Why Do You Need a Proxy in the Secure Web Gateway?

In today's web based world, web threats are at an all time high. Whether it's an iFrame injection, a drive-by download, phishing, or just plain malware, end-users browsing the web are at a higher risk than ever before of having their computers and identities compromised. It's no surprise then, that more companies than ever are looking to implement a Secure Web Gateway, or updating their existing gateways.

For many the term Secure Web Gateway is interchangeable with the term proxy, but not all Secure Web Gateways are proxies. It's an important distinction to make, because originally Secure Web Gateways were implemented to enforce corporate or organizational policy (such as preventing shopping on the web during office hours), but in today's threat laden world, having a proxy in the Secure Web Gateway is more important than ever in the battle against cybercrime, malware and phishing.

By specifically requiring a proxy in the Secure Web Gateway, you're guaranteed to terminate all traffic at the proxy. This means when a client makes an http request, it goes to the proxy and the proxy responds acting as a server accepting the connection. The proxy then acts like the client and makes the same request the client made to the destination server. By forcing all traffic to terminate at the proxy, the proxy has the ability to inspect all the traffic flowing through the device, and makes sure no traffic flows through without inspection.

Alternative Secure Web Gateway deployments, such as TAP (or SPAN port) deployments, have the gateway sitting off to the side of the network, observing traffic as it passes by, instead of intercepting and terminating all traffic. These deployments have the specific flaw that malware or other threats can get by, if the gateway doesn't detect the threat in time or doesn't send out a TCP reset packet in time to disrupt the flow of traffic. It's not a guaranteed security mechanism. It may have worked okay for enforcing organizational policy, but it's definitely not a safeguard against web borne threats.

Today, the only true way to have full protection against web threats is to intercept all web bound traffic using a proxy architecture. Depending on the proxy vendor, your proxy device may also intercept and protect other forms of internet bound traffic like, ftp, telnet, and other protocols. Protecting your mission critical network from inbound threats should be a top priority, and you need to make sure your Secure Web Gateway processes all the traffic by using a proxy architecture.