It's quite easy to build your own [out of open-source components] that easily outperforms any appliance on the market. (Which isn't saying much: none of them are very good, and all of them are way overpriced. The bar is thus set quite low.) It will not have all the superfluous bells and whistles that marketing departments are so fond of hyping, but it will work, it will be cheap, it will be scalable, and it will be far more secure.
Is there any aspect of this screed that you can support with data, preferably data published this decade? Of course, I understand that "overpriced" and "superfluous bells and whistles" and "far more secure" are fairly subjective criteria, but numbers such as efficacy and specificity are easy to compare. I'd also be interested in hearing about any cases where someone compromised a production Barracuda, Ironport, or similar appliance--or does your definition of "far more secure" include other substantive components that matter more?
I've discussed this at some length on mailop and am in the process of reducing it to near-cookbook form. If you're interested, contact me offlist and I'll outline it for you.
I'd be interested in seeing you put your money where your mouth is regarding catch rate and false positive rate. Contact me off-list with a place where I can FTP a VM of one of your appliances. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms@Opus1.COM http://www.opus1.com/jms