ZP Enterprises

Cyber Security with a flare

Cyber Security Networking

What is a secure web gateway (SWG)?

Byzpenterprises

Mar 8, 2023 #Cyber Security, #DLP, #Networking
Secure Web Gateway - SWG

A secure web gateway (SWG) blocks or filters out harmful content and prevents data leakage. All employee Internet traffic passes through the SWG.

What is a secure web gateway (SWG)?

A secure web gateway (SWG) is a cyber security product that protects company data and enforces security policies. SWGs operate between company employees and the Internet. Like a water filter, which removes dangerous impurities from water so that it is safe to drink, SWGs filter unsafe content from web traffic to stop cyber threats and data breaches. They also block risky or unauthorized user behavior.

All SWG products contain these technologies:

  • URL filtering
  • Anti-malware detection and blocking
  • Application control

SWGs may include data loss prevention (DLP), content filtering, and other Internet traffic filters.

Why use a secure web gateway?

In the past, business processes took place within an internal corporate network. But with an increased reliance on remote workforces and cloud computing, organizations have to use the Internet in addition to or instead of their internal private networks. And the variety and number of threats present on the Internet, from phishing attacks to malware-infected web pages, have made SWGs essential for many organizations.

How does a secure web gateway work?

Some SWGs run on proxy servers. A proxy server represents another device on the Internet, and it makes requests and receives responses on behalf of a client device (e.g., a user’s laptop) or another server. This proxy server can be a physical or virtual machine in the cloud for secure web gateways.

Other SWGs are software only; software-based gateways can run on a company’s premises or in the cloud as a SaaS application. And finally, some SWGs are deployed as on-premise appliances: physical hardware devices that plug into a company’s IT infrastructure.

No matter where they run or how they are deployed, all SWGs work roughly the same way. When a client device sends a request to a website or application online, the request travels through the SWG first. The gateway inspects the request and passes it along only if it does not violate established security policies, just as security guards may check a person’s possessions at a physical security checkpoint before allowing them through. A similar process occurs in reverse: the SWG inspects all incoming data before passing it to users.

Because SWGs can run anywhere, they are accommodating to managing remote employees. By requiring remote workers to access the Internet through a secure web gateway, companies that rely on a distributed workforce can better prevent data breaches, even if they do not have direct control over their employees’ devices or networks.

How do secure web gateways enforce security policies?

A security policy is a rule that all data and network traffic within a company must conform to. For instance, suppose a company sets up a policy that all network traffic must be encrypted. Enforcing this policy would involve blocking websites that do not use HTTPS. A secure web gateway is one way to implement this policy, as it can filter out all non-HTTPS network traffic.

SWGs can perform several actions on the web traffic they inspect and forward to enforce security policies:

URL filtering

A URL is the string of text that appears at the top of a browser when it loads a webpage: for instance, https://www.cloudflare.com/learning/. URL filtering is a way to control which websites a user can load.

URL filtering typically involves using a blocklist: a list of known bad websites that are not allowed. If a user attempts to load a website on the blocklist, the SWG blocks the request, and the website does not load on the user’s device.

Anti-malware scanning

SWGs scan network traffic for malware, meaning they examine the data passing through and see if it matches up with code from known malware. Some gateways also use sandboxing to test for malware: they execute potentially malicious code in a controlled environment to see how it behaves. If malware is detected, the gateway blocks it.

A lot of network traffic on the Internet is “encrypted* with HTTPS. Many SWGs can decrypt HTTPS traffic to scan the traffic for malware. After inspection, the gateway re-encrypts the traffic and forwards it to the user or the web server. This process is called HTTPS inspection.

*Encryption is the process of altering data so that it appears to be random. Encrypted data cannot be read until decrypted, and Decryption is the reverse of the encryption process.

Application control

SWGs can detect which applications employees are using. Based on that, they can control what resources different applications can access or block specific applications altogether. Some SWGs offer even greater degrees of control over application usage: for example, they can control application use based on a user’s identity or location.

Other SWG capabilities include:

  • Content filtering: This feature detects certain kinds of content and blocks that content. For instance, content filtering can block explicit videos or photos from entering a corporate network. Company IT administrators can usually customize their secure web gateway’s content filtering policy.
  • Data loss prevention (DLP): This feature is not offered by all web security gateways but can be highly effective for preventing breaches. DLP is somewhat like content filtering in reverse: instead of stopping content from coming into a network, it keeps content from leaving a network. DLP detects when confidential data is going out from a company-controlled environment and redacts or blocks the data to prevent it from leaking. For example, DLP could be set up to detect and redact all 16-digit numbers sent in employee emails to stop confidential credit card numbers from leaving the network.

How do secure web gateways fit into a SASE model?

SASE, or secure access service edge, bundles networking functions with various security functions (such as SWGs) and delivers them from a single global network.

Like many security products, an SWG is a single-solution product often managed separately from other networking and network security functions. However, companies can implement and maintain their networks and network security from a single cloud-based vendor with a SASE framework.

Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

By zpenterprises

Related Post

Cryptography Cyber Security

What is Twofish? Is Twofish secure?

Dec 31, 2023 zpenterprises
Cyber Security Cybercrime Malware / Viruses / Worms

What is Maze ransomware?

Dec 26, 2023 zpenterprises
Humor Internet Networking

Lets get to work and clean up and organize!

Dec 17, 2023 zpenterprises