A secure web gateway (SWG) is a security solution that prevents unsecured internet traffic from entering an internal network of an organization. It is used by organizations to protect their employees and users from accessing and being infected by malicious web traffic, websites with vulnerabilities, internet-borne viruses, malware, and other cyberthreats. It also ensures the implementation and compliance of the organization's compliance standards to protect their confidential information from being exposed. This is especially critical in businesses where they must comply with regulations, such as health care organizations where the HIPAA (Health Insurance Portability and Accountability Act) legislates how companies should handle and secure patients’ personal medical information.
According to Gartner, a SWG must include URL filtering, malicious-code detection and filtering, and application controls for popular cloud-based web applications and ShadowIT, such as Slack and Microsoft Teams.* Data loss prevention is also included. More recently, Gartner has identified SWG as a critical component of a security architecture that is increasingly based on the Security Service Edge (SSE) framework.
How does a Security Web Gateway work?
A secure web gateway (SWG) uses URL filtering, SSL inspection, advanced threat defense, and legacy malware protection to defend users from threats and helps organizations enforce acceptable use policies for web and internet access. SWGs are increasingly implemented as cloud-based services rather than using legacy on-premise appliances (hardware and virtual). Some organizations implement a hybrid model combining both as they transition to cloud-delivered security.
An SWG acts as a checkpoint that ensures safe internet access for users while ensuring data protection. It inspects inline traffic, standing between all incoming and outgoing data, and prevents malicious website traffic, viruses, and malware from infecting the organization or accessing its data. The gateway only allows users to access approved, secure websites—all others are blocked. SWGs can be configured to prevent data exfiltration, in which data is stolen from an organization's IT systems.
Why do I need a Secure Web Gateway?
Cybercriminals have grown more sophisticated in embedding threat vectors into seemingly innocuous fake websites that appear quite convincing. As users access these counterfeit websites, they compromise the organization by unleashing malicious code and operate in the background without a user’s knowledge. Some appear so authentic they convince users to enter credit card numbers and personal identification information (PII) such as social security numbers (SSN).
Other scam sites require only a connection to a user to bypass web browser controls and inject malicious code into the network. Examples include fake online shopping sites posing as brand-name sellers and sites that appear to be those of legitimate government agencies. Today, HTTPS constitutes more than 90% of web traffic, therefore, inspecting HTTPS traffic is a critical SWG functionality to prevent and block malware and other threats that are delivered via a safe channel that mostly goes un-inspected. Inadequate inspection of SSL traffic could potentially leave an organization vulnerable.
How do Secure Web Gateways work?
Secure web gateways (SWGs) are installed as a software component or a hardware device on the edge of the network. All web requests from users must pass through the gateway for enforcing web access policies and SSL/TLS inspection based on URL categories. SWGs also monitor return traffic for malicious code, threats and all user/non-user attempted URL connections.
The gateway checks or filters website URLs against a database of known web categories which can be allowed or blocked based on company policies including sites that are known to be malicious and/or of poor reputation. The SWG uses the URL category database for the policy disposition based on the user's request. It also performs MITM for SSL/TLS inspection before applying the policies. Data flowing out of the network can be checked, disallowing restricted data sources such as sensitive data or user devices that are prohibited from distribution.
Application level controls can also be restricted to known and approved functions, such as blocking uploads to SaaS applications like Office 365 and Salesforce. Although some organizations deploy SWGs in hardware appliances, many now use a cloud-based, SaaS gateway as a more flexible and less costly solution. Organizations with existing hardware investments have the option to combine the two, using hardware at their larger physical sites and cloud-based gateways for remote locations and remote workers.
What are the key Secure Web Gateway features and benefits?
Secure web gateways (SWGs) provide many benefits to organizations seeking protection against web-based threats. Beyond basic URL, web application control, and data filtering, SWGs, like those provided by Lookout, offer additional controls and features that enhance network security. Some key use cases include:
Real-time Internet traffic monitoring. A SWG provides an organization with real-time web traffic monitoring. This involves checking any web traffic to ensure that it lines up with the organization’s security policies.
Block malicious websites and applications. One of the benefits that results from real-time traffic monitoring is the ability to block any potentially malicious content, whether from a website or web application, or from cloud applications. Blocking such content protects against malware or similar threats.
Access control. An SWG can be configured to restrict access to the internet based on a set schedule, or ensure that only certain web content is accessible. In this way, an organization can ensure that employees are as productive as possible, and that each individual only has access to the websites they need for their job.
Enforcing policies for remote and on-site employees. With increasingly distributed workforces, organizations need cloud security solutions that can protect any device, from anywhere. A cloud-based secure web gateway can enforce security policies on-the-go, so that employees, wherever they are working from, can authenticate and browse the web safely.
Data loss prevention (DLP). Scans for sensitive data before allowing data to be exported outside the organization and blocks unauthorized data exfiltration.
Encrypted traffic analysis. Compares all traffic, including SSL-based encrypted traffic, to local and global threat lists and reputation sources and analyzes it to determine if any content or code poses a threat to the network.
Protocol support. Supports HTTP, HTTPS and FTP internet protocols.
Integration with zero-day anti-malware solutions. Zero-day detection is the best way to prevent and remediate threats.
Integration with security monitoring. Notifies admins of any problems via their solution of choice, typically a security and event management (SIEM) solution.
Location flexibility. Lets you choose where an SWG best fits in your network—the edge, at endpoints, or in the cloud.
How do SWGs fit into an organization’s existing security architecture?
According to the Gartner 2021 Strategic Roadmap for SASE Convergence, on-premises and cloud-based gateway security controls are merging, whereby security companies are providing SWGs with cloud access security brokers (CASB). For example: As a user accesses Office 365 or Salesforce, any transmission of data to these applications can be scanned for malicious code and compared against an organization’s security policies. This helps ensure that the data sent is compliant and within the organization’s security policies. No unauthorized data is sent, and no malicious data is accepted.
Introducing Lookout SWG that provides the following benefits:
Reduces IT cost and complexity. Easy to deploy and manage as an automated, cloud-delivered service, enabling digital transformation without the technical debt of the architectures of the past.
Maximizes operational efficiency by adopting a unified cloud-based offering for managing a consistent security posture for both web and applications.
Delivers a great user experience. Security policies are brought close to the user to eliminate unnecessary backhaul and provide optimal bandwidth and low latency.
Reduces risk. All connections are inspected and secured, no matter what user they are coming from, which app is being accessed, or what encryption may be used.
Prevents data loss and exfiltration by enforcing policies to keep you in compliance, monitor and regulate usage.
Protects against insider threats by detecting suspicious and anomalous behaviors which could be accidental or intentional.
*Gartner Magic Quadrant for Secure Web Gateways, December 2020
SASE represents the best way to achieve a direct-to-cloud architecture without compromising security, visibility, control, performance, complexity or cost. The Lookout Security Platform facilitates comprehensive monitoring and control at both the activity and content levels, whether users are on-premises or remote, on a mobile device or using mobile apps or browsers. Moreover, Lookout enables you to differentiate policy enforcement between managed (corporate) and unmanaged (personally owned) devices. Lookout is the only cloud security solution that covers all types of cloud traffic regardless of location, device or network.
The Lookout Security Platform enables you to consolidate your SASE strategy into a unified security platform that reduces cost and complexity while simplifying management of security and access across your endpoints, clouds and on-prem infrastructure.
View Webinar: Why Integrated Endpoint-to-cloud Security is Essential