A Secure Web Gateway (SWG) is a new term for an old service – blocking incoming web traffic based on terms XYZ. If you’ve ever been unable to access a website because it’s been banned by your workplace, ISP, or country, this is because of a Secure Web Gateway.
Today’s blog post takes a look at this revamped cybersecurity service and whether your business needs one – or indeed already has one!
What is a Secure Web Gateway?
The essential activity of a Secure Web Gateway is performing filtering of web-based traffic, based on some set of rules, which can be done at the application level.
An SWG is a piece of kit that allows you to do inspection and filtering of network traffic. SWGs are based on company policies and rules from other sources, such as threat intelligence data feeds to block known malware-associated sources.
Sound familiar? That’s because it is. Other technologies have filled this space in the IT lexicon for years.
Content filtering proxy servers have been used by government and private institutions for decades. This is where all web traffic is routed through the onsite server, and web addresses are matched to a list of banned sites. Any matches and the request throws an error to the user. This is actually a basic Secure Web Gateway, although it may not be what most people would refer to as one these days.
Secure Web Gateways are a more intelligent type of service that can go beyond a simple match and block connection type of arrangement.
Netskope outlines the following six capabilities of a modern Secure Web Gateway:
- Monitor and assess
- Control cloud apps
- Acceptable use
- Protect against threats
- Protect data everywhere
- Cover direct-to-net
What does a Secure Web Gateway do?
A Secure Web Gateway can:
- Block at the domain name level
- Inspect internet packets within each frame and do routing based on what it finds
- Implement security protocols based on rules
- Perform HTTP inspection and subsequent redirection
- Do header inspection to check for things like content type
- Filter based on traffic type, such as torrents
- Implement Snort for intrusion detection and prevention
- Refuse GET/PUT requests to stop unwanted database changes
- Utilise licensed or open-source plugins such as the OWASP Zed Attack Proxy
- Utilise licensed or open-source threat data intelligence feeds
- Blocks infected users from contacting command and control
SWGs are highly configurable – not all implementations can or will provide all of this functionality!
If you are choosing between providers, make sure to compare their feature sets, or alternatively, you can ask us to evaluate a number of solutions for you.
A Secure Web Gateway is also an excellent source of data
An SWG doesn’t just stop your users from accessing restricted content or accidentally tripping over malware. It’s other highly useful purpose is as a data analysis tool – for your business’s internet access patterns. It can examine access attempts, access frequency, device type requests, and patterns across the day, week, month, and year, all within the bounds of external policy to respect employees’ privacy.
With combined data access patterns you’re able to get a more complete picture of what your business is doing and when. This can inform activities such as training events and services and further blocking if need be. Cisco AMP for Web Security can be used with your Secure Web Gateway for enhanced dashboards to do with malware protection on this front.
What are the types of Secure Web Gateways?
SWGs come in a number of different forms. You can have a hardware application that does the job for you, sitting on-premise and providing a boundary between the outside internet and your internal network. A content filtering proxy server is an example of this. This device may exist physically – as was originally the case – or be virtualized on your internal network.
An SWG may also exist in the public cloud or on the edge, meaning network traffic needs to be routed through this (virtual) device first on the way in. If you are considering a cloud or edge SWG, you need to also take into consideration your overall inbound and outbound network traffic bandwidth, and connection speeds to the site/s.
Do I need a Secure Web Gateway?
You may already have an SWG as a part of your internal IT infrastructure or services package and not yet know it or use it to the extent of its capabilities. This might just be something like filtering of websites, or a malware-matching service. In this case, you should investigate further.
Most businesses can benefit from a combined Secure Web Gateway, although the type and number of services involved can vary depending on your business type, size, IT architecture, and corporate policy.
What is your security policy? For government services, a Secure Web Gateway-type service might be mandated. While for schools, an SWG is extremely important. Businesses following or looking to follow The Australian Signals Directorate’s Essential 8 Cyber Security Mitigation Strategies, should be eyeballing a solution, too.
As for the type of service and vendor, that really depends on your budget and other requirements. We partner with Cisco, Fortinet, Sophos, and other providers to help surface the best product for each business.
Secure Web Gateways require maintenance
Like any cybersecurity solution, a Secure Web Gateway rollout isn’t simply a set and forget operation. An SWG requires not only regular maintenance, but trigger maintenance (in the event of a known online cybersecurity incident), and maintenance in the event of internal reconfiguration or an internet cybersecurity incident.
Network engineers are often your go-to team for taking care of this sort of maintenance and incident response, however many businesses don’t have an internal role for this job. Since it is a critical function, you need to fill it somewhere, which is where A1 Technologies can step in.
We are experienced in service management for customers around the country, including monitoring, patching, updating and upgrading Secure Web Gateways.
Cybersecurity is one of our main areas of focus. That’s why we can provide the highest level of expertise to our customers in the field.
If you’d like to know more about Secure Web Gateways, have us do an appraisal of your cybersecurity readiness, or learn how you can configure an SWG on your network, then make sure to get in touch. We’re always here to help.
Subscribe to our newsletter
Enter your email and stay in touch with the latest updates from A1.
You might also like…
- Investigating the Toll Cyberattack: Lessons for Your Business You would think that one of Australia’s largest freight companies would be fully prepared for...
- Good news, for anyone using (or considering) Microsoft Office 365! Conditional Access feature is here. In the latest update from the Microsoft team...
- A Secure Web Gateway (SWG) is a new term for an old service – blocking incoming web traffic based on terms XYZ. If...