The words “firewall” and “Secure Web Gateway” (SWG) not to be confused with an “Secure Internet Gateway” (SIG) have become higher in the general business consciousness over the past couple of years given the significant uptick in incidences of cybercrime. The COVID pandemic has delivered criminals a perfect storm of opportunity – with more people working from home, many businesses are adopting remote-work arrangements for the first time. Add on the many people made desperate by pandemic related disruptions, and you have a target-rich environment for the unscrupulous. According to the Australian Cyber Security Centre’s 2021 Cyber Threat Report, self-reported losses to cybercrime in Australia reached $33 billion this year.
This means that your security arrangements are more important than ever. Security threats are evolving and adapting every day, but when was the last time you did more than press “update” on your operating system? This article will explore two mainstays of your business security architecture – the firewall and the secure web gateway. By the end, you will understand what they are, the difference between them, and how you can supplement them to meet modern security standards.
Is There A Difference Between A Secure Web Gateway And A Firewall?
Firewalls and secure web gateways (SWGs) play a similar and overlapping role in securing your network. Both analyse incoming information and seek to identify threats before they enter your system. Despite sharing a broadly similar function, there are some key differences between them. Let’s look at the “classical” distinction between secure web gateways and firewalls.
The basic distinctions:
- Firewalls inspect data packets
- Secure web gateways inspect applications
- Secure web gateways set and enforce rules for users
To step back a touch, “data packets” are the currency of online communication. They are the medium by which information is exchanged between computers: any data sent to you will be broken into a set of tiny chunks for transfer and these will come in as a series of packets that need to be reassembled into a coherent signal.
Firewalls review the contents of the incoming data packets (ominously called the “payload”) for malicious code and compare what they find with a “signature” of known threats. This is the so-called “blacklist system” and it is why updating your security regularly is so important – security providers continually update their filters (their “blacklists”) with newly discovered malware. Firewalls, in effect, work by recognising the DNA of that malware in incoming packets and then filtering them out to prevent the whole from assembling itself in your system.
On the other hand, secure web gateways (SWGs) operate at the application level. They prevent access to unsafe websites and programs. They can do this by blacklisting or whitelisting specific connections and keywords or they can limit functionality within particular applications. For example, you could place a file-size limit on a messaging app. This could prevent exfiltration of your data beyond the few bytes needed to send your text. Such limits can be set system-wide or on a user-by-user basis.
By this function, SWGs are effective at enforcing your organisation’s web-use policy and compensating for user-caused cybersecurity oversights. Through removing the possibility that your team can access unsafe websites, you remove a major vulnerability in your network’s armour. As a result, the popularity of secure web gateways is growing: worldwide sales of SWGs are predicted to reach more than $12 billion dollars by 2025.
A Gate With No Fence? A Wall Made Of Gates?
Both secure web gateways and firewalls are components of a cybersecurity concept called “perimeter defence”. Their strengths lie in monitoring traffic as it enters and leaves a closed system. The classic application for this is an on-premises network with a shared internet connection. In this scenario, everything passes through a single point of entry – or “gate” – so that security can focus on what comes in and goes out. Perimeter defence works on the principle that if the gate is secure, you don’t need to worry about what’s inside the network.
Chances are, your business network just doesn’t work like that anymore. Few do. A number of developments have eroded this “closed garden” model of network security, these include:
- Software as a Service (SaaS) applications
- Remote networking
- Cloud-based computing
These concepts overlap and they often co-exist in a kind of ecosystem. SaaS providers usually incorporate cloud-based systems and they do so precisely to facilitate off-site access. What this means for cybersecurity is you can no longer depend on walling off your network and monitoring incoming traffic. When you have both a plethora of devices linking in from their own access points and data moving back and forth between your network and cloud-based applications, the traditional perimeter is a thing of the past. It’s hard to even say where the perimeter is.
Of course, this doesn’t mean you should do away with traditional safeguards. They are still useful, even if they’re no longer the showstoppers they once were. While many experts argue that perimeter defence is dead, demand for firewalls and secure web gateways continue to grow. The global market for firewalls is expected to surge from $4.37 billion (USD) in 2021 to $10.06 billion by 2027.
So, rumours of the perimeter’s demise are very much exaggerated. Better to say that perimeter-focused security has learned to play well with others. Given the rise of new strategies among cybercriminals, a strong, multilayered defence is more important. Most security systems now combine firewalls and secure web gateways so as to take advantage of their complementary strengths. Yes, firewalls and SWGswill always play a role in preventing the infiltration of malicious programs but they’re now being supplemented with additional security systems as part of a more complete framework
How Have Secure Web Gateways Evolved?
The strength of SWGs at enforcing usage policies is undeniable, and filtering known threats will always play a part in online security. So the place of SWGs in modern cybersecurity postures is assured. However, their place in your security framework must evolve if you are to remain resilient against modern attackers.
Modern SWGs are usually provided in a package of interlocking security strategies. They now take advantage of the cloud-based approach to respond to the new, decentralised model of enterprise networking. This means you can maintain the same controls over remote users as you can over on-premise workers. A cloud-based SWG provides the same filtering service for anyone who logs in, whether they’re in the office or sending an email from a cafe.
This move to cloud-based security parallels the uptake of other SaaS solutions and allows them to operate beyond the traditional perimeter. Most providers now integrate firewall type and SWG-type filtering in a combined service, while adding elements of a “zero trust” framework for a more complete security approach. For this reason, demand for cloud-based SWGs is growing rapidly. As with firewalls, the market for cloud-based gateways has grown by around 30 percent per year for the past several years.
What is Zero Trust Security?
Zero trust security is the prevailing paradigm in modern cyber security. A perimeter mindset defaults to trusting information once it passes into your system. Zero trust assumes the worst and seeks to identify breaches by observing unusual patterns inside your network. This evolution in security approaches means it no longer makes sense to think of SWGs and firewalls as distinct components. Rather, they are part of an array of monitoring and response tools that work together to form your defences. These integrated systems are often called Secure Access Security Edge (SASE) frameworks.
How To Choose A Modern Secure Web Gateway?
For all of the reasons discussed above, integration with a SASE framework is necessary in the modern security environment. However, your SWG needs to play its part effectively for the holistic SASE strategy to be effective. According to securitybrief.com.au, you should look for six main components when choosing your web gateway provider:
- Support for cloud-centric remote work
- Real-time threat protection
- Good data-loss protection
- High-resolution usage visibility and reporting
- Granular controls for unmanaged applications
- Integration with a Secure Access Security Edge (SASE) framework
If your web gateway offers these features, you have laid a solid foundation for your wider security architecture. Unfortunately, the human factor is always a weak point for any system. Simply limiting the range of functions available to your team can close a lot of doors for potential attackers. A good gateway lets you do this with granularity, rather than banning applications wholesale. This granularity is important because team frustrations can rise steeply when users feel they are being “locked out” of things to an unreasonable degree.
A good gateway also provides a range of monitoring tools to identify and respond to the anomalous patterns which indicate an attack. This means preventing data exfiltration and providing real-time action when a potential breach is identified. A high degree of detail in what your gateway observes and reports is also crucial to heading off potential attacks, identifying vulnerabilities and spotlighting pernicious user behaviour.
Where Should You Start With Web Security?
We started with a simple question – what is the difference between a firewall and a secure web gateway? While the short answer is a straightforward matter of focus, you now have a better picture of the role these solutions play in a complex security environment. Thinking of firewalls and SWGs as discrete barriers is no longer enough: you must consider your security as a living ecosystem, not as a garden wall.
If that sounds daunting, don’t worry. You don’t have to go it alone! For expert advice on securing your network, contact Internet 2.0. Our team honed their skills at the coalface of military and intelligence signals security. Our technology is informed by our expertise in defending against threats of the highest level and we’re here to share it with you. Call 1300 583 007 to arrange a confidential discussion about how we can keep you safe.