Secure Web Gateway: What it is & Where it’s Going
Moving the Cloud: The SASE Puzzle Part 4
How is a Secure Web Gateway Defined Today?
A Secure Web Gateway (SWG) protects users and organizations from malicious activity when browsing the internet. The goal of a SWG is to inspect web traffic at the application level, while not compromising the user’s overall web experience. No matter the location of the employee on the network, the gateway’s role is to:
- Filter URL/content, anti-virus, and malware detection.
- Decrypt SSL traffic.
- Enforce web application controls.
As user traffic now sources from work from home (WFH) or remote users, many of these SWG offerings must accommodate for a combination of corporate users and remote users; meaning, there is now the need to have SWG capabilities beyond just the local edge of the corporate headquarters, and a hybrid approach is necessary to protect all employees.
Gartner defines that, at minimum, SWG includes URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications, such as instant messaging (IM).
A SWG may also have the functionality to provide anti-virus (AV) scanning or Data Loss Prevention (DLP) capabilities from external sources, or in rare cases, with on-device policies. Web Isolation is another feature that may be offered; however, it is not considered a standard SWG function due to off-box integration or software license activation to use. Finally, the ability to offload a copy of the decrypted traffic could be included in SWG capabilities, but all these are traditionally add-on capabilities to the product and not part of the initial feature set.
How does a Secure Web Gateway Work?
A SWG can be installed either as a software component, cloud-hostable virtual component, or as a hardware device. Attached to the edge of the network or at the user endpoint, it filters and monitors all traffic for malicious activity through web application use and attempted URL connections. Any activity that is not approved can be blocked or restricted. Blocked sites are usually stored in the SWG database, or when possible, sourced from intelligence feeds that are either company sourced or third-party provided.
Additionally, information flowing out of the network can be monitored. The SWG can perform logging on all your web traffic, combined with decryption of SSL web traffic for full visibility and user authentication. Overall, this gives you the ability to always know who is going where, proactively monitor the network and tweak policies as needed, and investigate prior events in case of attacks or vulnerabilities.
What Configuration is Applicable to your Organization?
What are the Benefits?
With a SWG, organizations can enforce company policies that prevent end users from visiting malicious sites, while also restricting the use of the internet to business-critical functions. Having these policies in place prevents malware infections and detect infected devices. Also, a SWG protects remote workers since security policies are always aligned, even when employees are not located in corporate headquarters.
SWG execution is flexible since it can be deployed inline, virtually inline (WCCP, PBR), or out-of-path (explicit proxy). Certain deployments will allow for ease of future growth, while some will be more limited. An inline deployment is an example of this, as there will be downtime necessary if the physical device requires maintenance or is not operating as expected.
It can also be used in a reverse scenario – to protect externally facing corporate web accessible resources to customers – but our focus today is focused on protecting users while accessing corporate assets that meet their day-to-day needs.
What Questions Should be Considered before Deploying a SWG?