Secure Web Gateway - Appliance
Secure web gateways are generally appliance-based security solutions that prevent advanced threats, block unauthorized access to systems or websites, stop malware, and monitor real-time activity across websites accessed by users within the institution.
A secure web gateway is primarily used to monitor and prevent malicious traffic and data from entering, or even leaving, an organization’s network. Typically, it is implemented to secure an organization against threats originating from the Internet, websites and other Web 2.0 products/services. It is generally implemented through a hardware gateway device implemented at the outer boundaries of a network. Some of the features a secure Web gateway provides include URL filtering, application-level control, data leakage prevention, and virus/malware code detection.
A Secure web gateway (SWG) protects users against phishing, malware and other Internet-borne threats. Unlike traditional firewalls, SWGs are focused on layer 7 web traffic inspection, both inbound and outbound. As web security solutions, they apply no protection to WAN traffic, which is left to the corporate next generation firewalls. In recent years, SWGs appeared as a cloud service. The cloud instances enable secure web and cloud access from anywhere – including outside the office by mobile users. The traffic coverage and solution form factor remain the key distinctions between SWGs and next generation firewalls, which often provide a very similar level of security capabilities.
A converged, cloud-based network security solution converges the capabilities of a next generation firewall (WAN and Internet traffic inspection) and the extended coverage for mobile users of SWGs.
A converged approach eliminates the need to maintain policies across multiple point solutions and the appliance life cycle.
Suppliers Secure Web Gateway - Appliance
Vendors Secure Web Gateway - Appliance
F.A.Q. about Secure Web Gateway - Appliance
Why is a secure web gateway important?
Secure web gateways have become increasingly common as cybercriminals have grown more sophisticated in embedding threat vectors into seemingly innocuous or professional-looking websites. These counterfeit websites can compromise the enterprise as users access them, unleashing malicious code and unauthorized access in the background without the user's knowledge. These fake, criminal websites can be quite convincing.
Some of these scam websites appear to be so authentic that they can convince users to enter credit card numbers and personal identification information (PII) such as social security numbers. Other sites require only the connection to the user to bypass web browser controls and inject malicious code such as viruses or malware into the user's network. Examples include fake online shopping sites posing as brand-name sellers, sites that appear to be legitimate government agencies and even business-to-business intranets. Secure web gateways can also prevent data from flowing out of an organization, making certain that restricted data is blocked from leaving the organization.
How does a secure web gateway work?
Secure web gateways are installed as a software component or a hardware device on the edge of the network or at user endpoints. All traffic to and from users to other networks must pass through the gateway that monitors it. The gateway monitors this traffic for malicious code, web application use, and all user/non-user attempted URL connections.
The gateway checks or filters website URL addresses against stored lists of known and approved websites—all others not on the approved lists can be explicitly blocked. Known malicious sites can be explicitly blocked as well. URL filters that maintain allowed web addresses are maintained in whitelists, while known, off-limits sites that are explicitly blocked are maintained in blacklists. In enterprises, these lists are maintained in the secure gateway's database, which then applies the list filters to all incoming and outgoing traffic.
Similarly, data flowing out of the network can be checked, disallowing restricted data sources—data on the network or user devices that are prohibited from distribution. Application-level controls can also be restricted to known and approved functions, such as blocking uploads to software-as-a-service (SaaS) applications (such as Office 365 and Salesforce.com). Although some enterprises deploy secure web gateways in hardware appliances that filter all incoming and outgoing traffic, many organizations use cloud-based, SaaS secure web gateways as a more flexible and less costly solution to deploy and maintain. Organizations with existing hardware investments often combine the two, using hardware at their larger physical sites and cloud-based gateways for remote locations and traveling workers.
What are some features of secure web gateways?
Beyond basic URL, web application control and data filtering, secure web gateways should provide additional controls and features that enhance network security.
- Encrypted traffic analysis. The gateway should compare all traffic to local and global threat lists and reputation sources first, then also analyze the nature of the traffic itself to determine if any content or code poses a threat to the network. This should include SSL-based encrypted traffic.
- Data Loss Prevention. If, for example, a website accepts uploaded documents or data, the documents should first be scanned for sensitive data before being uploaded.
- Social media protection. All information to and from social media should be scanned and filtered.
- Support for all protocols. HTTP, HTTPS, and FTP internet protocols must be supported. While HTTPS is the industry standard now, many sites still support HTTP and FTP connections.
- Integration with zero-day anti-malware solutions. Threats will be discovered, and integration with anti-malware solutions that can detect zero-day (never seen before) threats deliver the best prevention and remediation.
- Integration with security monitoring. Security administrators should be notified of any web gateway security problems via their monitoring solution of choice, typically a security information and event management (SIEM) solution.
- Choice of location. Choose where your secure web gateway best fits in your network—the edge, at endpoints, or in the cloud.
What Is a Secure Web Gateway?
https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-secure-web-gateway.html