A secure web gateway (SWG) is one of the most effective tools that businesses can use to defend their networks against online threats. An SWG like Perimeter 81, in combination with a firewall, can block traffic from malicious websites, limit data theft from a compromised network connection, and much more.
There are a lot of different SWGs available, each boasting different security features, customization options, and ease of use. In this guide, we’ll explain how to choose the right SWG for protecting your business’s network.
Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.
What is a secure web gateway?
An SWG is a piece of software that sits at the interface between your business’s network and the internet at large. It controls the flow of data to and from your network and prevents your network from connecting to potentially spoofed or malicious websites. An SWG can also be used to implement network security policies like URL blacklists and user permissions.
Importantly, an SWG is distinct from a firewall. An SWG monitors traffic at the level of whole websites or web applications, while a firewall monitors the individual data packets that are sent from a website for malicious code. Many businesses use an SWG and firewall in tandem to achieve overlapping network defenses.
Cloud-based vs. on-premises secure web gateways
An SWG can either be based in the cloud or hosted directly by your business (on-premises). Cloud-based SWGs are hosted by a third-party provider, so businesses don’t need to go through the hassle of setting up or maintaining an SWG on their own servers. An on-premises SWG is installed on your company’s own servers and your business is responsible for its upkeep.
For most businesses, it makes more sense to choose a cloud-based SWG than an on-premises SWG. Cloud-based SWGs are also highly scalable, growing with your business as your network traffic increases. Increasing the traffic capacity of an on-premises SWG can be a costly and time-consuming process.
Another benefit of cloud-based SWGs is that they’re constantly being upgraded to deal with the latest digital threats. Many cloud-based SWGs can be integrated with other security tools, such as firewalls and network monitoring systems. While such integrations are possible with an on-premises SWG, you may find that your system is no longer equipped to deal with emerging threats a few years down the line.
Secure web gateway features
All SWGs offer a few essential features in common, but there are lots of additional features that the best SWGs offer to help protect your business. Here are a few of the key SWG features to look for.
Virtually every SWG on the market offers the ability to blacklist or whitelist specific URLs. This is a coarse, but effective way to limit what sites your network can and cannot connect to.
Some SWGs offer additional filtering controls that give more control over your network’s traffic. For example, an SWG may enable you to prevent data from being sent over an unencrypted connection.
One of the key functions of all SWGs is to detect spoofed or malware-infected websites and web applications. However, SWGs can differ quite a bit in how effective they are at this task.
Each SWG has its own database of fake websites and malicious code. The best SWGs use threat intelligence systems to collect real-time data from users and quickly apply protection to all other users around the globe.
Another important feature to look for in an SWG is the ability to set user permissions and access policies.
An SWG can enable you to control what users are allowed to connect to on a specific website. You can even define specific times or devices that are whitelisted for connecting. Unauthorized connection attempts are logged to help your IT team identify potential attackers in your network.
A growing number of SWGs offer features to help prevent data loss in the event that a user connects to a malicious website or if your network is infected with malware.
These SWGs enable you to limit the amount of data sent from your network to websites. Some even have keyword-based monitoring tools that can automatically block certain types of data from being transmitted from your network, such as social security numbers or payment information.
Traditional SWGs are designed for network connections initiated from a browser and may not function properly in an email client. That’s problematic because your network may not be adequately protected if a user clicks on a malicious link in an email.
Many new SWGs extend their protection to email clients and on-premises email servers. This can provide valuable defense against phishing attacks.
Some SWGs incorporate sandbox environments, which are virtual environments that are isolated from the rest of your network. These sandboxes enable web traffic to be sent and then inspected for malware without putting your network at risk.
The advantage of having an SWG with a sandbox environment is that it offers extra protection in cases where it’s unclear whether a website is malicious or not. So, your business will be able to connect to more sites while still prioritizing safety.
Secure web gateway pricing
Price is an important consideration for any business in search of an SWG. Prices can vary widely and many SWG providers offer pricing by quote only.
In general, you should expect to pay between $5 and $20 per network user per month. Some of the key factors influencing an SWG’s price include the maximum speed of the gateway, how many gateways you need to handle all of your network traffic, and what level of security monitoring is included with the SWG.
An SWG can help protect your business network against online threats. When choosing an SWG, it’s important to consider whether a cloud-based SWG is right for you, what protective features you need, and how much the platform costs. Keep in mind that an SWG should be considered part of a broader cybersecurity strategy that includes a firewall, network monitoring, and more.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. His interests span a wide range from business technology to finance to creative media, with a focus on new technology and emerging trends. Michael's work has been published in TechRadar, Tom's Guide, Business Insider, Fast Company, Salon, and Harvard Business Review.