Secure Web Gateways explained
What is a Secure Web Gateway?
A Secure Web Gateway is a network security device that protects users who are accessing the Internet against web-based threats. It does so by preventing malicious traffic that may result in malware infection or network intrusion. Secure Web Gateways act as a barrier, keeping users from accessing malicious websites, malware, or web traffic that is part of a cyberattack. Secure Web Gateways are generally available as software, hardware or virtual appliance and sit either at the network’s perimeter or in the cloud, acting as a proxy between internal users and the Internet.
Secure Web Gateways are a needed part of a layered security strategy because of two factors: the increase in cyberattacks and the increase in remote workforces. Cyberattacks are at an all-time high, with “crimeware as a service” options allowing just about anyone to get their hands on all kinds of high-quality malware that can have a material impact on an organization. At the same time, remote workforces are a reality for many organizations, with workers using unsecured devices on unknown public networks, all putting the organization at risk.
Secure Web Gateways act as security filters, by blocking malware encountered by user-initiated Internet traffic, protecting the organization from data breaches, and helping to ensure that network-related corporate and regulatory policy compliance standards are enforced. The benefit of including a Secure Web Gateway is it provides the ability to protect users regardless of the client’s location, operating system, or the application being used.
How does a secure web gateway work?
Secure web gateways are made up of a number of components in order to act as both a gateway and as part of your layered security.
To function, secure web gateways need to have all outbound web traffic pass through it. So, the first role a gateway plays is that of proxying web requests via TCP port 80 and 443 between internal endpoints and Internet-based websites.
Policies around who, what, where, when, and how internal users interact with the web can be enforced by Secure Web Gateways. Restrictions can be based on time, usage quotas, content, applications used, and more can be imposed on all users.
Web page content can be inspected in real time for malicious code. Some gateways blocks access entirely, while others can remove the malicious code, delivering a malware-free page to users.
As traffic passes through the web proxy, the Secure Web Gateway inspects the traffic in real-time. Traffic is analyzed for content that is not in compliance with corporate policies (such as disallowing unencrypted traffic to/from any site) and blocking any content that does not conform to policy. Generally, turnkey inspection policies are available by default, with an ability to customize existing policies and implement new ones.
Data loss prevention (DLP)
Outbound web traffic is inspected for specific patterns and phrases that match social security numbers, credit card data, medical information, intellectual property, and more. The gateway can block outbound traffic, effectively keeping sensitive corporate data from being stolen. In some cases, DLP functionality native in some Secure Web Gateways, with others using integration partners to perform the data checks.
Websites can be effectively blocked with this simple method of security. Utilizing a database of known malicious websites and website categories, a Secure Web Gateway can keep malware from calling home, payloads from being downloaded, and malicious code from utilizing Internet-based resources.
Some gateways have the ability to detect malware by allowing it to run in an emulation of the network environment. This method has proven to be effective for detecting and blocking many types of malware.
Secure Web Gateways vs. firewalls
It may appear like a Secure Web Gateway is acting like your firewall; there’s rules, traffic inspection, and blocking – so it’s reasonable to be thinking is this a firewall, then? Firewalls function at the packet level, using rules to allow or deny each packet attempting to enter of leave the network. Secure Web Gateways work at the application level, looking at the actual traffic over the protocol to detect malicious intent. Because of the similarity of their functions, each of these solutions are beginning to incorporate the functionality of their respective counterpart solutions to enhance their own product capabilities.
Secure Web Gateways vs. cloud security gateways
These two technologies have many overlapping features, but serve different purposes. Secure Web Gateways are primarily focused on traffic inspection and enforcement of security policies. Cloud Security Gateways (also known as Cloud Access Security Brokers, or CASBs) focus on the security of cloud-based applications using application-aware inspection and policies.
In a hybrid environment, both technologies are useful and are complementary to one another. Secure Web Gateways can utilize CASBs for better cloud application-specific detail and visibility. CASBs can use Secure Web Gateways for their ability to inspect traffic beyond specific cloud applications.
Integrations with Secure Web Gateways
Secure Web Gateways have their strengths in traffic inspection and policy enforcement, but often need to rely on third-party vendors for additional functionality. Depending on the solution, integrated functionality can include:
- Endpoint protection
- Access governance
- Network firewalls
- Web isolation
- Threat detection
- Content analysis
- Advanced threat protection
Use of integration benefits the overall security stance of the organization by either utilizing additional solutions as assets to perform further inspections outside the scope of the gateway, or by using the gateway as a notification point to detection and prevention solutions that can update rules, perform better blocking of access to malicious sites, code, and content.
Introducing AT&T Global Security Gateway
To protect today’s emerging network architectures taking advantage of SD-WAN, mobility, and cloud, AT&T offers Global Security Gateway, a managed security service based on cloud-native secure web gateway technology. AT&T Global Security Gateway features a complete, modern web security stack and, as a cloud-native service, can help protect users virtually anywhere - whether they are in the office, at home, or on the road. For more information about the product, visit the Global Security Gateway main page.