What Is a Secure Web Gateway (SWG)?

What Do SWGs Do?

A SWG (often pronounced “swig”) blocks malicious websites and links, filters web traffic, enforces usage policies, and protects users and web applications from threats. According to Gartner, a SWG must include URL filtering, malicious code detection and filtering, and application controls for popular web-based apps.

More recently, Gartner identified SWG as a key part of a secure access service edge (SASE) framework. We’ll examine that in greater detail later in this article.

How Does a Secure Web Gateway Work?

A SWG acts as a barrier between an organization's network and the open internet, protecting it from web-based threats and ensuring users comply with web policies. When a user attempts to access a website or web content, a SWG will typically:

1. Check the URL against a database to allow or block access based on safety and policy.
2. Enforce app controls, restricting certain actions (e.g., uploads or sharing) per policy.
3. Scan downloads for malware, blocking files if the SWG detects any threats.
4. Inspect encrypted (TLS/SSL) traffic for hidden threats, re-encrypting safe data.
5. Identify sensitive data (e.g., payment info) and acts based on company policies.
6. Log user activity, threats, and violations for analysis and reporting.
    

SWG Features

To support the key functions laid out above, an effective SWG includes capabilities like:

• URL filtering to block or allow user access to websites according to policy
• Application control to enforce policy on the usage of web-based apps and cloud services
• TLS/SSL inspection capabilities to discover threats hiding in encrypted traffic
• Advanced threat protection, including anti-malware, antivirus, and anti-phishing measures
• Data loss prevention (DLP) to prevent loss or leakage of sensitive data
• Bandwidth controls to prevent certain sites or apps from consuming excess bandwidth
• Remote user protection to secure users operating outside the network perimeter
• Policy management tools to help administrators set and enforce security policies

Why Are SWGs Important?

The traditional office model, with local users accessing local applications, is no longer a given. Today, users and their devices can be almost anywhere. The applications they need to access, meanwhile, are increasingly in the cloud, out of reach of traditional network security. This is where SWGs provide some important benefits.

What Are the Benefits of a SWG?

An effective SWG enables you to:

• Restrict or block access to risky or malicious websites and web-based apps
• Protect against phishing, ransomware, and other malware in real time
• Enforce compliance with company, industry, or government regulations
• Support hybrid work models with fast, seamless, and secure connections to web-based resources

Moving Beyond Traditional Infrastructure

You need a SWG to inspect traffic, identify threats, apply policy, and more. That said, if you keep relying on traditional infrastructure to secure internet-bound traffic, you’ll need to backhaul it to your data center for scanning and inspection, which will slow down traffic and frustrate your users.

Legacy solutions can’t provide adequate security in today’s cloud-based landscape. Cybercriminals are constantly creating new, sophisticated threats, and by bringing all traffic back to your data center for security, you’re opening your network to the risk of lateral movement and data breaches.

That's why you need a SWG built for the cloud and zero trust, able to inspect all traffic and enforce least-privileged access without conferring implicit trust.

Why Companies Need a SWG

Work-from-anywhere models and rapid SaaS adoption highlight the critical need for cloud native security solutions. The reason for this is simple: in today’s dynamic cloud environments, hardware-based approaches can't scale. Moving on-premises functions like legacy VPNs and firewalls to the cloud would be akin to networking thousands of DVD players and calling it “Netflix.”

A cloud-based secure web gateway (SWG) provides consistent protection regardless of where users connect. Sitting inline between users, the web, and SaaS, it terminates and inspects every connection, applying user-centric security and access policies. This approach eliminates your attack surface, prevents compromise, stops lateral movement, and halts sensitive data loss.

How SASE Helps

To effectively secure cloud resources, the SWG should be part of a cloud-delivered secure access service edge (SASE) architecture. SASE combines a host of networking and security services into one platform, including SWG, zero trust network access (ZTNA), cloud access security broker (CASB), SD-WAN, and more, offering multiple benefits:

• SASE reduces IT cost and complexity. It simplifies deployment and management, supporting digital transformation without the technical debt of legacy architectures.
• SASE delivers a great user experience. By applying security policies near the user, it eliminates backhauling, optimizes bandwidth, and ensures low latency.
• SASE lowers cyber risk. It inspects and secures all connections in real time, regardless of the user, application, or encryption method involved.

Zscaler and SWG

Zscaler has been named a Leader in the Gartner Magic Quadrant for Secure Web Gateways for 10 consecutive years. In 2021, Gartner defined the security service edge (SSE)—the security-centric subset of SASE—and subsequently recognized Zscaler as a Leader in the 2022, 2023, 2024, and 2025 Gartner Magic Quadrant for Security Service Edge.