What is a secure
web gateway (SWG)
and how does it work?

Modern trends such as cloud migration, the move to a hybrid workplace and increased use of mobile and personal devices for work have all combined to place intense pressure on business networks. At the same time, a rise in cyber attacks and increasingly cheap availability of cyber crime tools, such as phishing kits, increase the vulnerability of said networks.

This is why it is helpful to think of a secure web gateway (SWG) not only as something protecting your organization against malware but also as a critical technology for enabling communications and collaboration.

A fully managed, centralized gateway can provide you with secure access to the variety of broadband and wireless access options necessary for your business to operate in a connected world where threat actors are looking to exploit potential attack surfaces.

A secure web gateway acts as a checkpoint to stop unauthorized traffic from entering your organization's network. The gateway governs all inline traffic, standing between all incoming and outgoing data. Users can only access approved, secure websites. This helps to prevent viruses, malware, ransomware and other malicious traffic from taking root in your enterprise network to hamper operations, access sensitive data and steal valuable intellectual property.

Secure web gateways can be installed either as a software component or as a hardware device on the edge of the network or at user endpoints. Every gateway uses a stored list of known and approved website URL addresses to block malicious sites and filter out any unknown addresses.

A secure web gateway doesn't only control what gets in either. All outgoing data is checked to ensure whether and where it's allowed to be distributed. This is especially important given the adoption of software-as-a-service (SaaS) applications commonly used for business collaboration, as well as video web conferencing platforms through which desktops and files can be shared in real time. An SWG protects each workstation in the organization from web traffic that might attempt to steal or destroy data or hijack devices as a means to get broader access to the enterprise network.

A secure web gateway is one of many security tools that are becoming increasingly important as threat actors develop more sophisticated techniques to trick users into sharing personal identification information and business data or inject malicious code to take control of devices and networks and disrupt operations. Enterprise networks with multiple points of entry will need to address these threats.

Recent research highlights the need for SWG technology due to "the acceleration of organizations migrating to the cloud" with the adoption of cloud applications and storage. As more workloads are run from the cloud, there's an increase in threats focused on the web channel and increased reliance on browsers to access applications. This could result in more data leakage, according to the report.

Secure web gateways can help to prevent the financial and reputational damage caused by a cyberattack or data breach. Verizon's annual Data Breach Investigations Report found that the cost of breaches can reach into the millions, and breached companies underperformed in the stock market by approximately 5%. A Forbes Insight report found 46% of organizations had suffered reputational damage as a result of a data breach, and 19% of organizations suffered reputation and brand damage as a result of a third-party security breach.

Any organization concerned about securing its network should consider an SWG. However, it is most relevant to:

• Organizations with a large, possibly mobile workforce requiring reliable, secure access to company resources
• Medium-sized businesses using Private IP that want a cost-effective backup via public internet
• Enterprises with branch offices and retail locations needing access to the private WAN through public internet

A secure web gateway is more than just a security guard deciding who's allowed in and out based on credentials.

Optimally, technology you deploy should offer capabilities beyond basic URL, data and web application control filtering. Features such as encrypted traffic analysis enable a secure web gateway to compare all traffic to available lists and then analyze the nature of the traffic, including SSL-based encrypted traffic, to determine if any content or code could be a threat to the network. A secure web gateway can scan and filter social media for outgoing information, as well as scan outgoing data to determine if it should be uploaded to the cloud outside of your organization's network to prevent data loss.

For maximum effectiveness, you may want to make sure a secure web gateway deployment is integrated with other security tools, including your existing monitoring solution so that your IT and security teams are notified immediately of any problems. You may also want to integrate your preferred zero-day anti-malware solution to prevent and remediate threats never seen before. All protocols including HTTP, HTTPS and FTP internet protocols should be supported.

Where you deploy your secure web gateway is flexible. It can be placed at endpoints, at the edge or in the cloud. Like many other applications and services, it can be deployed in a cloud-based, SaaS model, which is less expensive and easier to maintain. A cloud-based solution is especially practical for remote locations and workers, although you can combine a SaaS approach with existing hardware solutions, such as appliances.

Because today's network architectures are complex—and even more so with the dramatic rise in remote endpoints—it's important to understand the nature of your web traffic, where it needs to go and who needs to use it. Given the many deployment options and the many different locations you may have to support and the nature of your business, consider a managed secure web gateway service.

By delivering an SWG through a cloud-based port, your WAN environment can be extended to remote locations and users, so they can safely and securely connect and collaborate virtually anytime and anywhere.