filtering solutions for spyware defense (www.bluecoat.com)
FaceTimes Real-Time Guardian 500 A solid anti-spyware solution, although lacking in fine-grained management capabilities; look for integrated gateway and desktop functionality and management soon (www. facetime.com)
McAfees Secure Web Gateway 3300 Excellent spyware and virus detection at the gateway but at a relatively high cost (www.mcafee.com)
Mi5s Enterprise Spygate 005 Purpose-built for spyware defense, Enterprise Spygate 005 is designed for small businesses but shows promise down the road for larger companies (www.mi5networks.com)
SurfControls Web Filter Born from Web filtering technology, SurfControl offers signature-based detection as well (www.surfcontrol.com)
Trend Micros InterScan Web Security Suite Offers both gateway- and desktop-oriented solutions for anti-spyware and anti-virus (www.trendmicro.com)
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.