What Is A Secure Web Gateway?
A secure web gateway (SWG) is a web proxy network security solution that protects a business’s internal network beyond the Domain Name System (DNS) layer from unsecured internet traffic. SWG security tools filter web traffic, block threats, enforce policies, and safeguard data.
Cisco Umbrella Secure Web Gateway (0:29)
Is Cisco Umbrella a secure web gateway?
Cisco Umbrella offers secure web gateway features. Umbrella is a cloud-delivered service that acts as an SWG between users and the internet, enabling traffic inspection, URL filtering, threat protection, policy enforcement, application visibility and control, data loss prevention, and DNS security.
Secure Web Gateway Basics
What does a secure web gateway do?
An SWG acts as a checkpoint to filter and monitor web traffic, allowing safe internet access while blocking potentially harmful content. SWG tools inspect URLs, detect threats, decrypt select encrypted traffic for inspection, and report analytics to help ensure secure and compliant web browsing.
What are the benefits of a secure web gateway?
A secure web gateway can:
- Block malware, viruses, phishing, and web-based threats
- Enforce policies
- Prevent data leakage
- Gain visibility and control over distributed networks
- Protect users regardless of location
- Consolidate network security tools
- Reduce risk and costs
Why do companies need a secure web gateway?
Organizations need an SWG to protect against malware and phishing, enforce security policies to meet compliance mandates, and protect sensitive data. Essential for a distributed workforce, an SWG secures internet traffic and data access for all trusted users and devices, regardless of location.
Is a secure web gateway a firewall?
An SWG is not a firewall, but they work together to enhance network security. SWGs work at the application level to block or allow connections based on custom policies to protect against web-based threats. Firewalls primarily monitor data packet transfers at the network level and block known threats.
Is a secure web gateway the same as a proxy?
A gateway is not a proxy, but SWGs use proxy servers for URL filtering. The difference between the two is that proxy servers route traffic from a client to a server, often for online anonymity, whereas gateways use proxy architecture to apply protection and policy enforcement to web traffic.
What are the features of SWG security?
A web proxy is an intermediary server that stands between users and the internet. Before allowing web content to reach the user, it inspects and filters web traffic, enforces access policies, and blocks web-based threats.
Policy enforcement refers to enabling and applying security rules to regulate web traffic. Policies define rules and restrictions for web usage, such as blocking specific websites, controlling application access, and prohibiting sensitive data transfer.
Antivirus and anti-malware protection
Antivirus and anti-malware protection uses technologies that detect, prevent, and block malicious software and threats. These tools scan web traffic in real time to identify and remediate viruses, malware, ransomware, and other malicious content.
Traffic inspection refers to intercepting and examining encrypted web traffic. Encryption allows for safe exchange of sensitive data, but cybercriminals also use encryption to hide malware. Traffic inspection helps apply application-specific security, detect hidden threats, enforce URL and malicious content filtering, and secure web traffic.
Data loss prevention (DLP)
A secure web gateway with DLP security inspects outgoing web traffic, scans for sensitive data, and enforces policies to prevent data leaks. It analyzes content, applies predefined outbound traffic rules, and blocks sensitive data from leaving an organization’s network.
URL filtering is a security feature that blocks or allows access to websites based on their URLs or web addresses. It prevents users from accessing malicious or inappropriate websites and enforces compliance policies. Filtering can also allow restrictions on streaming services to optimize network performance.
Sandboxing is a security technique used to analyze potentially malicious code in a safe, isolated environment. It allows security professionals to test and observe suspicious files without risking damage to the host system or network.
Cloud-based outbound firewall
A cloud-based outbound firewall is a network security tool that provides firewall protections from the cloud. It monitors, filters, and enforces policies on network traffic. This firewall enables layer 7 application visibility and control, layer 3 and 4 protection of all ports and protocols, and an intrusion prevention system for added threat defense.
Remote browser isolation (RBI)
Remote browser isolation (RBI) is a security tool that runs a user’s web-browsing session in a virtualized environment in the cloud. Isolating web content in a secure container allows access to potentially risky websites without the risk of malware infections.
Application visibility and control
Visibility and control functions allow organizations to gain insight into employee usage of cloud applications. Visibility informs reports on vendors, categories, application activity, and risk levels. This reporting enables better control over cloud adoption, risk reduction, and blocking or restrictions of inappropriate applications.
Ready to simplify and strengthen your cybersecurity with Cisco Umbrella?