MI5 Networks is adding botnet protection to its secure Web gateway appliance, making it possible to detect and block the malicious activity of corporate machines commandeered as launch pads for spam and distributed denial-of-service attacks.
Webgate 3.0 software includes MI5's homegrown antibot software and gives customers the option to buy URL filtering, antivirus and antispyware as well.
Webgate appliances can also deploy agents to infected machines that automatically clean them of spyware.
These devices fall into the category of secure Web gateways and compete against gear made by Blue Coat Systems, Secure Computing, IronPort and WebSense, among others, says Peter Firstbrook, an analyst with Gartner.
The gateways perform URL filtering, neutralize malware and control peer-to-peer applications, Firstbrook says, and he credits MI5 as delivering a high speed, high capacity hardware platform compared to competitors.
The devices can be deployed inline to block malicious traffic or out of band from a switch monitoring port where they can block traffic via TCP resets.
The antibotnet technology combines signature matching with behavioral activity to identify machines that seem to have been taken over for use in botnets. This may include known botnet command and control signaling, extensive port scanning and attempts to generate floods of traffic to single IP addresses.
The new software release supports options to buy URL, virus and spyware filtering software and update services. MI5 teams up with IBM for URL filtering, with Sophos for antivirus and with Sunbelt Software for antispyware software.
MI5 sells its Webgate appliances in five different models based on throughput ranging from 25M to 1Gbps. The smallest device costs US$2,500 and a year's worth of antispyware and antibotware costs US$1,000. Antivirus also costs US$1,000 and URL filtering costs US$2,000.