Mi5 Networks' Webgate Fills Security Holes
This Web security appliance can protect your network within an hour after unpacking the box.
Ease of Use
1: Virtually inoperable or nonexistent
5: Average, performs adequately
The value of the Internet to the enterprise is tempered by the dangers that
are inherent in it. Among those dangers are viruses, spyware and other malware,
and the temptations of some of the more dubious attractions of the Web for those
inside the enterprise. The dangers have traditionally been fought with software
-- anti-virus software, anti-spyware and site blockers among them, running on
both servers and individual clients.
That approach poses a number of problems, including outdated definitions, sporadic
support for mobile users and the need to install software on every client in
An alternative approach is a hardware solution, in most cases an appliance
that provides the same type of protection across the network that's available
from software installed on individual clients. A hardware approach has the advantages
of a single installation and software updates at a single point on the network.
Mi5 Networks' Webgate is one such hardware solution. It provides protection
from URL filtering, Web malware such as anti-spyware, anti-virus and anti-botnet
protection, and file leakage.
The Webgate -- I tested the 005 model -- set up and configured easily. Mi5
provides technical support in the form of a call or visit by a support engineer
to steer you through the process, and it helped primarily in understanding the
many features and how to configure them. As for the hardware setup, it's simply
a matter of taking the appliance out of the box, plugging it in and turning
The Webgate is a 1U rack-mountable box that runs a commercial implementation
of Linux. It has four network connections, one each for a WAN connection, LAN
connection, Management connection and Monitor connection. There is also a nine-pin
serial interface that enables you to connect directly to a PC and establish
a Telnet connection. The Telnet connection provides a command-line interface
to the basic management functions of the Webgate, letting you do some basic
configuration prior to connecting it to your network. Your need to drop down
to the command line should be minimal beyond initial setup, however, as all
of the features can be configured using the Web interface.
Setup and Configuration
With phone assistance from an Mi5 service engineer, I set up the Webgate on
my network, sitting between my router and network switch in order to monitor
all incoming and outgoing traffic. The first step was to download the most recent
updates for the OS and feature apps. Because software development is ongoing,
it's likely that updates exist beyond those that are installed on the shipping
hardware. In my case, the updates totaled over 300MB and took about 40 minutes
to download and install.
The Web user interface for the Webgate is functional and feature-rich. You
can select computers or computer groups on the network to protect, and set policies
for the entire network or for groups. Those policies can include blacklists
and blocked URLs, viruses, specific file types and file sizes, and several other
characteristics. One unique feature is called file-leak detection. This capability
allows network administrators to view and control nearly 300 different file
formats in over a dozen different categories, effectively restricting the ability
of network users to upload or download audio and video files, databases with
proprietary information, or work files that may contain intellectual property.
I started with the Monitor function, which observed but didn't block any traffic.
Once I had the device configured appropriately for my network and a couple of
policies set, I switched the mode to Blocking, swapped a cable and started testing
the features. The first step in the process was to hit a specific Web page on
the Mi5 Networks Web site that confirmed that the appliance was blocking correctly.
Once I confirmed it was working appropriately, I used a CD with various types
of malware on a PC that I set up outside of the network and hit from inside.
I also looked at accessing and downloading files from sites that I put on the
The Webgate uses a virus protection module provided by Sophos Plc., a third-party
anti-virus software provider. While I didn't exhaustively test it, it kept my
network clean during several days of operation.
For spyware detection, the Webgate combines Sunbelt Software's anti-spyware
technology with Mi5-developed signatures and heuristics. One of the optional
features was the Mi5 Enterprise SpyWash, which is an ActiveX agent that can
be automatically dispatched from Webgate appliances to infected PCs for automatic
spyware removal. Mi5 employs its own botnet detection and blocking algorithms
in the Webgate to identify and halt an initial botnet infection, and also track
the spread of botnet infections in the network.
Mi5 claims that the Webgate is a zero-latency appliance. While the activities
it performs do require some latency, I pinged a number of external computers
and noted no significant difference in round-trip times for the pings.
Reporting is a clear strength of the Webgate. It provides a graphical Executive
Summary, as well as individual reports on infected clients, potential attacks,
infection sources and Web destinations, just to name a few. You can also use
the data collected by the appliance to create your own custom reports. All reports
can be saved, exported or scheduled for e-mail delivery. With this kind of reporting
capability, an enterprise should be able to determine exactly what its security
status is at any given time, and be able to issue warnings on emerging malware
and inappropriate URLs.
As I previously mentioned, I tested the Webgate 005 model. The other models
are the 001, 003, 007 and 009. They differ essentially in their throughput and
number of clients supported, with the 009 supporting over 10,000 users with
a throughput of 1Gbps.
I usually prefer working with software rather than hardware, but the Webgate
was easy to set up and configure. If I were responsible for dozens or hundreds
of PCs on a LAN, I'd greatly prefer working with one network device, instead
of the headaches of dealing with multiple PCs and end users. The Webgate fits
the bill for a single device that provides Web security with a single point