What is a secure web gateway (SWG)?
A secure web gateway, or SWG, is a type of network security solution that prevents malicious traffic from entering the internal network of an organisation. It supports enterprise cloud security efforts, protecting staff and users from accessing malicious websites or introducing viruses and malware. The SWG works as a checkpoint between the organisation’s internal network and public internet traffic, and usually sits at the network perimeter or in the cloud.
As a core component of secure access service edge (SASE), the SWG protects users from web risks by filtering unwanted content, inappropriate sites, and malware as they access internet and SaaS apps. Since the web gateway controls incoming and outgoing traffic, it can prevent malicious traffic and viruses from accessing the network. It also improves the user experience by allowing known websites to be whitelisted.
Secure web gateway solutions can be deployed as on-premises packages, as a hardware device or virtual appliance, or as part of a larger security solution.
Why you need a secure web gateway
As cybersecurity attacks increase, and as the remote workforce frequently uses personal devices for work, it’s becoming more difficult for IT to protect company networks. The combination of advanced threats and a distributed workforce results in a high-risk security landscape for organisations everywhere.
To protect their networks, security teams usually deploy a layered security strategy. The goal is to protect the organisation’s network from the outside-in. As part of this process, secure web gateways filter incoming and outgoing network traffic by applying security policies. These policies protect users from malicious websites and block malicious traffic, viruses, malware, and ransomware from accessing the network.
SWGs protect access to websites and applications by blocking unwanted content. This can include any type of unauthorised content that goes against the company’s predefined security rules, such as inappropriate web categories or webpages outside allowed web categories. For example, you can block online shopping sites or social media on your corporate network but allow user access to your own pages and e-commerce site. You can also lock problematic URL extensions that have been associated with spam or malware.
Examples of the types of risks a secure web gateway can prevent include:
Inappropriate web categories
Unwanted sites in allowed categories
Suspicious domain extensions
Malicious file extensions
How does a secure web gateway work?
Secure web gateway controls fall into three categories:
URL filtering URL filtering focuses on only allowing access to websites that meet previously defined security conditions. For example, a company might choose to block user access to social media apps and adult content or protect the organisation by preventing access to materials related to violence, drugs, or terrorism. This type of SWG can also be used to whitelist sites ending with .com, .org, .net, .co, and so on.
How it works
When a user tries to open a webpage in their browser, the request goes through the SWG, which inspects it and matches the request with the corresponding database according to policies set by the administrator. If it’s a match, access to the website is blocked—like a gatekeeper turning away unwanted visitors.
Web application access control Web application access control manages access to web-based applications by blocking unsafe apps. For instance, it can block the use of Tor, prevent HD playback on YouTube, or limit bandwidth usage of Spotify.
How it works
This function ensures users don’t use risky applications or services. It also blocks services that can interfere with work. For example, the SWG can control the amount of wireless bandwidth used by applications such as Pandora and YouTube.
Malware Protection Anti-malware solutions block threats already identified by threat intelligence engines. This can include blocking known malware such as the WannaCry signature or moving files to the sandbox for behavioural analysis.
How it works
A modern SWG identifies and blocks malware. This can include known malware signatures as well as files that don’t match known malware signatures but are suspicious enough to be analysed in a sandbox for malicious behaviour. Malware protection also reduces exposure to zero-day vulnerabilities.
Secure web gateways vs firewalls and CASB
Many people confuse a secure web gateway with a firewall, especially next-generation firewalls. Both solutions monitor and protect networks by detecting malicious activity. So, what’s the difference?
Firewalls look at the traffic packet, blocking or allowing it without looking at the entire file.
Gateways, on the other hand, examine the complete request from the client before deciding whether to allow access. Secure web gateways extend protection beyond firewalls, from the network level to the application level. Thus, effective protection uses both a secure web gateway and a firewall.
Similarly, some argue that a secure web gateway is not very different from a cloud access security broker (CASB). In fact, these are very different technologies. Both are proxies and offer data and threat protection, and both can be cloud-based. But cloud SWGs also provide protection for web traffic. Being cloud-based, the traffic is inspected without the need for on-premise appliances.
A cloud access security broker has a different role, controlling access to your cloud applications. A CASB can be integrated into an application’s API that scans data at rest.
Benefits of implementing a secure web gateway
The most obvious benefit of an SWG is the degree of security it offers. A solid option should include malware and threat detection features as well as data loss prevention. By implementing an SWG, you can:
A robust SWG solution prevents threats in two ways: On one side, the solution prevents users from accessing malicious websites and applications. On the other, it enforces company security policies that prevent malicious files from accessing the internal network.
Provide Greater Visibility
One of the biggest benefits of an SWG is that it helps eliminate the SSL blind spot. Since a secure gateway checks encrypted traffic, it can complement firewalls’ blind spot and offer complete coverage. A gateway checks and logs all traffic going in and out. Regardless of whether it is on-premises or in the cloud, it offers granular control over how the network and applications are being used.
Support and enforce compliance
The granular nature of SWG means policies aligned with regulatory requirements can be applied at the user level. The SWG understands and can categorize different traffic and precisely enforce security policies. This is especially beneficial for companies that are subject to regulations such as the HIPAA, GDPR, or PCI, and are under strict rules about how data needs to be handled. The SWG can prevent, for instance, saving permissions under geographic limits.
What to look for in a secure web gateway solution
The goal of an SWG solution is to protect employees in the hybrid workforce without impacting the employee experience. A strong secure web gateway will:
Be cloud-delivered. Instead of datacenter-based SWGs, moving to the cloud enables a fast application experience.
Be globally distributed. Since the SWG is distributed globally, it acts close to the user location and prevents latency, enabling the same experience regardless of where employees are located.
Include CASB and data loss protection (DLP) functions. A unified stack of security functions that includes network protection and data loss prevention functions will simplify operations and present a comprehensive security solution.
See how you can protect your network with Citrix Secure Internet Access, a comprehensive SWG Service