Named a Visionary in Gartner Magic Quadrant for Secure Web Gateways (SWG)

Back to blog

Secure Web Gateway (SWG) 101: Your primer to an isolation-based approach to cybersecurity

Share this article

The world is constantly changing. Modern applications are moving to the cloud. Users are moving to the edge. And security…well, security seems stuck in the past, when the hub-and-spoke model was all the rage. It’s no secret that security transformation is seriously lagging behind digital and cloud transformation as a critical enterprise initiative. But securing the network is equally as important as enabling productivity. Fast, reliable access to applications in the data center and the cloud is critical, but you don’t want the drive to enable accessibility to put the enterprise at risk from web-based threats.

But what exactly is a SWG (pronounced swig)? Do you need one? How does it work? And are all solutions created equal? Never fear—Menlo is here. Take a look at our technology primer for SWG.

Modern networks deserve modern security solutions. Enterprise security teams are ditching their legacy cloud proxy solutions in favor of a secure web gateway (SWG).

What is a SWG?

A secure web gateway (SWG) protects users from web-based threats on the Internet by preventing malicious content from accessing the endpoint. SWG solutions typically work by blocking inappropriate or malicious websites based on policies set by the enterprise cybersecurity team. The SWG typically replaces the proxy in a traditional hub-and-spoke model where all traffic is backhauled to the physical appliance in the data center.

Why can’t I continue to use a hardware-based proxy?

Using a hardware-based proxy to secure modern networks is like asking a medieval knight to guard Fort Knox. It’s outgunned, outmanned, and strategically unsuited for meeting today’s threats. A traditional proxy works by routing all traffic between the endpoint and the Internet back to the data center, where workloads are monitored for malicious content and security policies can be consistently applied. However, today’s users are increasingly mobile and distributed and typically access data center applications, web apps, Software-as-a-Service (SaaS) platforms, and websites from outside the perimeter. Routing all traffic to a central location adds latency and saps bandwidth—creating disruptive performance issues at a time when users expect fast, seamless experiences wherever they log in.

Why should I consider a cloud-based SWG?

The cloud is ubiquitous. Anywhere a user logs in—whether it’s from corporate headquarters, a branch office, a customer site, or their dining room table—is connected to the Internet, making it an ideal channel for delivering security services. In this model, security policies follow the user wherever work takes them, regardless of the underlying infrastructure or connectivity method. This ability to deliver a secure Internet breakout to any user at scale allows users to directly and securely access any application without creating performance issues.

Would any SWG solution work in today’s highly distributed, work-from-anywhere environment?

The short answer is no. Having the ability to attach security services to any workload doesn’t mean that malicious content will be identified and remediated every time. Just the opposite, in fact. Simply applying the outdated detect-and-remediate approach to a new delivery model just means that threat actors have more ways to evade detection, infect the endpoint, and spread malware to the rest of the network.

Today’s threats are dynamic, highly sophisticated, and scalable. All it takes is a few hundred dollars to purchase malicious code on the dark web, tweak it to a specific use, and send it off to thousands of unsuspecting victims via email or compromised websites. Malicious actors can customize phishing themes based on social engineering research, infect trustworthy sites through malvertising, or spin up a fake login form to maximize their chances of infection. Then, once the threat is inevitably detected, a simple code change makes it virtually undetectable again. The resulting cat-and-mouse game means that the cybersecurity team is always playing catch up, running around patching holes in the network, and hoping one of the cracks doesn’t result in a damaging breach. In order to outsmart threats and liberate users, cybersecurity teams need to fundamentally change the way they protect the enterprise from malicious threats on the Internet.

What is Zero Trust?

Zero Trust assumes that all content—regardless of whether it originates from a trusted source—is untrustworthy. Treating all content as if it is malicious eliminates the need to make an allow-or-block decision at the point of click. Zero Trust ensures that all traffic is secured and nothing can slip through the cracks.

A SWG enables Zero Trust, right?

Not necessarily. Most SWG solutions continue to rely on a detect-and-remediate approach that depends on a slew of threat data. Unfortunately, we know that threats are constantly evolving and are increasingly hard to identify before they’re able to infect the endpoint. By then, it’s too late. The threat has likely delivered its payload and could be spreading throughout the network. This detect-and-remediate approach prevents the enterprise from knowing what content to trust and what to block. And, if it can’t do that, your enterprise is at serious risk of a dangerous breach.

So what technology does enable Zero Trust?

A cloud-based SWG powered by isolation enables a Zero Trust approach to cybersecurity. This is the only way an enterprise can make malware a distant memory. Isolation creates a protective layer around users as they navigate the web, blocking not only known and existing threats, but unknown and future threats as well. Rather than responding to attacks after the fact, enterprises can prevent them from reaching users in the first place.

That sounds all well and good, but what does it mean for my users and my business?

Isolation makes the Internet safe, seamless, and effective for all workers. This means that organizations don’t have to sacrifice productivity for security. While the majority of other security solutions slow productivity and create barriers to getting work done, a Zero Trust approach powered by isolation allows users to click with impunity without worrying about whether they’re clicking on an unsafe site or whether the web form that popped up is legitimate. Isolation liberates users to explore without limits, work without interruptions, and move your business forward. Isolation also makes security invisible, happening behind the scenes where it can’t inhibit productivity for today’s mobile and highly distributed workforce.

Does isolation impact the user experience?

When done right, isolation preserves the native browsing experience for users. Email clients and web browsers continue to work as intended. No clients need to be installed and no extra hardware needs to be acquired. Common browsing functionality—such as cutting, copying, pasting, and printing—is preserved. The right isolation solution ensures that employees access the Internet with all of the features and functionality they’ve come to expect. No pixelated screens or read-only web pages. Everything works for your users as intended, no matter where work takes them.

Sounds complicated. Is it?

Not at all. An isolation-powered approach to Zero Trust can be applied to your existing security stack, acting as a ubiquitous proxy that delivers isolation and other security services such as data loss prevention, cloud access security broker, acceptable use policies, and cloud firewalls to any workload, anywhere. Isolation also eliminates false positives and the resulting near-constant fire drills that plague modern security organizations. This means that security teams no longer have to worry about securing user access and actions. Instead, they can devote their attention to safely enabling the business as it continues to evolve.

There’s a direct correlation between cloud adoption and an increase in cyberattacks, and legacy detect-and-remediate approaches struggle to keep up with attackers’ level of sophistication. To overcome these challenges, security leaders are increasingly adopting isolation-powered security solutions–such as secure web gateways–to provide an alternative strategy to the current, failing security architectures.

To beat the odds presented by today’s threat landscape, organizations are looking to isolation-powered security solutions to provide an alternative strategy to current, failing architectures. This SDx Central Industry Guide examines the paradigm shift.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.