It's quite easy to build your own [out of open-source components] that
easily outperforms any appliance on the market. (Which isn't saying
much: none of them are very good, and all of them are way overpriced.
The bar is thus set quite low.) It will not have all the superfluous
bells and whistles that marketing departments are so fond of hyping,
but it will work, it will be cheap, it will be scalable, and it will be
far more secure.
Is there any aspect of this screed that you can support with data, preferably data published this decade? Of course, I understand that "overpriced" and "superfluous bells and whistles" and "far more secure" are fairly subjective criteria, but numbers such as efficacy and specificity are easy to compare. I'd also be interested in hearing about any cases where someone compromised a production Barracuda, Ironport, or similar appliance--or does your definition of "far more secure" include other substantive components that matter more?
I've discussed this at some length on mailop and am in the process of
reducing it to near-cookbook form. If you're interested, contact me
offlist and I'll outline it for you.
I'd be interested in seeing you put your money where your mouth is regarding catch rate and false positive rate. Contact me off-list with a place where I can FTP a VM of one of your appliances.