Mi5 Puts Bulls-Eye on Botnets

Mi5 Networks upgrades its Webgate appliance to detect botnet traffic inside the corporate firewall.

Mi5 Networks has beefed up its Webgate appliance with technology designed to help organizations detect botnet activity inside their networks and combat malware in Web traffic.

Webgate 3.0 provides new anti-botnet capabilities inside the network firewall, offering total visibility of internal network activity as well as inbound and outbound traffic. Mi5 uses signature matching and heuristics to identify computers that may be compromised by bot herders—the attackers who control botnets.

Sitting on the edge of the network and focusing on whats happening inside the firewall is key to detecting and thwarting botnets, said Doug Camplejohn, CEO of Mi5, based in Sunnyvale, Calif.

"To date, most of the botnet stuff has been people who are looking out in the cloud, who are looking outside the firewall and trying to see where the communications are going," he said.

Built on Mi5s Streaming Engine, the Webgate appliance inspects and filters bi-directional Web traffic and internal network communications on all ports and protocols.

It also features automated remediation and includes URL filtering and anti-virus and anti-spyware protection—an upgrade from 2.0, which offered only anti-spyware protection and cleanup.

The new offering by Mi5 enters a crowded field of players in network security. In a report released earlier in June, Gartner analyst Peter Firstbrook and other researchers said many vendors are struggling to find the right mix of products for enterprises eager to protect their Web-surfing PCs and enforce corporate policies. The report called the tools "secure Web gateway" devices, and cautioned that "buyers will need to make strategic purchases and sacrifice current functionality for road maps or tactical solutions that solve current problems."

/zimages/6/28571.gifClick here to read about how security investigators are playing a cat-and-mouse game with botnet herders.

Still, Firstbrook said he was impressed with Webgate 3.0s anti-botnet capabilities, as well as its ability to remotely detect and remediate other threats. Users should not wait for the application control technology on the market to become more mature before investing in a secure Web gateway device like Webgate, he said.

"[Application control] is necessary, especially for Web 2.0 type applications, but no, I dont think users should wait," he said. "All malware regardless of how you get it has a Web component, so this is the common denominator for detection. Yet only 15 percent of companies do any malware scanning in the Web gateway."

Mi5 Networks is selling five different models of Webgate to meet the needs of different sizes of networks. Pricing for the appliance starts at $3,495.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.