Mi5 Networks Detects Botnets Behind the Firewall
(12/07/2007)

According to Gartner,, the Internet and Internet applications will be the primary sources of malware infections in the enterprise in 2008 and beyond. However, most organizations do not effectively filter malware from Web traffic. Detecting and preventing malware infections will increasingly require a network gateway at the Internet edge.

Mi5 Networks has announced the Webgate line of high-speed appliances that neutralize malware in web traffic, control web use, and detect/shutdown botnet activity inside an organization's network. Webgate eliminates downtime, PC clean-up costs, and data theft associated with web-borne attack code that bypasses traditional security mechanisms.

Built on Mi5's proprietary S2 Streaming Engine, Webgate inspects and filters bidirectional web traffic as well as internal network communications on all ports and protocols without imposing user discernible slowdowns associated with proxy-based products.

One Web Gateway – Multiple Security Services

To control web use and provide comprehensive security against web threats including malicious URLs, spyware, viruses, and crimeware, Webgate intercepts and filters inbound as well as outbound web data streams on all ports and for all protocols in real-time. This capability enables organizations to centrally define and enforce acceptable use and web security policies at the Internet Gateway.

For best in class URL filtering, anti-virus and anti-spyware protection, Webgate combines Mi5 developed network behavior heuristics with signature-based malware detection data from best of breed providers including IBM, Sophos, and Sunbelt. In addition, Webgate can prevent users from uploading and downloading nearly 300 different file formats in over a dozen categories.

Botnet Detection inside the Firewall

To protect organizations against undetected botnets on their networks, Webgate maintains a unique 360 degree view of traffic by inspecting all web streams in and out of the organization as well as internal network activity. Combining this global perspective with proprietary Mi5 algorithms, Webgate automatically identifies Bots, detects Botnet traffic, and can disinfect hijacked machines based on policy settings. With Webgate, organizations can prevent confidential data from being extracted in phone home messages to Botnet command and control servers, and track Bots attempting to locate and infect additional systems on the network.

"Web traffic is the new backdoor that enables malicious software to sneak undetected into an organization's network and silently install Bots, which are rapidly becoming the leading threat to corporate security," said Doug Camplejohn, founder and CEO of Mi5 Networks. "With Webgate we've developed a high performance platform that provides from a central point in the network full web security gateway functions plus unique botnet protection at the price of single function URL filtering products"

Network-based Disinfection and Reporting

For automated remediation of malware infections, Webgate identifies compromised PCs by name, and provides a severity indicator. Webgate can dispatch without human intervention a dynamic cleanup agent, called SpyWash, to infected hosts. This ActiveX program disinfects a user's computer without IT involvement, downtime, or requiring a PC restart. Webgate also provides comprehensive policies and a drill-down reporting engine that maintains granular company, department and employee data on internal botnet activity, remote attacks, spyware phone homes, malware detections, infected clients, as well as URL and file upload/download inspections.

Pricing and Availability

Webgate is available immediately from Mi5 Networks and its business partners worldwide. Five different models are available to meet the needs of any size network. Webgate pricing starts at $3,495.