What is a Web Secure Gateway?

A web secure gateway, or secure web gateway (SWG), is a cybersecurity product that helps to protect organizations from web-related threats by enforcing security policies for inbound and outbound web traffic. A web secure gateway may be deployed as an appliance or software on-premises, as software in the cloud or as a service offered by a technology provider. 

A web security gateway defends against threats by inspecting all web traffic entering or leaving the network and blocking anything that violates established security policies. SWGs can block traffic containing malware and viruses, prevent users from accessing malicious or unacceptable websites, stop leaks of sensitive data, and allow administrators to control which web applications employees can access.

As IT networks have become more distributed and workforces more remote, web secure gateways have become an essential part of a multilayered approach to security by allowing administrators greater visibility and control over web activity. 

A web secure gateway protects organizations from cyber threats by inspecting all web traffic entering the network and blocking, quarantining or flagging any traffic that violates security policy. Secure web gateway software also enforces policies for employees using web resources, blocking attempts to access sites containing malware, spoofed websites that are part of phishing campaigns or websites that are considered inappropriate for business use such as social media, gambling or adult content sites.

A web secure gateway may employ a variety of technologies when monitoring and inspecting web traffic.

• URL filtering. Web secure gateways can prevent users from accessing certain websites by using a block list – a list of known websites that are not allowed. URL filtering capabilities can also enforce bandwidth restrictions on streaming sites.
• Malware scanning. SWGs search traffic for specific code known to be associated with malware, blocking suspicious content or rendering it in a safe environment that allows users to access the content.
• Application control. SWGs can detect which applications employees are using and block access to applications that are considered inappropriate or unacceptable for various reasons.
• Content filtering. This feature detects and blocks certain types of content such as explicit photos or videos.
• Data loss prevention (DLP). SWGs can inspect outbound web traffic for sensitive data or confidential information such as Social Security numbers, customer data, intellectual property, medical information and other potential leaks.
• Encrypted traffic inspection. A secure web gateway service can decrypt content to search for threats hidden in SSL-encrypted traffic.
• Antivirus scanning. Searching web traffic for real-time virus signatures, SWGs can detect, block and remove viruses, Trojans and adware.

SWGs offer a broad range of benefits for organizations and their IT security teams.

• Blocking access. Web secure gateways prevent users from downloading malware, clicking on spoofed websites and visiting phishing sites or sites that contain malware. SWGs also prevent users from visiting websites that are not approved by the organization.
• Stopping threats. SWGs monitor web traffic 24/7 to block malware, viruses, zero-day attacks and other emerging cyber threats.
• Providing visibility. With a web secure gateway, security teams gain comprehensive visibility into all web activity, revealing how employees are using the web and how security policies can be crafted to improve defenses against attackers.
• Ensuring compliance. By enforcing policies that govern the use and movement of data, SWGs help enforce compliance with regulatory frameworks such as PCI DSS, GDPR, HIPAA and many others. 
• Simplifying management. SWG security enables administrators to manage security policies for the entire network from one location. 

Web secure gateways are similar to firewalls and cloud access security brokers (CASBs). Each technology improves security by inspecting traffic and enforcing security policies to block threats. Yet, each solution operates differently and offers unique benefits.

Like an SWG, firewalls also inspect internet traffic, but this technology inspects traffic at the packet level using rules that allow or deny each packet to enter or leave the network. In contrast, SWGs operate at the application level, enabling more sophisticated protection against targeted web attacks. Firewalls provide defense against malware by relying on stream-based antivirus scanning, which some threats can evade. SWGs are better suited to identifying and blocking threats at the application level and can incorporate details such as user, groups and location into decisions about which traffic to allow or block.

CASBs are focused on securing cloud-based applications and enforcing policy using application-aware inspection. CASBs can recognize a larger variety of applications than SWGs and offer more control over the use of cloud applications. SWGs in contrast are focused on keeping web traffic clean and logging all web activity. The technologies are complementary – CASBs rely on SWGs for comprehensive traffic and log information while SWGs rely on CASBs for greater visibility and control.
 

As a leading user and data security company, Forcepoint offers a web secure gateway as part of Forcepoint ONE, an all-in-one, cloud-native security platform. Forcepoint ONE SWG monitors and controls any interaction with any website, using distributed enforcement and architecture that provides organizations with more flexibility to meet changing business requirements.

In contrast to other secure web gateway vendors, Forcepoint SWG enables the majority of a user’s web traffic to be exchanged directly with the website, rather than taking a detour through a service in the cloud. This enables better performance and almost twice the throughput of competing products.

Forcepoint ONE SWG also provides:

• Safe access with high performance. Forcepoint ONE SWG applies web security policies in the cloud or on the endpoint with distributed enforcement for secure, high-speed access to the web no matter where employees are working from.
• Best-in-class data loss prevention (DLP). Forcepoint ONE SWG continuously secures data in use across the web with 190+ pre-defined data security policies. Forcepoint also customizes controls to help streamline compliance and allows existing customers to easily extend their curated data policies to web enforcement with just a few clicks.
• Support for Zero Trust. Forcepoint’s SWG protects against compromised or untrusted websites with Remote Browser Isolation (RBI) and allows users to safely download a document with Zero Trust Content Disarm & Reconstruction (CDR).
• Simplified management. With Forcepoint, administrators can consistently protect sensitive data across the web, setting policies once and applying them everywhere, including cloud apps and private apps as part of a unified platform.