What Is a Secure Web Gateway?

What Is a SWG in Cybersecurity?

According to Gartner, a secure web gateway must include URL filtering, malicious code detection and filtering, and application controls for popular cloud applications such as Microsoft 365. More recently, Gartner identified CASB as a critical component of a security architecture based on the secure access service edge (SASE) framework, which we’ll get to later.

What Do SWGs Do?

A SWG (often pronounced “swig”) is designed to block access to or from malicious websites and links. By filtering web and internet traffic at the application level, it enforces granular use policies and stops threats from accessing web applications.

How Does a Secure Web Gateway Work?

A SWG acts as a barrier between an organization's private network and the open internet, protecting it from web-based threats and ensuring users comply with web policies. Generally, when a user tries to access a website or web content, the SWG will:

1. Check the URL against a database of categorized URLs and policies, providing access if the URL is deemed safe and allowed by policy, and blocking access otherwise.

2. Manage access to web-based applications, providing granular application controls to restrict certain functions (e.g., upload, file sharing) according to policy.

3. Scan any downloadable files or scripts for malicious content, checking the files against known malware signatures and blocking downloads if malware is detected.

4. Decrypt and inspect TLS/SSL-encrypted data for hidden threats, and then re-encrypt it for secure transmission if no threats are found.

5. Parse the content for sensitive data (e.g., payment card numbers, proprietary information), and then block or alert on the discovery according to company policy.

6. Log user activity, threats, and policy violations for administrators to use for the purposes of monitoring, reporting, forensic analysis, etc.

SWG Features

To support the key functions laid out above, an effective SWG includes capabilities like:

• URL filtering to block or allow user access to websites according to policy
• Application control to enforce policy on the usage of web-based apps and cloud services
• TLS/SSL inspection capabilities to discover threats hiding in encrypted traffic
• Advanced threat protection, including anti-malware, antivirus, and anti-phishing measures
• Data loss prevention (DLP) to prevent loss or leakage of sensitive data
• Bandwidth controls to prevent certain sites or apps from consuming excess bandwidth
• Remote user protection to secure users operating outside the network perimeter
• Policy management tools to help administrators set and enforce security policies

Why Are SWGs Important?

The days of accessing data and applications solely through the corporate data center are over. Today, employees and their endpoints can work from just about anywhere, and with the apps they’re accessing increasingly in the cloud instead of your data center, they’re out of reach of traditional network security controls. This is where SWGs provide some important benefits.

What Are the Benefits of a SWG?

An effective SWG enables you to:

• Restrict or block access to risky or malicious websites and web-based apps
• Protect against ransomware, other malware, and phishing in real time
• Enforce compliance with company, industry, or government regulatory policies
• Support hybrid work models with fast, seamless, and secure connections to web-based resources and SaaS apps

Moving Beyond Traditional Infrastructure

You need a secure web gateway to inspect traffic, identify threats, apply policy for your organization and users, and more. That said, if you keep relying on traditional infrastructure to secure internet-bound traffic, you’ll need to backhaul it to your data center for scanning and inspection, which will slow down traffic and frustrate your users.

Legacy solutions can’t provide adequate security in today’s cloud-based landscape. Cybercriminals are constantly creating new, sophisticated security threats, and by bringing all traffic back to your data center for security, you’re effectively blasting open the gates of your network to the risk of lateral movement, imperiling your data in complete opposition to the key tenets of zero trust.

Ultimately, you need a SWG that’s purpose-built for zero trust and the cloud.

Why Companies Need a SWG

Work-from-anywhere and rapid SaaS adoption have proven the need for cloud native security solutions. Among other things, you need advanced threat protection, anti-malware, sandboxing, a cloud access security broker (CASB), DLP and cloud DLP, browser isolation services, and inspection for all traffic, including TLS/SSL-encrypted traffic.

To effectively secure cloud resources, security solutions must be architected following Gartner’s secure access service edge (SASE) concept. It’s a question of scale, and hardware can’t keep up in today’s fast-paced, dynamic cloud environments. Imagine interconnecting thousands of DVD players and calling it “Netflix”—that’s what it’s like to move on-premises, hardware-based functions (including legacy VPNs and firewalls) to the cloud.

Only a cloud-based SWG offers the same protection no matter where users connect. Sitting inline between users, the web, and SaaS, it can terminate every connection inline, inspect all internet traffic, and apply user-centric security and access policy to eliminate your attack surface, prevent compromise, stop lateral movement, and halt sensitive data loss.

How SASE Helps

SASE’s cloud-delivered architecture combines a host of different networking and security services into one platform, including DNS security, SWG, zero trust network access (ZTNA), and DLP. Additionally, SASE pairs well with an SD-WAN and works for a variety of use cases:

• Reducing IT cost and complexity: An effective SASE solution is easy to deploy and manage, enabling digital transformation without the technical debt brought on by legacy architecture.
• Delivering a great user experience: SASE brings security policies close to the user to eliminate unnecessary backhauling, provide optimal bandwidth, and ensure low latency.
• Lowering risk: With SASE, all connections are inspected and secured in real time, no matter who come from, which app is being accessed, or which encryption method is being used.

Zscaler and SWG

Zscaler has been named a Leader in the Gartner Magic Quadrant for Secure Web Gateways for 10 consecutive years. In 2021, Gartner defined the security service edge (SSE)—which is an element SASE and a new category that includes SWG—and subsequently recognized Zscaler as a Leader in the 2022 and 2023 Gartner Magic Quadrant for Security Service Edge.