What is a Next-Generation Secure Web Gateway?

A Secure Web Gateway (SWG) is a technology that provides protection against web-related cyber threats like malware, viruses and malicious websites and downloads. A traditional or legacy SWG is typically a web security appliance that sits at the edge of a network to monitor web traffic flowing in and out of the organization. By inspecting and evaluating all traffic, a traditional secure web gateway solution can block traffic when it violates security or acceptable use policies.

A next-generation secure web gateway is a cloud-based solution that is designed to deliver stronger security for organizations with highly distributed networks and workforces. Rather than requiring all traffic to be backhauled to an SWG appliance within a central data center, next-generation SWGs can provide protection wherever users and devices are connecting to the Internet.
 

Next-generation secure web gateways are designed to provide security for IT environments that have experienced dramatic changes in recent years. As more organizations move to the cloud, legacy web secure gateways are no longer able to adequately protect against web-borne threats or deliver the visibility into web activity that IT teams require. Traditional network perimeters have virtually disappeared because data, applications and infrastructure can now reside anywhere in the world. Workforces are more distributed as well, with employees connecting to cloud services and corporate resources from anywhere, often via personal devices and unsecured connections. 

Legacy SWGs and web security solutions simply can’t keep pace with these transformational changes. Redirecting all web traffic back to an SWG appliance in a central data center adds unacceptable levels of latency that result in poor user experiences and loss of productivity. IT teams can’t possibly install, manage and update VPNs and other technology on every laptop, tablet and mobile device connecting to the corporate network.

As a cloud-based solution, a next-generation secure web gateway can provide security anywhere that users and devices require it. By enabling users to connect directly to the cloud applications and services they need, next-gen SWGs accelerate performance and improve user experiences. And by enabling IT teams to manage and enforce security policy from one central location, next-generation secure web gateways simplify the management of web security.
 

A next-generation secure web gateway inspects all web traffic entering or leaving an IT environment and monitors the web activity of users and endpoint devices. By evaluating all inbound web traffic and outbound web requests, a next-gen SWG can block, quarantine, flag or issue alerts for any traffic that may contain threats or any attempts by users to access malicious, suspicious or unacceptable websites and applications.

Next-generation secure web gateways provide several key benefits for securing web activity.

• Advanced protection helps to block malware, phishing attacks and other cyber threats from entering a network.
• Greater visibility into web activity gives IT teams a better understanding of the web-related threats targeting the network and how employees are using web resources.
• Application controls help increase productivity by restricting access to certain websites that are not related to work such as social media, gambling sites or sites with adult content. 
• URL filtering and application controls can also improve the performance of the network by allowing users to securely and directly connect to the cloud applications they need. These technologies can also reduce the amount of traffic on the network by blocking access to non-essential applications.
• Data loss prevention (DLP) capabilities help prevent malicious or inadvertent data leaks by inspecting web traffic and blocking or flagging any content containing sensitive material.
• The cloud-native architecture of a next-generation secure web gateway delivers greater availability with lower latency.

Next-generation secure web gateways are similar to firewalls and cloud access security brokers (CASBs) in the sense that each technology enforces security policies by inspecting and blocking traffic. However, there are several key differences between these three technologies.

Firewalls inspect traffic at the packet level and block or allow traffic without looking at the entire file. In contrast, next-generation secure web gateways operate at the application level, evaluating the complete request from a client before allowing or blocking it. Firewalls rely on stream-based antivirus scanning as a defense against malware and may be unable to stop evasive threats on the application level.

A cloud access security broker inspects and enforces policy for traffic flowing to cloud applications, and it can recognize a larger range of applications than secure web gateways. CASBs also offer more visibility and control over the use of cloud apps. Next-generation SWGs rely on CASBs for greater visibility and control, while CASBs rely on SWGs for full traffic and log information of web and application activity.
 

Forcepoint provides a next-generation secure web gateway as part of Forcepoint ONE, a cloud-native, all-in-one security platform. Forcepoint ONE SWG empowers IT security teams to go beyond categorizing web access as “safe” or “bad”. Forcepoint’s secure web gateway software enables the integration of Remote Browser Isolation (RBI) tools that render risky websites in secure containers, and Zero Trust Content Disarm & Reconstruction (CDR) tools that completely sanitize all downloadable documents.

Forcepoint’s SWG uses a distributed enforcement architecture that ensures the majority of a user’s web traffic is exchanged directly between the user and the website rather than making a detour through a service in the cloud. As a result, Forcepoint ONE SWG offers almost twice the throughput as products from other secure web gateway vendors.

Forcepoint’s SWG also includes full data loss prevention to block the theft of sensitive information, compliance-controlled data and intellectual property.