The senior member of Security Service Edge
A secure web gateway (almost always abbreviated as “SWG”) is usually deployed between a company's internal network and the internet, to filter web traffic in an effort to (primarily) protect the organization using it from online threats and (secondarily) ensure that internal users follow company internet use policies.
These are some typical SWG capabilities:
URL filtering attempts to restrict the web content users can access by blocking specific URLs from loading.
This is the typical URL filtering flow:
URL filtering has limitations that essentially render it ineffective as a standalone security solution.
Here's why:
Some Secure Web Gateways (SWGs) can play a role in Data Loss Prevention (DLP) by monitoring and controlling the flow of sensitive data across the web. Typical capabilities in this area include deep content inspection and DLP policies.
Unlike URL filtering, some SWGs can inspect the actual content of web traffic, enabling identification of sensitive information like credit card numbers, social security numbers, or proprietary company data.
Some SWG’s permit organizations to define DLP policies to dictate how to handle potential data leaks. These policies can include:
While SWGs were considered by many to be a significant step forward in web security, their limitations became apparent as they gained widespread adoption.
The rapid evolution of web languages and capabilities has significantly challenged the effectiveness of traditional Secure Web Gateways (SWGs). The key areas where these developments have exposed SWG limitations are dynamic content and rich media, encryption and HTTPS, cloud applications and APIs, Web 2.0 and social media, and mobile applications and BYOD.
Traditional Secure Web Gateways (SWGs) typically rely on one of the following methods to intercept and inspect web traffic: inline deployment, Proxy Auto-Configuration (PAC) files, Generic Routing Encapsulation (GRE), or client agents.
In summary, traditional SWGs typically operate as a proxy server or intercept traffic through various methods to inspect and filter web content. The choice of deployment method depends on factors such as network topology, security requirements, and user experience considerations.