Hagerman & Company, Inc. Technology Bulletin
Advanced
Web Protection:
World Class Web filtering available now.
by John Boline
Service Manager,
MCSE, CNE, USE
A couple of years ago, I wrote about a hardware appliance
that I felt would revolutionize the elimination of SPAM
email. For Hagerman & Company, the
Barracuda
Spam Firewall did just that. In the two years since it has
been in place, the device has successfully filtered more
than 90 percent of SPAM from reaching our mailboxes, virus /
malware / worm infected email has been stopped in its tracks
and all with very low (less than .5% false positives at the
onset and even less today with the smart learning technology
of the device). So even though SPAM is a problem, our
biggest problem today was web traffic. There are just too
many sites that have infection from viruses’ and worms,
errant code, bots and redirection that puts the machines in
our enterprise at risk of infection and the company at
liability. The task I set out on was to find a way to do for
our web traffic what the Barracuda had done for SPAM
control. But where to look? I checked my technical
publications looking for a suggestion or a trend. The
Gartner group was saying that “The Internet and Internet
applications have become the primary source of malware
infections in the enterprise... yet less than 15 percent of
organizations have secured their internet gateway from these
threats.” Even though I knew it was happening, seeing it in
print was surprise, but knowing we were not alone in having
the problem provided little comfort.
What Are The Choices?
The challenge I had was a big one: Implement a solution that
would allow us to control access to infected sites,
effectively blocking them and to operate from a central
location. There are many products that can do site filtering
at some level from the desktop, but administration is
complex when dealing with hundreds of machines across a
nationwide enterprise and these solutions are really not
designed for the enterprise environment. Service based
solutions are available too from big name companies, but in
many cases, the desktop and service solutions add a client
that put an additional load on already burdened individual
systems. No, what I needed was a hardware appliance
solution, a product that I could put inline in my
infrastructure that would act as a gate, swinging open to
allowing safe, business related traffic and swinging closed
to block the threats. Does such a product even exist?
Webgate from Mi5 Networks
It turns out that the Webgate from Mi5 was exactly what I
was looking for, and more! And it had a perfect name for
what it does, acting as a gate to allow and restrict web
traffic.
Mi5 Networks recognized that simple URL filtering solutions
like we were using and like so many home computer solutions
used did provide some protection for users but they simply
do not do enough. Those solutions can’t inspect files and
traffic across all ports & protocols without noticeably
slowing down the user’s browsing experience.Mi5’s
award-winning Webgate allows enterprises to defend their web
perimeter using URL Filtering, web anti-malware detection,
application control and more on a single, high performance
platform. I was like a kid in a candy shop! This all seemed
too good to be true! The marketing literature showed that
the Mi5 Webgate was built on a real-time inspection engine
that scans traffic on-the-fly, without the slowdown
associated with proxy-based architectures. In addition to
this real-time engine, the Webgate adds multi-layer defenses
including QuickScan™, DeepScan™ and MultiScan™ technologies
–in order to block inappropriate or malicious websites,
active content, applications (IM, P2P, etc.),file downloads,
“phone home” traffic, and attacks. They had my attention! I
had to get my hands on one of these for a trial in my
enterprise and see if it was true. The implications for
increased productivity and PC reliability notwithstanding, I
was intrigued with what I had found out about this device.
What are the specifics?
The Webgate from Mi5 Networks brings a lot to the table. Mi5
Webgate offered some industry firsts and capabilities I saw
in no other product offering. These include:
 |
Highest Throughput: up to 1Gbps of traffic on a single appliance |
|
Lowest Latency: < 2 m/sec per packet latency inline (zero in port span/tap) |
|
Widest Coverage: scans all ports and protocols |
|
Deepest Protection: blocks inappropriate and malicious websites, active |
|
Most Useful Reporting: identifies what has been blocked, who is
infected, and |
|
Automatic Spyware Removal: pinpoint spyware removal dispatched |
|
Most Flexible Deployment Options: monitor or block inline or from |
|
Most Flexible Licensing Options: pay for only the modules you need |
The only thing left for us was to really put the device
through its paces in an all-out trial, and that is just what
we did!
Trial Results
All too often, when you do a trial of hardware / software
offerings, there are things that are scaled back on that
evaluation hardware / software during the trial period.
Not
so with the Webgate. It was configured with all the options.
After less that 24 hours in monitor only mode, we put the
device into inline “blocking” mode. The performance was
amazing. We could not see or perceive a difference in speed
while on the web. We then did some speed benchmarks and
discovered something weird; the speed of access to the
Internet was actually FASTER than it was without the Webgate.
Then we found something interesting. What we discovered was
that even with all of our defenses, the Webgate had
determined we had some systems that were infected with
Malware, some of which was trying to ‘phone home’. The
Webgate blocked that traffic and then performed remediation
of the infections on those machines. I could suddenly see
time to clean infected systems being freed up. But was it
too good to be true? No, and the awards the Webgate has one
speak volumes for this world class product!
Mi5 Webgate – Just as represented
It really was that good. We put it through its paces, to see
if we could get around it and the filtering by going through
proxy sites. Nope, it blocked them. IP addresses
instead
of text. Blocked them too. In fact, the Webgate blocked
access, right out of the box not only to known sites
infected with Malware, pre-scanned file downloads for
infections and blocked access to sites about weapons,
illegal drugs, pornography and more, straight out of the
box. Two weeks into the trial, we bought the device. We are
seeing more machines up and not having the pesky problems
caused by malware and are also enjoying an increase of
almost 20 percent in recovered Internet access bandwidth.
The Webgate from Mi5 Networks truly does for web traffic
what the Barracuda did for SPAM.
How
can I get more information on this subject?
Where can you get more information about this subject?
I would suggest you take a look at their web site
(
http://www.mi5networks.com). Check out the
documentation on the Mi5 Networks site, located at the
following URL (http://www.mi5networks.com/products/literature.htm).
Look at the case studies. Contact us! If you have questions
or comments about this article, contact me.
All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents © 2006 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden