Secure Web Gateway (SWG) What is Secure Web Gateway (SWG)?
Secure Web Gateway (SWG) is a security solution that mediates internet traffic initiated by users and filters it for any kind of suspicious web application or malware, in line with corporate and regulatory policy compliance.
- SWG explained
- Where does SWG fit in SASE?
- Why should I consider SWG?
- Features of SWG
- How does SWG work?
- SWG and HPE
- Benefits of HPE Aruba Networking SWG
SWG explained
Gartner
As a result of work–from anywhere, employees can use the Internet without any checks or restrictions when they connect via non-corporate network. This opens up the business to a series of critical security challenges. Security teams need to scan web activity coming to and from employees’ devices and deploy robust security policies to protect corporate devices and data from any kind of cyberattack. SWG solves this security challenge by monitoring employee-generated web traffic for any kind of malicious activity. A SWG can be on-premises/agent-based or cloud-based solution that sits between the employees/users and the internet and protects them from accessing malicious websites or downloading malware and other viruses. It helps businesses apply Zero Trust to internet access and ensure regulatory compliances are met.
For a solution to qualify as SWG it should offer, at minimum, the following basic functionalities: URL filtering, malware and antivirus scanning, and application controls for popular Web-based applications.
Where does SWG fit in SASE?
In 2019, Gartner coined the term SASE (Secure Access Service Edge) to combine SD-WAN capabilities with cloud-delivered security service edge or SSE. SSE is comprised of key security services with Secure Web Gateway (SWG) being a core capability. While SSE enables businesses to secure access to all applications, SWG specifically allows businesses to secure internet and web access for the global workforce and helps deliver part of the security vision of SASE.
Why should I consider SWG?
Accelerated adoption of the hybrid workplace model means employees are no longer confined to working in the office and accessing data and application on the secure corporate network. Employees use corporate devices on all kinds of unsecured networks and can access the Internet without any checks and restrictions beyond traditional network security control. This unchecked access opens up a vast number of touchpoints for hackers and cyber criminals to attack corporate devices, install malware or ransomware, and break into corporate servers, doing unimaginable financial damage and creating intellectual property breaches. SWG can help extend Zero Trust security to the Internet by intercepting web traffic from users and restricting access to malicious websites, thereby minimizing losses due to data breach.
A SWG monitors internet-bound traffic from employees or user devices, checks it for any kind of malicious activity, and blocks or restricts access in line with corporate, industry, or government regulatory policies. For example, businesses can restrict employees from accessing gambling or malware websites or other malicious content, and allow social media traffic. This real-time protection against malware, ransomware, or other cyber-attacks helps businesses support hybrid work without worrying about the cyberthreats.
Features of SWG
A SWG can be agent-based solution deployed on user devices or it can be cloud native, brokering all web traffic emerging from and going to employee devices and checking them for safety and compliance in real-time. SWG gets into action as soon as a user tries to access a web application, ensures security via:
- DNS/URL filtering: Intercepts DNS queries and analyzes URLs against a continuously updated database of known malicious sites. If a match is found, access to the site is blocked, preventing potential security breaches.
- Threat intelligence protection: Assesses content, domain details, and reputation score of each site. Sites with suspicious or malicious characteristics are restricted, thereby reducing the risk of cyber threats.
- DLP for Internet access: Uses Data Security Profiles, which define what constitutes sensitive data, and employs Regex Pattern Matching to scan and detect any data that matches these profiles. When a match is found, predefined actions are enforced to control the data flow and mitigate the risk of data leaks.
- Malware and anti-virus scanning: Scans files and data packets against a database of signature hashes known to be associated with malware. If a hash match is found, the file is flagged as malicious and appropriate actions are taken to neutralize the threat.
How does SWG work?
1. Office or mobile employee attempts to access the Internet: Traffic is automatically routed to the nearest edge location via SWG or SSE agent (If SWG is delivered as a part of SSE).
2. Proxies and inspects traffic: Traffic is identified as internet bound and directed to the SWG service cloud.
3. Validates identity and applies policy: Applies security controls like URL/DNS filtering, Threat Protection, Malware Scanning, Sandboxing, and cloud firewall and blocks access to known malicious and risky sites.
4. Fluently connects user to Internet resource: After access controls are applied and Internet resource has met security requirements, the user is delivered a safe, encrypted, connection to the Internet.
5. Remains in line and monitors user experience: If security posture changes, access will be severed automatically. Admins can view activity and ensure strong access performance.
SWG and HPE
HPE Aruba Networking SWG is a next-generation Secure Web Gateway service designed to make securing access to the internet effortless and safe for all work locations. The cloud service acts as a security broker between an organization’s mobile users, offices, branches, and the open internet.
HPE Aruba Networking SWG offers fluent SSL traffic inspection with a proxy architecture that auto-mediates connections to the internet. The SWG service provides tunable access controls, applying Zero Trust to internet and SaaS access while protecting users from threats. Additionally, it includes data protection features, giving visibility into user activity and applying inline DLP controls to prevent data leakage. The SWG service also facilitates easy detection and prevention of sophisticated attacks with threat intelligence protection, malware and anti-virus scanning, cloud firewall functionality, and real-time sandboxing.
Benefits of HPE Aruba Networking SWG
- Visibility and control: Provides comprehensive visibility into internet traffic and user activity across the organization. This allows for detailed monitoring and control of web access, ensuring that only safe and compliant traffic is allowed. HPE Aruba Networking SWG helps in enforcing acceptable use policies and prevents access to malicious or inappropriate websites.
- Data protection: Protects sensitive data from being leaked or accessed by unauthorized entities by inspecting outgoing traffic for sensitive information and blocking such transmissions if they violate data protection policies. This is crucial for maintaining compliance with regulatory requirements and protecting intellectual property.
- Detection and prevention: Uses advanced threat detection capabilities to identify and block a wide range of cyber threats, including malware, phishing attacks, and other internet-based attacks. By analyzing web traffic, HPE Aruba Networking SWG can prevent these threats from reaching the users or compromising the network.
- Security at scale: Scales to provide consistent security across all users and locations as organizations grow and operations expand. Whether employees are working from the office, remotely, or using cloud services, SWGs ensure that the same level of security is applied, protecting against threats regardless of where the traffic originates or where the users are located.
