by With distributed workforces, security must work securely anywhere. A secure web gateway (SWG) delivers granular policies that allow or block access to websites, apps, and files.
SWGs inspect downloaded files to determine whether they are malware or threaten the network. They also scan for sensitive information like credit card numbers, Social Security Numbers, or intellectual property.
Contents
Inspection of Outgoing Traffic
Secure web gateways work as network security proxies, checking internet and cloud application traffic before letting it reach end users. They can filter and log data, detect threats, and enforce policies. While they can be deployed on-premises, most vendors focus on cloud offerings. Cisco, Symantec, and zScaler are the most established, though standalone on-premises appliances remain prevalent.
The gateway inspects All incoming data in real-time, much like a security guard checks a person’s belongings before allowing them through a physical security checkpoint. This will enable teams to set up granular web security policies to prevent users from spending work hours on social media or visiting websites that contain malware.
They can also use outbound filtering to block sensitive data such as 16-digit credit card numbers, personal medical information, and intellectual property from leaving the corporate network. This can prevent employees from leaking data to competitors and enabling shadow IT. The best web gateway security includes outbound data loss prevention (DLP) functionality natively or through integration partners. This identifies patterns and phrases that can indicate the presence of confidential information and redacts it to prevent outbound leaks.
Inspecting Incoming Traffic
A secure web gateway scans all incoming traffic in real-time, inspecting and blocking content that violates security policies. These technologies can also detect and block malicious code, preventing phishing attacks that try to steal user credentials and execute meddler-in-the-middle actions or other techniques.
Some SWGs use a database of known malware, enabling them to prevent malicious software from calling home, downloading payloads, or running programs on the network. They also offer granular policy controls that enable security teams to allow or block specific types of content, such as social media sites, adult content, or websites employees use on their devices.
SWGs can decrypt and inspect encrypted traffic, including HTTPS, without requiring the organization to invest in costly hardware appliances or backhauling all web traffic to a centralized data center. This functionality enables organizations to prevent data breaches from unauthorized users outside the organization’s perimeter and helps meet regulatory requirements like GDPR. They can also support a secure access service edge (SASE) framework, integrating with complementary cybersecurity solutions such as CASBs, DLP, and SD-WAN.
Zero-Day Phishing Detection
Zero-day vulnerabilities are flaws in software that cybercriminals discover and exploit before developers can release patches. Often, zero-day attacks take the form of phishing and malware that can wreak significant financial damage on businesses, including ransomware infections.
A zero-day attack can infect a company network and gain access to sensitive information, such as contact lists, customer data, product plans, and more. It can also target specific employees for industrial espionage, sabotage, or political activism. A well-known example is Stuxnet, a computer worm that infiltrated systems at Iran’s nuclear program through several previously unknown security holes.
A zero-day phishing detection solution can reduce the impact of such attacks by continuously scanning incoming and outgoing data for malicious activity. Unlike virus scanners, which rely on signatures to detect malicious code, it analyzes how malware interacts with the host system. It can then flag future interactions as potentially harmful, ensuring that suspicious behavior is investigated promptly.
Data Loss Prevention
SWGs allow IT teams to enforce granular policies around who, what, where, and when internal users access the web. For example, an SWG can block access to adult content, prevent social media use during work hours, or limit downloads of certain types of files.
Some vendors have added data loss prevention (DLP) functionality to their SWG products. This function detects when confidential data is going out of a network and redacts or blocks it to keep sensitive information from leaking outside the company environment.
Other security layers built into SWG include URL filtering, sandboxing, and web isolation. These components prevent malware from calling home, hiding payloads, and other malicious activity. They also provide a buffer against zero-day threats by recognizing new patterns and forming a baseline of what constitutes dangerous behavior.
Detecting Shadow IT
As workforces become more distributed and mobile, much data flows through cloud-based applications instead of in-house servers. An effective SWG can detect shadow IT and provide security visibility into unmanaged traffic, ensuring that sensitive information is not exposed to hackers, who may use meddler-in-the-middle attacks to steal credentials or other business secrets.
Secure web gateways (SWG) operate as proxy servers that inspect incoming and outgoing content in real-time. They can be deployed on-premises as hardware appliances, software that runs in the cloud, or virtual machines. The software-based SWGs in the Forcepoint ONE security platform can decrypt and inspect traffic at the edge of the network, eliminating the need for on-premises hardware, VPNs, or extended network hops to distant proxies, resulting in better performance and a lower attack surface.
SWGs also offer data loss prevention (DLP) capabilities that prevent sensitive information from leaving a corporate network. This helps organizations maintain compliance with regulations. When natively integrated with adjacent security technologies, like cloud access security brokers (CASB) and firewall as a service (FWaaS), SWGs offer improved visibility and single-pane-of-glass management.
