Secure web gateways (SWG) act as data checkpoints, safeguarding Internet access and enforcing acceptable use policies. They inspect inline traffic by terminating and emulating it, allowing only approved information to be passed on.
An SWG can also detect malware and protect against it by using sandboxing to execute the code and examine its behavior safely. It can then block the malware and prevent it from communicating with its controllers or downloading a payload to an employee’s device.
Contents
URL Filtering
URL filtering compares a web page’s URL against a list of pre-defined categories, such as phishing and malware. The firewall then takes a corresponding action, such as blocking or allowing access to the site. This helps to protect against cyber threats by preventing employees from visiting websites that might spread malware or contain inappropriate content unrelated to work or are associated with phishing attacks.
Unlike DNS filtering, which blocks an entire domain, a security solution with URL filtering can enable or block access to specific web pages or specific functions on those sites, such as submitting corporate credentials or downloading files. It can also provide more granular control by allowing or disabling particular users, groups, and categories.
For example, if an organization’s employees need to read news stories about their industry and professional sports, a multifunction news website would allow them to do so. However, suppose the same website publishes articles about gambling or sports betting that aren’t relevant to business. In that case, it might be more productive for the company to limit its access to these website sections. This could be done using URL filtering to create a policy allowing access to the financial news section but not the sports news section. This way, employees can still get their fix on the latest football scores without getting distracted from work.
SSL Inspection
The SSL/TLS encryption we all know and love has boosted web transaction security. However, it also makes an excellent cloak for malware and other cyber-attacks, allowing them to traverse networks while bypassing usual security protocols. Using the right inspection tools can help organizations decipher SSL traffic and verify the contents, thus preventing these disguised forms of attacks from penetrating internal systems.
In addition, a secure web gateway can inspect encrypted traffic from both directions, including inbound SSL connections from the Internet and outbound SSL connections to the end-user’s device. This process is known as SSL interception, which involves a security device terminating and emulating the client and server connection to intercept data and search for malicious threats to block. It is also the process used by NGFWs, IDPs, and IPSs to inspect SSL-encrypted traffic.
As organizations focus on fortifying their cybersecurity defenses, understanding the benefits of a secure web gateway becomes crucial; this robust solution not only safeguards against online threats but also enables comprehensive control and monitoring of internet traffic, ensuring a safe and productive digital environment
Aside from protecting against hidden threats, enabling SSL inspection can help organizations comply with industry standards and regulatory requirements. Especially in sectors that handle sensitive information, these industry standards and regulatory requirements often mandate the monitoring and inspection of network traffic. This is quickly done by a secure web gateway with SSL inspection, allowing it to filter and decrypt content and compare it against known malware to block illegitimate activities or files.
Malware Detection
Malware is hostile software designed to infiltrate, damage, or turn off computer systems and networks. It can steal and encrypt data, alter or hijack core computer functions, and spy on device activity without the owner’s knowledge or permission. Cybercriminals develop malware for various reasons: to make money, cause political unrest, or simply for bragging rights.
A secure web gateway can detect and block malware from entering computers or mobile devices. SWGs use signature detection to compare code within internet traffic or files to known malware signatures. If the code matches a signature, the SWG blocks the request and prevents the file or program from loading on the user’s device.
However, signature detection has its limitations. For one, malware developers constantly find ways to evade detection by obfuscating or encrypting their code to avoid being recognized as malicious. To combat this, some SWGs also employ behavioral analysis, which examines the actions of suspicious files or programs to determine if they are negative. This is similar to how AI applies anomaly detection, creating a model of normal behavior and looking for deviations from that model that may indicate an attack. The SWG can then take additional action, such as terminating and emulating the request or running it in a controlled environment (i.e., a sandbox) to analyze and potentially block it further.
Application Controls
Application control is a security approach that blocks or restricts applications from executing in ways that put data at risk. The control functions vary based on the business purpose of the specific application, but they typically include completeness and validity checks, identification, authentication, authorization, input controls, and forensic controls.
The SWG’s proxy architecture allows it to intercept and examine traffic at the application layer to deliver this protection. By terminating an inbound connection and emulating the client, it can determine what is being requested and whether or not it’s legitimate or potentially malicious. Depending on the results of this analysis, the SWG may send the request or divert it for additional evaluation. This might involve other policy enforcement or a sandbox to detonate a potential payload and thwart its malicious effect safely.
SWGs also enable organizations to create granular application policies that block or limit access on a per-user, per-group, or app basis. This helps to prevent the loss of data or excessive lateral movement across the organization’s digital foundation and can help meet the requirements of compliance standards such as GDPR and PCI DSS.
A modern SWG will also include remote browser isolation (RBI) that protects the network from web-based threats by running active code downloaded from the Internet in a disposable virtual container outside the corporate network. This helps prevent the transfer of malicious code or information back into the enterprise and can help improve productivity.