Mi5 Networks Pushes to Secure Web Gateways

The company adds application and protocol controls to an upcoming version of its appliance to trend deeper into the secure Web gateway market.

Mi5 Networks is preparing to launch its latest entry into a crowded Web gateway security space, this time with the ability to monitor, control and block more than 100 applications and protocols to secure businesses against Web-based threats.

The move fills a gap in the security vendor's product portfolio as it looks to gain ground in the congested market for secure Web gateway products. Mi5 Networks faces a host of competitors in the space, from Secure Computing to Cisco Systems to IronPort.

In version 4.0 of its Webgate appliance, slated for release in the second quarter, Mi5 Networks is including controls for more than 100 Web applications and protocols, including leading instant messaging, peer-to-peer, VOIP (voice over IP), remote access, streaming media, gaming and file transfer products and tools, company officials said.

The product allows users to control activity by specific application and application category, as well as enforce identity-based policies across an organization by user, IP address and Subnet. Users can also monitor, allow or block applications and downloads using application fingerprinting, a technique similar to the one the company uses to identify PCs hijacked by botnets as they phone home information, said CEO Doug Camplejohn.

"When a malicious payload or unauthorized download is detected by Webgate, the traffic is blocked and the user receives notification via the browser or via a message within the application client that the file download has been blocked," Camplejohn said, explaining the company uses a combination of signature and behavioral detection techniques from Sophos, Sunbelt Software, and its own research.

The appliance checks hourly for signature updates, he said. It also features some new weaponry in the battle against botnets. In addition to inspecting all Web streams entering, leaving and traversing the network, the product includes geolocation technology that integrates with Google Maps to pinpoint the geographic origin of attacks for assessing their severity and to help organizations when reporting attacks to law enforcement.

"Mi5's geolocation database maps IP addresses to geography-city, state [or] country," Camplejohn said. "When activity such as botnet command and control communications, or external attacks are detected [or] blocked by Webgate, our geolocation function automatically identifies the external machines by location. In addition, users can use the Webgate database to search on the location of any IP address."

In the name of usability, Mi5 has added support for Internet Content Adaptation Protocol and URL Filtering Protocol to enable customers to backhaul traffic from Juniper, Checkpoint and other firewalls at remote sites such as branch offices to Webgate appliances at corporate or regional headquarters.

Mi5 is also introducing two dedicated central intelligence units: the CI-10 and CI-100 from which administrators can centrally manage all the Webgate appliances in their organization and create, change and apply security policies.