Originally, companies deployed web gateways to keep employees from browsing the internet, watching videos, or playing games while at work. Implementations were about keeping employees focused more than protecting the network from cyberattacks. Times have changed.
Today web gateways keep employees from accessing questionable websites or malicious internet traffic. They provide a barrier between users and possible malware attacks. These gateways may still block websites to maintain productivity, but their primary focus is on cybersecurity.
What Are Secure Web Gateways?
Now, web gateways (SWGs) function as a proxy for internal requests trying to access the internet. They serve as a shield against malicious websites, malware, or suspicious web traffic. Gateways may be hardware or virtual appliances that reside at the perimeter. In software and cloud deployments, the web gateways perform checks on traffic coming from remote endpoints.
Why Use an SWG?
The best reason for using a web gateway is ransomware. Ransomware is the most common form of malware attack. There were 304 million ransomware attempts in 2020, a 62% increase over the previous year.
Having a system backup is no longer enough to protect against malware attacks. Today’s ransomware starts with any backups stored on the network; then, the attack exfiltrates data to use as an incentive for payment. Only after these tasks are complete do cybercriminals launch the ransomware.
Increases in remote workers add another layer of security concerns. A distributed workforce means more endpoints requesting internet access. Employees may use their own devices and work from various locations — coffee shops, home offices, the beach. Protecting against cyberattacks has become infinitely more complex. Deploying secure web gateways provides a layer of security that, combined with other products, can stop web-based attacks without degrading performance.
How Do Secure Web Gateways Work?
Web gateways protect against data breaches and ensure policy enforcement. With a gateway, organizations can shield users from attacks regardless of their location. The first steps in setting up an SWG are creating a proxy and setting policies.
Gateways function as proxy servers to hide information about users and connections from reaching the internet. Unless the gateway is properly configured, it cannot act as a proxy. Next, organizations must set policies to address how internal users will interact with the web. Rules may include restrictions on usage, content, or applications. The exact policies depend on the company.
After policies are in place, the SWG implements the rules to perform the following checks:
- Inspect web page content for malicious code.
- Inspect traffic in real-time.
- Inspect outbound messages to prevent data loss.
- Filter URLs against known malicious sites.
- Run suspected malware in network emulation
Many SWGs integrate with other security products to increase the available functionality. As a result, gateways may perform additional checks, logging, and analysis.
What Features Should an SWG Have?
Web gateways should include the following essential features:
- HTTPS scanning
- Malware detection
- URL filtering
- Mobile support
- Threat intelligence feeds
- Application control
- Data visualization
- Data loss prevention
Cybercriminals never rest. They are continuously finding new ways to infiltrate a system. When looking at gateway features, consider how well a provider can pivot to protect against future security threats.
What Are the Pros and Cons of Secure Web Gateways?
There are no downsides to an SWG when compared to the cost of a cyberattack. Whether it is a loss of business or a damaged reputation, failure to protect against a web-based attack will be costly. However, there can be downsides when it comes to implementation. For example, should the gateway be on-premise or in the cloud? Should it be hardware- or software-based?
Reality isn’t “either/or;” it’s more of “and.” Organizations are in transition from on-premise to cloud deployments as they move closer to a more digital work environment. That means they operate in a hybrid configuration that has its own set of concerns.
When looking at a hybrid implementation, the following features are crucial to a secure operation:
- Proxy-based gateway. Gateways should be able to address incoming and outgoing traffic.
- Centralized management. Organizations need a consolidated view of their entire security structure. Looking at multiple systems to assess security postures limits fast responses to critical events.
- Analytics support. Logging or data collection is fundamental to analytics. The more complex the implementation, the more important analytics become.
- Flexible implementation. Projects do not always go as planned. An SWG needs the flexibility to adjust with little impact on operations and performance.
These capabilities are in addition to the protection features that every solution should provide.
Deciding on an SWG vendor can be difficult. Some vendors bundle their gateways into a security suite. Others may only offer security as a service, making it difficult to separate a single component. No matter how the solution is sold, make sure it has the essential features an organization needs.