What is a secure web gateway?

So what exactly is a secure web gateway? A secure web gateway is an advanced, cloud-delivered, or on-premises network security service. It enforces consistent internet security and compliance policies for all users regardless of their location or the type of computer or device they are using. These gateway security tools also protect against threats to users who are accessing the internet via the web or are using any number of web-based applications. They allow organizations to enforce acceptable use policy for web access, enforce compliance with regulations, and prevent data leakage.

As a result, secure web gateways offer a way to keep networks from falling victim to incursions through internet traffic and malicious websites. They prevent data from such places from entering the network and causing a malware infection or intrusion.

This form of gateway security is accomplished through malware detection, URL filtering, and other means. A gateway effectively blocks malware from calling home and acts as a barrier against the sensitive intellectual property being stolen or sensitive data such as social security numbers, credit card numbers, and medical information getting into the wrong hands. The web gateway secures people, processes, or programs from downloading or accessing external sites, software, or data that could harm them, or the organization. Additionally, they stand in the way of untoward, unauthorized access from the outside.

A secure web gateway, then, is a solution that filters unwanted software or malware from user-initiated web and internet traffic while enforcing corporate and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly being included in these products. Similarly, analysts note convergence with other security technologies such as endpoint protectionnetwork firewalls, and threat detection.

What does a secure web gateway do?

How does a secure web gateway work? As a web proxy, a secure web gateway terminates and proxies web traffic (ports 80 and 443), inspects that traffic via several security checks, including URL filtering, advanced machine learning (AML), anti-virus (AV) scanning, sandboxing, data loss prevention (DLP), cloud access security brokers (CASBs), web isolation and other integrated technologies. Web gateways apply policies and enforce threat prevention and information security rules based on user, location, content, and a variety of other factors.

This form of gateway security can stop known and unknown threats in their tracks. This includes zero-day and other forms of advanced threats.

Web gateways start with filtering the URL

URL filtering is typically the first layer. It blocks access to known malicious URLs and can form a buffer against zero-day threats. It does this by recognizing new URLs that are similar to or the same as known malicious web servers.

Further layers such as AML and AV can remove attempted downloads of threats, including new and unknown threats. Sandboxing is also included in some secure web gateways. It conducts real-time blocking and can prevent targeted attacks by emulating a company’s environment.

Web isolation is another element that some vendors have incorporated. It runs webserver code and malicious code in a virtual instance that is isolated from the user. DLP, too, can be used to stop unauthorized data leakage.

Secure web gateways vs firewalls

Some people have confused secure web gateways with firewalls. So what is the difference? Secure web gateways are dedicated to cloud services or appliances for web and application security. They are proxies (meaning they terminate and emulate network traffic). Because of specialization, they can detect and protect against much more sophisticated and targeted attacks that use the web.

Firewalls have a different function. Firewalls are great at packet-level security, but are not as sophisticated on the application layer for security, said Gerry Grealish, head of Product Marketing for Cloud & Network Security Products at Symantec. Firewalls typically do not terminate or inspect entire objects, and many are reliant on stream-based AV scanning as a defense against malware. That’s why evasive threats operating on an application-level can easily bypass some firewall defenses. But the clear distinction between secure web gateways and firewalls is beginning to blur.

Some cloud-delivered secure web gateway services now offer an optional cloud firewall service to enforce controls on non-web internet traffic.

Secure web gateways vs Cloud Access Security Brokers

The CASBs is another technology that can sometimes be confused with secure web gateways. Indeed, there is some overlap. However, CASBs are able to recognize a bigger range of applications than secure web gateways. They also provide better-detailed control over the use of applications.

A secure web gateway needs a CASB for full visibility and control, and a CASB needs a secure web gateway for full traffic and log information of web and application activity. By working together, they offer comprehensive gateway security for the web as well as application security.

As in many areas of security technology, convergence is evident. Some vendors have integrated secure web gateways with CASBs. This trend is accelerating. By tying together CASB and secure web gateway functions, it is much easier to provide access security capabilities to SaaS applications.