Secure Web gateways (SWGs) are an important strategic and technological investment for any organization. A majority...
of threats today come from the Web and in multiple forms, rendering traditional firewalls ineffective against most of what attackers can pull off. As your organization evaluates secure Web gateways, it is crucial to keep in mind several use cases for these tools and their available core features.
The following is a list of the most pressing Web security issues -- and the reasons why security pros are eager to invest in secure Web gateways.
Malicious links are URLs to sites that host malicious code which, best case, compromise your browser or, worst case, infect your PC with malware. These URLs can come disguised as an email from Grandma or can be embedded within your favorite websites and will easily dupe unsuspecting users. URL filtering can combat these challenges by comparing inbound and outbound links with databases of known malicious sites and blocking requests on users' behalf to avoid infection.
Malware is any program or file that is harmful to a computer, including viruses, worms, Trojans and spyware. While most firms have antivirus software installed on corporate endpoints, the majority of AV is ineffective against malware. Infections from malware often require IT to reimage the machine -- the software equivalent of nuking from orbit. Once malware has infected one machine, it quickly propagates by replicating itself in files, sniffing then using credentials, exploiting known vulnerabilities or spamming infected content to users. It is therefore critical to detect and mitigate malware as soon as possible, hopefully before it reaches the unsuspecting users' machines. SWGs can help achieve this.
Unapproved applications can be movie downloads, Tor networks, live streaming of sporting events, video game servers or other applications that are not approved for business use that clog network bandwidth. Many of these applications come with malware and spyware, creating both a performance and a security issue. Some SWGs filter all network traffic generated by unapproved applications. Commonly called application whitelisting, this form of application control has quickly jumped to the top of customer requirements list, as it's effective at stopping all sorts of unwanted services from abusing corporate networks.
Social media is a legitimate tool for companies to promote brand and customer satisfaction, but these approved uses form only a tiny fraction of total employee use. Most employees use social media at work for purely personal benefit. Because social media can be a huge time sink and reduce employee productivity, many companies deny access to social networks. Secure Web gateways can detect and block requests to social media sites.
IP and data leakage often consist of sending sensitive corporate data over email. Posting intellectual property on Web portals is a serious problem for organizations today. Systems infected with malware often embed sensitive data in files and attempt to send it out of the company though email, Web services or file transfers. Secure Web gateways inspect outbound content for the inclusion of sensitive data. This feature is called data loss prevention by vendors, but it's really "DLP lite" because it offers only a subset of content analysis techniques that state-of-the-art DLP platforms provide. As there are many different ways to perform content analysis, there is a wide degree of effectiveness among different products.
Botnet detection has become a big issue. For the last decade, corporate networks have been infected with botnets, which use corporate servers to generate spam and conduct denial-of-service attacks against other corporations. SWGs can detect botnet software that is running inside corporate networks and trying to communicate with the outside world, as well as detect and, in many cases, mitigate inbound DoS attacks.
Email security, specifically antispam and antivirus capabilities, remains a core customer driver. Some products include antiphishing capabilities as well, detecting links to bogus services and other malware lurking within the body of email messages. Relatively speaking, email security is the oldest of the core features. While they're not considered the most critical threats to infrastructure, spam and viruses are highly visible annoyances, and phishing has been the root cause for several major data breaches. No product fully solves the email security threat, but it can often block the vast majority of garbage sent to users.
You'll notice that the set of use cases reads like a feature list; that's because it is. Web-borne threats are the umbrella under which these issues are logically linked, but customers -- especially those with small or mid-sized businesses -- often only have two or three specific challenges that they need to address. Perhaps email security and information leakage are your top priorities, or maybe antimalware and application whitelisting. Either way, it is important to look for products that provide best-of-breed capabilities in the core areas that your company needs the most. The rest is gravy.
About the author:
Adrian Lane is CTO of Phoenix-based analyst firm Securosis. Adrian specializes in database security, data security and software development. He is a former executive at security and software companies such as Ingres, Oracle, Unisys and IPLocks, and is a frequent presenter at industry events. Adrian is a graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Reach Adrian via email at firstname.lastname@example.org.
Expert tips on choosing a secure Web gateway
Secure Web gateway features and use cases
Meet rising malware threats with an SWG