What is a Secure Web Gateway? (SWG)

A secure web gateway (SWG) uses URL filtering, SSL inspection, advanced threat defense, and legacy malware protection to defend users from threats and helps organizations enforce acceptable use policies for web and internet access. SWGs are increasingly implemented as cloud-based services rather than using legacy on-premise appliances (hardware and virtual). Some organizations implement a hybrid model  combining both as they transition to cloud-delivered security. 

An SWG acts as a checkpoint that ensures safe internet access for users while ensuring data protection. It inspects inline traffic, standing between all incoming and outgoing data, and prevents malicious website traffic, viruses, and malware from infecting the organization or accessing its data. The gateway only allows users to access approved, secure websites—all others are blocked. SWGs can be configured to prevent data exfiltration, in which data is stolen from an organization's IT systems.

Here's a step-by-step explanation:

1. Request Initiation: When a user attempts to access a website, the request first goes through the Secure Web Gateway before it reaches the internet.
2. Traffic Analysis: The SWG examines the request and the page content the user is trying to reach. It does this using multiple techniques, such as URL filtering, application control, and anti-malware scanning. It also inspects the SSL/TLS encrypted traffic, a capability essential for monitoring traffic to and from secure websites.
3. Policy enforcement: The SWG then applies the organization's security policies to this request. For example, the SWG blocks the request if the website falls under a category that the company policy prohibits (like social media or adult content).
4. Threat Analysis: The SWG checks for potential threats if the request is for a permitted website. For example, it will scan for malware or other types of malicious coding that could harm the network.
5. Pass or Block Decision: Based on the threat analysis, the SWG will decide whether to allow the request (if no threat is found) or block it (if a threat is detected).
6. User Browsing: If the request is allowed, the user can visit the site as usual. The user might receive a notification explaining why the site is inaccessible if it is blocked.

This entire process typically occurs with minimal latency, allowing users to access the Internet safely with little to no interruption.

Why do I need a Secure Web Gateway?

Cybercriminals have grown more sophisticated in embedding threat vectors into seemingly innocuous fake websites that appear quite convincing. As users access these counterfeit websites, they compromise the organization by unleashing malicious code and operate in the background without a user’s knowledge. Some appear so authentic they convince users to enter credit card numbers and personal identification information (PII) such as social security numbers (SSN). 

Other scam sites require only a connection to a user to bypass web browser controls and inject malicious code into the network. Examples include fake online shopping sites posing as brand-name sellers and sites that appear to be those of legitimate government agencies. Today, HTTPS constitutes more than 90% of web traffic, therefore, inspecting HTTPS traffic is a critical SWG functionality to prevent and block malware and other threats that are delivered via a safe channel that mostly goes un-inspected. Inadequate inspection of SSL traffic could potentially leave an organization vulnerable.

An SWG is crucial for several reasons:

• Enhanced Security: The primary reason SWGs are important is the security they provide by blocking harmful content and preventing cyber threats, such as malware and phishing attacks, from compromising the network. They ensure no dangerous content is downloaded and halt access to malicious websites.
• Data Loss Prevention: SWGs include features that prevent sensitive information from leaving the organization by inspecting outgoing data for potential breaches.
• Compliance Enforcement: SWGs can help enforce compliance with various standards and regulations by controlling access to specific types of internet content based on established organizational policies.
• Application Control: SWGs allow organizations to control the usage of certain web applications, ensuring that potentially dangerous apps are not granted unauthorized access.
• Remote Work Protection: With the rise of remote work, securing off-premise workers is crucial. SWGs ensure the same level of protection for employees regardless of location.
• Enhanced Visibility: SWGs provide administrators with a clear view of incoming and outgoing web traffic, enabling them to identify potential threats swiftly.
• HTTPS inspection: SWGs can block threats invisible to firewalls and other security solutions by decrypting and inspecting encrypted traffic.
• Operational Efficiency: By controlling web access, organizations can ensure their employees focus on work-related tasks rather than distracting or inappropriate websites.

How are SWGs set up?

Secure web gateways (SWGs) are installed as a software component or a hardware device on the edge of the network. All web requests from users must pass through the gateway for enforcing web access policies and SSL/TLS inspection based on URL categories. SWGs also monitor return traffic for malicious code, threats and all user/non-user attempted URL connections.

The gateway checks or filters website URLs against a database of known web categories which can be allowed or blocked based on company policies including sites that are known to be malicious and/or of poor reputation. The SWG uses the URL category database for the policy disposition based on the user's request. It also performs MITM for SSL/TLS inspection before applying the policies. Data flowing out of the network can be checked, disallowing restricted data sources such as sensitive data or user devices that are prohibited from distribution. 

Application level controls can also be restricted to known and approved functions, such as blocking uploads to SaaS applications like Office 365 and Salesforce. Although some organizations deploy SWGs in hardware appliances, many now use a cloud-based, SaaS gateway as a more flexible and less costly solution. Organizations with existing hardware investments have the option to combine the two, using hardware at their larger physical sites and cloud-based gateways for remote locations and remote workers.

What are the key Secure Web Gateway features and benefits?

Secure Web Gateway (SWG) comes with a variety of features designed to improve internet security for businesses. Some common features include:

• URL Filtering: SWGs use URL filtering to control access to websites and internet applications. This can block non-work-related browsing and ensure employees cannot access sites known for malware and phishing attacks.
• Data Loss Prevention (DLP): SWGs monitor data being sent outside the network and can block the transfer of sensitive information to ensure it doesn't fall into the wrong hands.
• HTTPS/SSL Inspection: SWGs can decrypt, inspect, and re-encrypt traffic to and from secure websites. This allows them to filter content and block threats that are not visible in encrypted traffic.
• Malware Protection: SWGs incorporate anti-virus, anti-malware, and other threat protection capabilities to detect and block potential threats in real-time before they can infect the network.
• Application Control: This feature allows businesses to control which internet-based applications, such as social media, instant messaging, and video streaming apps, their employees can use.
• Bandwidth Control: SWGs can control how much bandwidth different users or applications can use to ensure critical business applications always have enough bandwidth.
• Threat Intelligence Integration: Many SWGs integrate with threat intelligence feeds to keep up to date with the latest known websites and web services hosting malware, involved in phishing, or associated with command and control servers for botnets. This information can then be used in real-time to block access to these harmful web resources.
• Reporting and Analytics: SWGs provide detailed reports and analytics on web usage, including attempts to access blocked sites, transfer sensitive information, and detect malware or threat activities.
• Sandbox Environment: Some advanced SWGs feature a sandbox where they can safely execute incoming files to check for malicious behaviors without risking the network's security.
• Cloud-Based Management: Many modern SWGs are hosted in the cloud, allowing for easier deployment, updating, and scaling as your business requirements change.

Secure web gateways (SWGs) provide many benefits to organizations seeking protection against web-based threats. Beyond basic URL, web application control, and data filtering, SWGs, like those provided by Fortra, offer additional controls and features that enhance network security. Some key use cases include:

How do SWGs fit into an organization’s existing security architecture?

According to the Gartner 2021 Strategic Roadmap for SASE Convergence,  on-premises and cloud-based gateway security controls are merging, whereby security companies are providing SWGs with cloud access security brokers (CASB). For example: As a user accesses Office 365 or Salesforce, any transmission of data to these applications can be scanned for malicious code and compared against an organization’s security policies. This helps ensure that the data sent is compliant and within the organization’s security policies. No unauthorized data is sent, and no malicious data is accepted.