What is a Secure Web Gateway?
A Secure Web Gateway (SWG) is primarily used to prevent and monitor traffic and data from entering, or even leaving, an organization’s network. Typically, it is implemented to secure an organization against advanced threats originating from the Internet via Internet access, websites, and other Web 2.0 products and services. Historically, it has been implemented as an appliance configured at the edge of a network, but enterprise cloud adoption and cloud security are changing this model. Some key security solution capabilities of SWGs include URL filtering and virus/malware code detection. Unlike traditional firewalls, SWGs are focused on web traffic inspection, both inbound and outbound.
According to Gartner’s definition, secure web gateway solutions provide:
- Visibility into web traffic
- URL filtering
- Malicious code detection and blocking
- Application controls for cloud applications that filter out objectionable software/malware in outbound Internet traffic generated by end-user devices
- User authentication and monitoring
- The capability that will enforce corporate policy and regulatory compliance
One of the many challenges deploying legacy SWG functionality is that it is often set up as a stand-alone environment without coordinating enterprise IT organization workflows across other security infrastructure. This often increases complexity over time as enterprises can have multiple security point products that make their security operations much more difficult to maintain consistently.
Recently, a new approach for security infrastructure has reached prominence. This new approach is described by research firm Gartner as a secure access service edge (SASE; pronounced “sassy”), combining networking and network security services into a single, cloud-native solution. SASE gives enterprises the ability to implement multiple security service modes as cloud services, including SWG, domain name system (DNS) security, advanced threat prevention, cloud access security brokers (CASB), firewall as a service (FWaaS), domain name system (DNS) security, cloud access security brokers (CASB), data loss prevention (DLP) and firewall as a service (FWaaS). This way, companies can control web access and web application use cases, provide users with secure connectivity, and protect all their traffic, users, and applications from malicious websites and content—all from one cloud-based platform.
A SASE solution that provides SWG capabilities can offer protection as a cloud service through a unified platform offered by service providers for complete visibility and precise control over web access while enforcing security policies that protect users from malicious websites.
Enterprises continue to implement cloud-based SWGs to provide advanced threat protection for remote offices connected directly to the Internet instead of backhauling traffic over expensive Multiprotocol Label Switching (MPLS) circuits to data centers that provide perimeter security.
A cloud-based SWG model offers better flexibility, easier management, and performance advantages by adopting 1) a pure cloud-based SWG solution or by 2) leveraging a hybrid of on-premises hardware or virtual appliances with a cloud-based SWG. If deployed widely and closer to mobile or remote office end-user locations through optimal ISP peering, cloud-based SWGs can offer substantially lower latency and better performance.
Key additional features of cloud-based SWGs could include:
- Endpoint agent for traffic/proxy control
- Network tunneling/virtual private network (VPN) support
- Web content caching
- Browser and device control
- Bandwidth management/quality of service (QoS)
- Malware sandboxing
- Malware command and control blocking
- Integration with CASBs
- Integration with SD-WANs
- Integration with third-party threat intelligence
Cloud-based SWG services continue to trend in adoption as organizations learn how to leverage them. IT planners are focusing on incorporating SaaS SWG offerings, as they minimize the use of the legacy SWG appliances.
ThousandEyes cloud and Internet intelligence addresses many of the challenges associated with companies looking to implement cloud-based SWGs to identify cyberthreats and enhance web security in real-time. Network operations need detailed and accurate network path visibility, along with routing and application layer data, to ensure cloud-based SWGs are effective. For more information on how ThousandEyes can help companies whose business is to transition from legacy SWG appliances to cloud-based SWG services, visit www.thousandeyes.com.