Mi5 Networks – blog

Vontu,Mi5,McAfee,SiteAdvisor,Scandoo,data leakage,spyware,security

I’ve found a common thread from my work at Vontu and Mi5. Both companies recognize and are tackling different aspects of the biggest risk to companies today – the insider with a supposedly secure PC and legitimate access that nonetheless puts the enterprise at risk through their behavior.

At Vontu, the goal was to, as one VP of Information Security put it, “stop stupid.” Basically tracking and preventing people from sending data to Hotmail accounts, etc. because they were either unaware of the risk, or too lazy to use the appropriate secure channels to send data to themselves or others. And we found (and stopped) a lot of that kind of behavior.

At Mi5, the risk is that people through their normal browsing behavior get infected with crimeware, often times not even realizing there was a drive-by download taking place. Even people in the security field, like myself, have a hard time distinguishing whether or not visiting a site is going to trigger an infection. If you want to see for yourself, install a great free plug-in from McAfee called SiteAdvisor and then type “wallpaper” into Google. Or if you don’t want to download a toolbar, try out a great site from the folks at ScanSafe called Scandoo, and do the same. Just imagine trying to sort out which search result links would get you infected, and which wouldn’t, without these tools. Betcha’ can’t do it.

Botnets,Viruses,Spyware,Adware

The first wave of spyware was mostly about adware, which isn’t as much a security problem as it is a productivity problem, like spam. People were getting deluged by time-wasting pop-ups. Spyware infected PCs were taking MUCH longer to boot and load applications like a browser, and often would become unstable and crash. Corporate help desks were getting slammed and often resorted to re-imaging machines after they had tried multiple different desktop cleanup tools.

So people put desktop protection in place, and that seemed to help for a while. The problem is that the fastest growing segment in spyware isn’t adware, whose effects are visible, it’s crimeware, which is very effective at staying under the radar.

With a virus, you see the effect when systems start crashing. With adware you see the effect when you start seeing pop-ups everywhere and having web pages hijacked. With spam, you see the effect each time you look in your email inbox.

But with crimeware, the risk is what we can’t see. Most people have no idea they’re infected and what data is being sent off of their machine. There is a hidden network within your network that’s carrying out activities that you probably are completely unaware of, whether it’s botnets scanning subnets for PC vulnerabilities and communicating that information out to C&C (command and control) centers, password hijackers or keyloggers capturing information and sending it out, or remote access terminals (RATs) that give someone outside you network complete access to a PC within your firewall.

Entrepreneurship

My co-founder, Ofer, had previously managed the software engineering group at Synoptics (now part of Nortel), and after that was the Founder and CEO of AccessLan (now part of TellLabs). As luck would have it, shortly after we started Mi5, TellLabs decided to close down the AccessLan product line, and Ofer was able to recruit some of the top stars from his former team.

I have to say, Ofer and his team are one of the most impressive teams I’ve worked with. Teddy Roosevelt’s phrase “walk softly, but carry a big stick,” comes to mind, as they are the most ego-less team I’ve worked with, yet ooze talent.

If you’ve got a passion for great products, love seeing customers get excited about your hard work, and want to work at a place where you can have meaningful impact, then please drop us a line.

Entrepreneurship

Product and company naming is one of those things that I find either happens incredibly fast, or takes an excruciatingly long time.   My last – myplay – fell into the former category (it was the first name I thought of and the domain was available).  Mi5 squarely fell into the latter category.

After chewing through all the “defense,” “guard,” “protector” style combinations I could come up with, I was watching a James Bond film one night, and realized that if we were going to be fighting spies, that naming after a counter-spy agency would be fun. Although James Bond officially belongs to Mi6, which is responsible for foreign intelligence, the domestic intelligence agency Mi5 had a better ring to me. We grabbed www.mi5networks.com, and were off to the race.

We’ve had fun with the name as well, naming our conference rooms after agents like James Bond and Austin Powers, and naming the 5 appliances in our product line 001, 003, 005, 007 and 009.

Although Mi5 Networks violates all my personal naming rules (no more than two syllables, all letters, and (for extra credit) able to be used as a verb), it’s still a fun name, and people have responded really well to it.

Spyware,Security,Entrepreneurship

Since I didn’t start blogging at the beginning of Mi5, I thought I’d take a moment to tell you how we got started.

The idea for Mi5 came to me in 2004 when I was the VP of Product Management and Marketing at Vontu. I was spending a lot of time meeting with Chief Security Officers, and would always ask what their top issues were. In the fall of 2004 I probably sat in a dozen meetings in a row where “spyware” was suddenly one of the answers. As I dug deeper, it became clear that CSOs wanted to do defense-in-depth spyware protection (desktop + web gateway) the same way they had for viruses (desktop + email gateway). It was also clear that the era of point products (one gateway per function) was dead, and that any web security platform needed to support a lot of functions without noticeably affecting web browsing performance.

Knowing there was a market opportunity here, I left Vontu to start Mi5, and got connected with my co-founder, Ofer Doitel, through a great VC firm, Accel Partners. As we dug deeper into the problem, we realized that both legacy architecture choices – IPS or Proxy – had limitations. IPS’s are great at processing lots of data low down in the networking stack, but don’t have a concept of a “user” or “application” or any way to communicate to an end user – they just drop packets on the floor. Proxy’s are great at communicating with the end user since all HTTP/Port 80 traffic flows through them, but have performance and latency limitations when you want to process a lot of different protocols and inspection engines on a single platform.

So we took a “best of both worlds” approach, combining the speed of an IPS with the communication capabilities of a proxy, without the limitation of either.

Next, I’ll discuss how we came to name the company.