Essential Guide

Browse Sections


This content is part of the Essential Guide: Secure Web gateways, from evaluation to sealed deal
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Secure Web gateways: Security add-ons

Learn about five must-have features of secure Web gateways that could be critical to how your enterprise evaluates products.

In addition to the core features available in most secure Web gateways -- including URL filtering, content filtering, application controls/whitelisting, email security, antimalware and malicious code detection -- there are often several security add-ons available for customers to evaluate.

While these may not be offered with every product, some organizations may consider them critical features. Here are five security add-ons you should be on the lookout for:

Network optimization

Load balancing, network segmentation, failover and even network-layer packet analysis are features inherent to some secure Web gateway (SWG) platforms. Small firms that need only a single appliance to protect their back office won't require these features, but they are essential for large enterprises.

Centralized management

If your vendor offers four products with four management consoles, you'll quickly see that its definition of "integration" often means patching things together under the same Web admin page and style sheet. Just because the features share the same login page does not mean the products are integrated. Centralized management is important to large and small companies alike, as it means getting the job done easier and faster. If you can go to one place to set policies -- and those policies are applied consistently across all installations -- you will save time and make fewer mistakes.

Virtual private networks

Being able to both provide a secure link between remote offices and provide connectivity for employees working from home or on the road is crucial in today's on-the-go business environment. In the last five years, there has been a dramatic increase in the number of people who work remotely, and VPN connections provide a fast and efficient connection for employees to internal corporate resources. However, at the same time, remote devices often come with malware and viruses that provide an easy path into trusted networks. By coupling VPN connectivity with content and malware detection, SWGs provide a secure bridge to IT resources.

Encrypted session interception/inspection

The use of encrypted tunnels (e.g., HTTPS or SSH) allows users a means to ensure privacy and integrity when communicating with external services. Unfortunately, it's also a great way for attackers and rogue employees to exfiltrate data. Secure session interception is where outbound connections are monitored by the SWG. In this case, the gateway acts as an encryption proxy for the user, decrypting the data stream and then validating that intellectual property, pornography or other undesirable content is not passing through. The SWG then establishes the session on the user's behalf, and content is re-encrypted before it is passed along.

Security intelligence

Threats change by the minute. New malware, malicious websites and phishing attacks are launched on unsuspecting users daily. Many vendors offer third-party intelligence feeds that automatically update rules and malware signature files based upon global intelligence (e.g., what other customers around the globe have encountered).

About the author:
Adrian Lane is CTO of Phoenix-based analyst firm Securosis. Adrian specializes in database security, data security and software development. He is a former executive at security and software companies such as Ingres, Oracle, Unisys and IPLocks, and is a frequent presenter at industry events. Adrian is a graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Reach Adrian via email at

Next Steps

Secure Web gateway overview

SWG success hinges on one key factor

Quiz: Choosing an SWG

This was last published in July 2014

Dig Deeper on Application firewall security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What add-on security features does your organization need in an SWG?