The modern Secure Web Gateway provides the advanced protection capabilities required by organizations large and small. By providing forward proxy services, the Secure Web Gateway provides valuable network isolation between internal clients and resources on the public Internet. It provides a single, aggregated connection to external resources where the security administrator can authenticate and log all traffic and perform application-layer inspection to ensure that all communication conforms to stated security policies. URL filtering furthers controls access to public resources based on the reputation of the requested site. A Secure Web Gateway must include additional defense mechanisms to protect the corporate network. Among the most important of those features is the ability to inspect SSL encrypted communication. SSL has long been known as the ?universal firewall bypass protocol?, allowing malicious users to circumvent access controls and malware authors to bypass inspection by hiding their communication in a secure and encrypted communication channel. A modern Secure Web Gateway has the ability to terminate outbound SSL connections, which allow it to decrypt and fully inspect the communication at the application layer. With this, the security administrator can enforce HTTP policy, inspect the data for viruses and malware, more effectively apply URL filtering policies, and enforce their certificate validation policy. Additionally, the Secure Web Gateway will include some form of Intrusion Detection/Prevention to identify and block common network attacks as well as prevent attacks leveraging known vulnerabilities in operating systems or applications.
Download the presentation (PDF)
