BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In addition to the core features available in most secure Web gateways -- including URL filtering, content filtering, application controls/whitelisting, email security, antimalware and malicious code detection -- there are often several security add-ons available for customers to evaluate.
While these may not be offered with every product, some organizations may consider them critical features. Here are five security add-ons you should be on the lookout for:
Load balancing, network segmentation, failover and even network-layer packet analysis are features inherent to some secure Web gateway (SWG) platforms. Small firms that need only a single appliance to protect their back office won't require these features, but they are essential for large enterprises.
If your vendor offers four products with four management consoles, you'll quickly see that its definition of "integration" often means patching things together under the same Web admin page and style sheet. Just because the features share the same login page does not mean the products are integrated. Centralized management is important to large and small companies alike, as it means getting the job done easier and faster. If you can go to one place to set policies -- and those policies are applied consistently across all installations -- you will save time and make fewer mistakes.
Virtual private networks
Being able to both provide a secure link between remote offices and provide connectivity for employees working from home or on the road is crucial in today's on-the-go business environment. In the last five years, there has been a dramatic increase in the number of people who work remotely, and VPN connections provide a fast and efficient connection for employees to internal corporate resources. However, at the same time, remote devices often come with malware and viruses that provide an easy path into trusted networks. By coupling VPN connectivity with content and malware detection, SWGs provide a secure bridge to IT resources.
Encrypted session interception/inspection
The use of encrypted tunnels (e.g., HTTPS or SSH) allows users a means to ensure privacy and integrity when communicating with external services. Unfortunately, it's also a great way for attackers and rogue employees to exfiltrate data. Secure session interception is where outbound connections are monitored by the SWG. In this case, the gateway acts as an encryption proxy for the user, decrypting the data stream and then validating that intellectual property, pornography or other undesirable content is not passing through. The SWG then establishes the session on the user's behalf, and content is re-encrypted before it is passed along.
Threats change by the minute. New malware, malicious websites and phishing attacks are launched on unsuspecting users daily. Many vendors offer third-party intelligence feeds that automatically update rules and malware signature files based upon global intelligence (e.g., what other customers around the globe have encountered).
About the author:
Adrian Lane is CTO of Phoenix-based analyst firm Securosis. Adrian specializes in database security, data security and software development. He is a former executive at security and software companies such as Ingres, Oracle, Unisys and IPLocks, and is a frequent presenter at industry events. Adrian is a graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Reach Adrian via email at firstname.lastname@example.org.
Secure Web gateway overview
SWG success hinges on one key factor
Quiz: Choosing an SWG