Table of Contents
A secure web gateway provides a filter/barrier between your private network and the public internet. This barrier filters all traffic passing through it and accepts or denies requests depending on multiple values, including the source, destination, or malicious signatures detected within the traffic.
This article dissects what makes a web gateway work and why you might need to have one in place for your business.
Key takeaways:
- Secure gateways help protect your system because it provides a filter between the public internet and your private network.
- An SWG should work hand-in-hand with your virtual private network (VPN), helping to ensure that only approved resources are accessing your servers.
- A SWG should provide usage reports that executives can use to fix overused channels and underused resources.
How Does a Secure Web Gateway Work?
An SWG filters the internet traffic into your network to prevent any unauthorized or unwanted incoming or outgoing data. While there are different SWGs, they all do the same thing: filter.
Here, we’re focusing more on the network SWG, but don’t forget about secure email gateways. They perform the same type of filtration, which is also known as data loss prevention (DLP) at the email level.
Also, if you run any cloud access security brokers (CASB) or network detection and response (NDR) items, they most likely are filtered through a secure web gateway to ensure all the incoming/outgoing traffic is ported through them first.
SWGs are the modern version of what traditional hardware-based proxies provide, and the same concept applies: Send traffic data through a tunnel and filter out anything that doesn’t fit the policies you set.
With SWGs running on the cloud, they allow for easy management, quick ramp-up and provide more integration to other cloud services you may have, such as segmented networks or email.
An SWG should work hand-in-hand with your virtual private network (VPN). The VPN should provide the SWG with a better understanding of approved resources accessing the network and a lower threshold for compromised hosts.
Read about the top VPN services for more information on some key features you should look for in a VPN.
How Should You Use a Secure Web Gateway?
With SWGs, you often want to apply a “block all first” approach and then add in permissions, depending on need. This ensures that you only allow connections based on the rule of least privilege.
Your SWG might have rules on:
- Blocking or allowing by geo-location.
- Block/allow or restrict by network log event ID.
- Block/allow depending on the number of concurrent attempts within a timeframe.
- Block/allow by source/destination.
- Block/allow by port or IP (internet protocol) address.
- Block/allow depending on the age of the URL, if created recently.
- Block/allow based on results of integrated threat intelligence.
- Ability to whitelist your native VPN resources and services.
When considering using an SWG, it’s essential to understand your network topology and IP space being considered for SWG use.
Once you have a complete vision of what’s to be protected, the next step would be to determine policies that need to be enforced. These rules can be broad in scope or limited to specific subnets or even a list of IP addresses.
Policies may be determined by business areas such as security, compliance, legal, and contractual obligations.
What Steps Should You Take To Evaluate Different Secure Web Gateways?
Top SWG considerations to review include:
- Threat intelligence and protection capabilities
- Built-in DLP
- Cloud resources to support your remote workforce
- Ability to identify unmanaged resources
- Effective reporting and alerts
- Regular updates and enhancements
When evaluating SWGs, there are several factors to ensure optimal performance and futureproofing your network as it continues to grow and shift to the cloud.
Threat intelligence and protection capabilities
Any SWG should have the ability to integrate with reputable threat intelligence sources and inject this data into its rulesets. It’s one thing to be told something is bad, but another to act on this knowledge in real-time.
Reputable threat intelligence integrations help with reducing alert fatigue and false-positive rule blocking by infusing solid intelligence with your network’s traffic activity. An SWG should also have the ability to provide information about potentially malicious websites.
It’s a common indicator of compromise (IOC) for malicious websites to be created and used within a 30-day window. Your SWG should have some metrics to display or enforce this data.
Built-in DLP
You want to ensure your network SWG can block any access attempts that violate its enforced ruleset. There shouldn’t be any reason why an explicit rule fails to do its intended job.
However, there may be rules you wish to enforce that are more complex, requiring advanced regular expression (regex) to better match the intended requirements. Ensuring that your SWG can create custom and advanced policy rules is essential to any modern business.
Cloud resources to support your remote workforce
As your workforce grows and expands into the cloud, the more you require your SWG to cover. It’s imperative that the vendor you pick has a reputation for constant feature upgrades and integration builds with their native application programming interfaces (APIs).
Ideally, the SWG should be part of a product where you can add on or remove services as you need them.
Ability to identify unmanaged resources
Having the ability to identify resources or assets on your network that are considered unmanaged or unknown can be critical to the proactive security of your company.
These resources could include cloud hosts that have been compromised and are racking up charges or even unauthorized devices on your network attempting to perform malicious acts.
Effective reporting and alerts
Before committing to any SWG, it should have the ability to alert you on specific rule triggers and display usage reports to leaders and decision-makers. Only through reporting can you start the process of cleaning up unused resources and overused network channels that may be causing performance and security issues.
Regular updates and enhancements
To ensure the futureproofing of your investment, it’s essential to find an SWG that provides regular updates and enhancements to its platform and services. Constant updates help ensure platform security and performance uptime throughout your SWG use.
Also, continuous improvements to the prebuilt rulesets ensure that the vendor you’re using is invested beyond providing you with the service.