If this is the first time you've heard about secure Web gateways, fear not. Most likely you've used -- or you currently...
use -- one of its predecessors, such as a network accelerator, unified threat management (UTM) system or email security gateway.
A secure Web gateway (SWG) forms the convergence point of all these technologies. SWGs are not new, but they've been amended to address a set of security problems that logically overlap, bringing all the aforementioned products under one umbrella.
With each emerging threat to corporate IT networks, new features are layered on, creating a Web-traffic Swiss army knife for security.
Secure Web gateways are an assortment of security capabilities, but they all boil down to their ability to inspect Web traffic. You can think of them as a sort of firewall, except that rather than block network traffic, they focus on the traffic and content coming through port 80 -- the network port through which all HTTP and related Web traffic passes -- and look for evidence of malicious software, misuse and user adherence to corporate Internet policies.
SWGs also validate that remote users working on mobile devices (e.g., laptops, smartphones and tablets) are not unintentionally spreading viruses to other systems when they connect from home or on the go. In order to guard against a wide number of threats across all known Web protocols originating both inside and outside the corporate network, gateway products must apply multiple analytical techniques to validate activity and content.
Secure Web gateways are an evolutionary convergence point of different security products. Vendors, driven by customer requirements and the presumed need to differentiate their products, have packed just about every conceivable Web security feature into these platforms. What began as a set of distinct security challenges addressed by niche products has now morphed into a common platform with a common feature set.
SWGs bundle all the features necessary to monitor Web activity, consuming all different flavors of traffic to detect both inbound and outbound security issues.
In fact, the vendors in the SWG space come from very different specialties. Some were network accelerators and load balancers that added filtering and packet inspection and moved up the stack to Layer 7 content analysis. Others were email security (e.g., antivirus, antispam) tools that evolved to include antimalware and later, URL filtering. Some were general network security appliances that provided firewall and VPN services, then morphed into UTM systems. Still others are a bundle of acquired technologies, merged under a Web management interface to fill demand in the evolving Web gateway market.
With each emerging threat to corporate IT networks, new features are layered on, creating a Web-traffic Swiss army knife for security. And despite the differences in how they arrived at this point, vendors have followed the path of emerging threats to IT systems to create the secure Web gateway category.
Enterprises and midmarket firms often invest in secure Web gateways because traditional firewalls don't stop modern-day attacks against their systems. Threats nowadays are coming over network port 80 -- just like legitimate Web services, and that makes it difficult to separate attacks and misuse from approved traffic. Even worse, the threats are constantly evolving and taking advantage of different communication protocols (e.g., for email, webpages, file attachments, image uploads, application calls) to hide their activity.
However, customers view these multiple, disparate attacks as a single issue: malicious Web content. And organizations don't want to buy a dozen different products to mitigate each specific threat and go through a dozen different product validation efforts to solve what they consider to be a single problem. Nor do companies want to manage a dozen different products across a dozen different interfaces, customizing each product to their environment.
In response, SWGs bundle all the features necessary to monitor Web activity, consuming all different flavors of traffic to detect both inbound and outbound security issues. These products combine -- at a minimum -- URL filtering, content filtering and antimalware protection. Most SWGs also include application whitelisting and botnet detection. In addition, all of these capabilities are managed through one central Web management console.
About the author:
Adrian Lane is CTO of Phoenix-based analyst firm Securosis. Adrian specializes in database security, data security and software development. He is a former executive at security and software companies such as Ingres, Oracle, Unisys and IPLocks, and is a frequent presenter at industry events. Adrian is a graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Reach Adrian via email at firstname.lastname@example.org.