Web Gateway Security: Applying Zero Trust to Web Traffic
What is a Secure Web Gateway?
Secure Web Gateways (SWGs) are network security devices designed to protect the network and its users from web-based threats. Once the SWG is installed, it prevents malicious traffic from intruding and infecting the network and its endpoints.
The main purpose of the SWG is to act as a proxy between internal users and the Internet. It serves as an obstacle that prevents users from accessing potentially malicious web pages, and prevents malicious web pages already accessed, or malicious web traffic, from penetrating the network. SWGs can be deployed as hardware, software, or virtual devices, and may be deployed locally or in the cloud.
SWG solutions work together with access control measures like zero trust network access (ZTNA), which ensures users can only access the applications or data they are authorized to use. While ZTNA protects against malicious activity on the internal network, secure web gateways protect against threats originating from inbound and outbound web traffic.
This is part of our series of articles about browser security.
Why are Secure Web Gateways Important?
Secure web gateways are becoming increasingly common as cybercriminals exploit seemingly harmless websites, injecting threat vectors. These fake or compromised websites can cause significant damage if employees unknowingly visit them. Examples include fake online shopping websites with well-known brands, fake government websites, or B2B intranets.
Some fraudulent websites trick users into entering personal or sensitive information, such as credit card numbers and social security numbers. Other sites can take control over the user’s web browser and can infect the user’s device, and the network, with malware.
Secure web gateways can help mitigate these threats, by blocking access to fraudulent sites and preventing sensitive data from leaving the organization.
Learn more in our detailed guide to secure web gateways (SWG) (coming soon)
What are the Benefits of a Secure Web Gateway?
A secure web gateway uses flow-based security mechanisms like firewalls to detect threats concealed in web traffic. The SWG is often the only security measure that can block a web-based attack in real time. Secure web gateways use a proxy-based architecture and intelligent monitoring tools to keep track of new attack signatures, and respond to emerging and zero-day threats.
The secure web gateway monitors traffic to identify possible attack vectors and provide visibility over who is using the network. SWG can decrypt web and cloud-based traffic, so an attack cannot be hidden via encryption. The SWG can send suspicious content to systems like DLP and CASB for analysis.
SWG is an important tool for safeguarding your digital assets and complying with security regulations and policies. Another important benefit is that it allows you to define security policies for web traffic, both outbound and inbound, and apply them consistently across the enterprise.
Related content: read our guide to web filtering
Secure Web Gateway Deployment Options
There are three main deployment options for secure web gateways:
- Cloud SWG—solutions are designed for cloud environments.
- On-premises SWG—solutions are designed for local infrastructure.
- Hybrid SWG—solutions are designed to protect complex ecosystems including both cloud-based and on-premises resources.
Regardless of the location of the infrastructure, SWGs are typically deployed as a software component, running on the existing servers of the organization. The servers can be physical (bare metal), virtualized, or containerized.
SWGs can route traffic in several ways, including:
- Placing the SWG inline.
- Implementing proxy auto config (PAC) files on the client.
- Transmitting web traffic to the SWG using either policy-based routing or generic routing encapsulation (GRE).
- Deploying agents on the client.
Web Gateway Security Best Practices
Here are a few best practices that can help you make more effective use of secure web gateway solutions to secure web traffic for your organization.
Complement SWG with Traditional Security Controls
A secure web gateway helps protect users and devices from malware when they access the public Internet. However, organizations must not rely entirely on the SWG to secure their network.
Protecting enterprise applications, data centers and cloud environments requires a defense in-depth security approach, combining traditional network security tools with access control measures and incident response mechanisms.
The SWG helps protect the network perimeter, but if an attacker manages to infiltrate the network, they are free to move laterally within the network. To protect your applications in the event your perimeter is compromised, you should use access control measures such as zero trust network access (ZTNA) and multi-factor authentication (MFA). ZTNA technology helps ensure that users can only access the applications or data they are authorized to use.
Identify and Manage Shadow IT
Enterprise networks are often exposed to hundreds of unauthorized applications that users install on their devices, or access remotely via the cloud. This increases the network’s attack surface and the risk of a breach. You can leverage the visibility provided by SWG solutions to identify and respond to shadow IT in your network.
As a general rule, all applications used in the network should be identifiable and their use monitored. Applications that represent a higher security risk should be identified and blocked either entirely or in part, for instance by blocking downloads but allowing uploads.
Inspect Encrypted Traffic
Encrypting data in transit helps protect against attacks that tamper with or spy on web traffic. The standard for web traffic encryption is Transport Layer Security (TLS), which connects endpoints via a secure tunnel.
However, encryption can also be used by attackers to conceal malicious activity and block access to files via ransomware. SWG solutions are a proxy server that allows you to control and inspect HTTPS-encrypted web traffic. The proxy server decrypts traffic so it can be analyzed in plaintext, and then re-encrypts and transmits the data via a secure connection.
The proxy can inspect the requested URL for malicious content, protect the integrity and confidentiality of TLS-encrypted traffic, and provide visibility over threats or anomalies in encrypted communications.
Web Gateway Security with Hysolate
Hysolate is more than just a secure web gateway. Hysolate isolates your entire OS environment, isolating risky or sensitive activities in an isolated VM. Within Hysolate users can access untrusted websites, applications, documents and even external applications like USBs and printers in an isolated “risky zone”, without introducing malicious threats to their corporate or sensitive data. IT admins can save time and resources by reducing web filtering and whitelisting sites and applications, and users can be more productive.
Hysolate sits on user endpoints, eliminating UX issues like lag and latency, even with more resource-intensive applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including granular policies for different teams.
Read more about isolating risky activities with Hysolate here.