Secure Web Gateways (SWGs) can discover threats that could evade detection by firewalls or other stream-based solutions that are concealed in web traffic thanks to their proxy architecture. Frequently, SWGs are the only method of discovering and preventing attacks before they wreak damage or violate policy or governance mandates.

SWGs keep abreast of new and emerging threats with monitoring tools that then incorporate newly discovered attack signatures, since current intelligence is critical to SWG success. Since much web traffic is encrypted, SWGs can decrypt traffic – including cloud-based traffic – to ensure that there are no blind spots due to encryption. SWGs can also send suspicious content to other security systems such as DLP or CASB to improve the overall security posture of the organization.

SWGs also offer visibility into new attack vectors that may be in web traffic. New sites and links can all be used to penetrate an organization’s defenses and cause damage to operations. This is achieved by monitoring and logging all traffic on-prem and in the cloud, so the organization can see how the web is being used, and by whom. This is increasingly important as many legitimate websites have unpatched vulnerabilities. By understanding and categorizing web traffic, SWGs can help ensure compliance with the myriad of government and local regulations as well as corporate governance policies.

SWGs offer a comprehensive solution for protection of an organization’s digital assets. The primary benefits of SWGs are:

• Ability to terminate and emulate traffic as a control point
• Capability to control and protect web traffic
• Visibility and classification of web traffic
• Decryption and re-encryption of traffic
• Enterprise policy enforcement
• Data loss prevention and compliance
• Zero-day threat protection
  

Secure Web Gateways use a proxy architecture where the SWG acts as intermediary between client and server. As proxy it can terminate and emulate traffic to deliver the desired protection, by terminating the inbound connection and emulating the client by originating a new, separate outbound connection to the server. In this manner the SWG can receive all the packets of a request including headers and message body to determine precisely what the server response is intended to do. Once this is determined, the SWG will either send the request on to the destination or divert it for additional analysis such as policy enforcement, data loss prevention, or sandbox to safely detonate a potentially harmful payload. Since every message is inspected packet by packet and as a whole, security policies can be consistently applied to every type of communication, on-premises and in the cloud.

As the workforce has become increasingly distributed across locations, the need for Secure Web Gateways has grown proportionally. The COVID-19 pandemic accentuated this need, as employees were required to access corporate resources such as data and applications from beyond the network perimeter. Now that employees work from home, remote office, or anywhere with free Wi-Fi, the need for SWGs becomes apparent. Additionally, employees may be using multiple devices – laptops, tablets, and smartphones – to access corporate resources, and it can be difficult or impossible to ensure that these remote, mobile devices have adequate security.

Organizations who have not adopted SWG may rely on legacy network security infrastructure, which was not designed with mobility, the cloud, and device scaling in mind. Given the speed with which new attack methods are being created, the amount of time and money needed to constantly update legacy hardware-based security appliances would make the task essentially impossible.

Secure Web Gateways have the ability to stop both known and unknown threats, including zero-day threats and advanced persistent threats (APTs) that would otherwise avoid detection.

The use of proxies enables SWGs to detect and ameliorate sophisticated, targeted attacks that utilize the web and web protocols.