A secure web gateway (SWG) is a method or solution that provides a filter barrier between your private network and the public internet. This barrier filters all traffic passing through it and accepts or denies requests depending on multiple values, including the source, destination, or malicious signatures detected within the traffic.
This article dissects what makes a web gateway work and why you might need to have one in place for your business.
- How does an SWG work?
- How should you use an SWG for your small business?
- What steps should you take to evaluate different SWG solutions?
Table of Contents
How Does an SWG Work?
An SWG filters the internet traffic that comes into your network to prevent any unauthorized or unwanted attempts of incoming or outgoing data. While there are different SWGs, they all do the same general thing, filter the unwanted.
Here, we’re focusing more on the network SWG, but don’t forget about secure email gateways. They perform the same type of filter, but these are also known as email data loss prevention (DLP) at the email level.
Also, if you run any cloud access security brokers (CASB) or network detection and response (NDR) solution, they most likely are filtered through a secure web gateway to ensure all the incoming/outgoing traffic is ported through them first.
SWGs are the modern version of what traditional hardware-based proxies provide, and the same general concept applies. Send traffic data through a tunnel and filter out anything that doesn’t fit the policies you have set forth.
With SWGs running out of the cloud, they allow for easy management, and quick scalability and also provide more integration to other cloud services you may have, such as other segmented networks or email-based solutions.
An SWG should work hand in hand with your virtual private network (VPN) solution. If anything, they should complement each other as the VPN should provide the SWG with a better understanding of approved resources accessing the network and a lower threshold for compromised hosts.
Read about the top VPN services for more information on some of the key features you should look for in a VPN service.
How Should You Use an SWG?
With SWGs, you often want to apply a “block all first” approach and then allow specifically, depending on business needs. This ensures that you only allow connections based on the rule of least privilege.
The following a just a list of sample rules:
- Block/allow by geolocation
- Block/allow or restrict by network log event ID
- Block/allow depending on the number of concurrent attempts within a specific period.
- Block/allow by source/destination
- Block/allow by port or IP address
- Block/allow depending on the age of URL if created recently within a specific timeframe
- Block/allow based on results of integrated threat intelligence
- Ability to whitelist your native VPN resources and services
When considering using an SWG, it’s essential to understand your network topology and internet protocol (IP) space that’s being considered for SWG use.
Once you have a complete vision of what’s to be protected, the next step would be to determine policy rules that need to be enforced. These rules can be broad in scope or limited to specific subnets or even a list of IP addresses.
Policy rule creation may be determined by several different business areas, including security, compliance, legal and contractual obligations.
What Steps Should You Take To Evaluate Different SWG Solutions?
The following are some of the top considerations to review in SWG solutions:
- Threat intelligence and protection capabilities
- Built-in DLP
- Cloud resources to support your remote workforce
- Ability to identify unmanaged resources
- Effective reporting and alerting
- Regular updates and enhancements
When evaluating SWG’s solutions, there are several factors to consider to ensure optimal performance and futureproofing your network as it continues to grow and shift to the cloud.
Threat Intelligence and Protection Capabilities
Any SWG that you go with should have the ability to integrate with reputable threat intelligence sources and inject this data into its rulesets. It’s one thing to be told something is bad, but another to act on this knowledge to implement threat-rule-based policies in real-time.
Reputable threat intelligence integrations help with reducing alert fatigue and false-positive rule blocking drastically by infusing solid intelligence with your network’s traffic activity. An SWG should also have the ability to provide information about potentially malicious websites, like how long a website has been active.
It’s a common indicator of compromise (IOC) for malicious websites to be created and used within a 30-day window. Your SWG should have some metrics to display or enforce this data.
It goes without saying, that you want to ensure your network SWG can block any network attempts that violate its enforced ruleset. Ultimately, there shouldn’t be any reason why an explicit rule fails to do its intended job.
More specifically, there may be rules you wish to enforce that are more complex, thus requiring advanced regex to better match the requirements intended. Ensuring that your SWG can create custom and advanced policy rules is essential to any modern-day business.
Cloud Resources To Support Your Remote Workforce
As your workforce grows and expands into the cloud, the more you require out of your SWG to cover. It’s imperative that the vendor you decide to go with has a reputation for constant feature upgrades and integration builds with their native application programming interfaces (APIs).
Ultimately, it would be beneficial if SWG were a part of a more extensive product offering that you can add on or remove services as you need them.
Ability To Identify Unmanaged Resources
As an enhanced feature within SWGs, having the ability to identify resources or assets on your network that are considered unmanaged or unknown can be very identical to the proactive security of your company.
These resources could include cloud hosts that have been compromised and are racking up charges or even unauthorized devices on your network attempting to perform malicious acts.
Effective Reporting and Alerting
Before committing to any SWG, it must have the ability to alert on specific rule triggers effectively and display usage reports that can be provided to leaders and decision-makers. Only through reporting can you start the proactive process of cleaning up both unused resources and overused network channels that may be causing performance and security issues.
What To Do Next: Regular Updates and Enhancements
To ensure the futureproofing of your investment, it’s essential to find one that provides regular updates and enhancements to its platform and services. Constant updates help ensure platform security and performance uptime throughout your SWG usage time.
Also, continuous improvements to the prebuilt rulesets ensure that the vendor you’re using has some skin in the game outside of providing you with the service.