simplicable technology guide
»
security
»
secure web gateway vendor questions
10 Questions For Your Secure Web Gateway Vendor
posted by Anna Mar, December 18, 2011
The secure web gateway (SWG) market is reasonably mature but is not yet commodotized. There's a big difference between vendors in the space. These 10 questions will help you to evaluate SWG vendors.
1. Does your product primarily rely on signature-based malware detection?
Signature-base malware detection is reactive. It relies on signatures of known malware. Advanced malware is resistant to signature-based detection — malware can potentially modify it's signature based on complex algorithms. Most SWG tools rely on a cocktail approach – signature-based detection mixed with generic algorithms that detect malware based on generalized factors.
2. How strong is your outbound malware detection?
Detecting outbound messages to malware control centers and external targets is critical to your network security. Most vendors are far better at detecting inbound malware.
3. How strong is your detection of malware for non-web traffic?
Many tools are web-focused and fall down on email and proprietary protocols such as Skype.
4. Does your tool analyze URLs in real-time or rely on a list of known bad URLs?
The first line of defense that SWG products use is to block by URL. There are well established publicly available lists of malware infected and dubious URLs. Blocking these URLs is a commodity service. Where tools can add value is real-time analysis of URLs not already on the public blacklists. There are two methods to achieve this: real-time code analysis (inspection of scripting languages such as Javascript) and site reputation analysis.
5. Does your tool have a geographical focus?
Some tools are focused on threats in a particular location (e.g. English websites in the United States). These tools may fall down when it comes to common web threats in a different location (e.g. Chinese websites).
6. Does your tool provide fine-grained controls for social media?
Most organizations want their network to be open to social media but want fine-grained controls over popular web destinations. For example, an organization may allow Facebook access but may want to block certain Facebook games.
7. Does your tool provide mobile device capabilities?
Your employees probably access applications and websites on third party mobile networks. Some vendors offer tools that force mobile web access through your web security gateway. This requires special malware detection that can analyze mobile apps across diverse mobile platforms.
8. What reports are available out-of-the-box?
Reporting is a significant SWG vendor differentiator.
9. Do you provide fine grained controls for enterprise SaaS applications?
Organizations may deploy SaaS applications but restrict certain functionalities. Secure Web Gateways are one way to achieve this.
10. What data leak prevention capabilities does your product have?
Data often leaks through approved websites. Some SGW products have capabilities to detect large outgoing files or prevent certain file types from being uploaded.
|
Service-oriented Architecture (SOA) is as simple as can be — it can all be boiled down to these 9 principles.
|
|
Should EA report to the CIO? COO? CFO? CEO? How about the Board of Directors?
|
|
The most important diagram in all of business architecture — without it your EA efforts are in vain.
|
|
The following template captures your high level enterprise architecture.
|
Recently on Simplicable
| |
posted by John Spacey
A guide to cloud computing including cheat sheets, best practices and metrics.
|
| |
posted by Anna Mar
There are two types of web security threats: battleships and locusts.
|
| |
posted by John Spacey
How would you explain web security to your grandmother?
|
| |
posted by John Spacey
Learn about common root causes of security risks.
|
