A secure web gateway is a cyberbarrier or checkpoint that keeps unauthorized traffic from entering an organization's network. The traffic that a secure web gateway governs is all inline—the gateway stands between all incoming and outgoing data. It prevents malicious website traffic, viruses, and malware from infecting enterprises or accessing its data. The web gateway only allows users to access approved, secure websites—all others are blocked. A more sophisticated function of a web gateway can prevent sensitive information (like intellectual property, data, and confidential documents) from leaving an organization's site (also known as exfiltration).

Why is a secure web gateway important?

Secure web gateways have become increasingly common as cybercriminals have grown more sophisticated in embedding threat vectors into seemingly innocuous or professional-looking websites. These counterfeit websites can compromise the enterprise as users access them, unleashing malicious code and unauthorized access in the background without the user's knowledge. The fake, criminal websites can be quite convincing.

Some of these scam websites appear to be so authentic that they can convince users to enter credit card numbers and personal identification information (PII) such as social security numbers. Other sites require only the connection to the user to bypass web browser controls and inject malicious code such as viruses or malware into the user's network. Examples include fake online shopping sites posing as brand-name sellers, sites that appear to be legitimate government agencies, and even business-to-business intranets. Secure web gateways can also prevent data from flowing out of an organization, making certain that restricted data is blocked from leaving the organization.

How does a secure web gateway work?

Secure web gateways are installed as a software component or a hardware device on the edge of the network or at user endpoints. All traffic to and from users to other networks must pass through the gateway that monitors it. The gateway monitors this traffic for malicious code, web application use, and all user/non-user attempted URL connections.

The gateway checks or filters website URL addresses against stored lists of known and approved websites—all others not on the approved lists can be explicitly blocked. Known malicious sites can be explicitly blocked as well. URL filters that maintain allowed web addresses are maintained in whitelists, while known, off-limits sites that are explicitly blocked are maintained in blacklists. In enterprises, these lists are maintained in the secure gateway's database, which then applies the list filters to all incoming and outgoing traffic.

Similarly, data flowing out of the network can be checked, disallowing restricted data sources—data on the network or user devices that is prohibited from distribution. Application level controls can also be restricted to known and approved functions, such as blocking uploads to software-as-a-service (SaaS) applications (such as Office 365 and Salesforce.com). Although some enterprises deploy secure web gateways in hardware appliances that filter all incoming and outgoing traffic, many organizations use cloud-based, software-as-a-service (SaaS) secure web gateways as a more flexible and less costly solution to deploy and maintain. Organizations with existing hardware investments often combine the two, using hardware at their larger physical sites and cloud-based gateways for remote locations and travelling workers.

What are some features of secure web gateways?

Beyond basic URL, web application control, and data filtering, secure web gateways should provide additional controls and features that enhance network security.

  1. Encrypted traffic analysis.
    The gateway should compare all traffic to local and global threat lists and reputation sources first, then also analyze the nature of the traffic itself to determine if any content or code poses a threat to the network. This should include SSL-based encrypted traffic.

  2. Data Loss Prevention.
    If for example, a websites accepts uploaded documents or data, the documents should first be scanned for sensitivity data before being uploaded.

  3. Social media protection.
    All information to and from social media should be scanned and filtered.

  4. Support for all protocols.
    HTTP, HTTPS, and FTP internet protocols must be supported. While HTTPS is the industry standard now, many sites still support HTTP and FTP connections.

  5. Integration with zero-day anti-malware solutions.
    Threats will be discovered, and integration with anti-malware solutions that can detect zero-day (never seen before) threats deliver the best prevention and remediation.

  6. Integration with security monitoring.
    Security administrators should be notified of any web gateway security problems via their monitoring solution of choice, typically a security information and event management (SIEM) solution.

  7. Choice of location.
    Choose where your secure web gateway best fits in your network—the edge, at endpoints, or in the cloud.