Home 

The Enterprise Architecture Blog





 


  Security and privacy are close cousins.

  Technology   >>  security   >>  10 questions for your secure web gateway vendor

10 Questions For Your Secure Web Gateway Vendor

        posted by Anna Mar, Simplicable, December 18, 2011

The secure web gateway (SWG) market is reasonably mature but is not yet commodotized. There's a big difference between vendors in the space. These 10 questions will help you to evaluate SWG vendors.

1. Does your product primarily rely on signature-based malware detection?

Signature-base malware detection is reactive. It relies on signatures of known malware. Advanced malware is resistant to signature-based detection — malware can potentially modify it's signature based on complex algorithms. Most SWG tools rely on a cocktail approach – signature-based detection mixed with generic algorithms that detect malware based on generalized factors.

2. How strong is your outbound malware detection?

Detecting outbound messages to malware control centers and external targets is critical to your network security. Most vendors are far better at detecting inbound malware.

3. How strong is your detection of malware for non-web traffic?

Many tools are web-focused and fall down on email and proprietary protocols such as Skype.

4. Does your tool analyze URLs in real-time or rely on a list of known bad URLs?

The first line of defense that SWG products use is to block by URL. There are well established publicly available lists of malware infected and dubious URLs. Blocking these URLs is a commodity service. Where tools can add value is real-time analysis of URLs not already on the public blacklists. There are two methods to achieve this: real-time code analysis (inspection of scripting languages such as Javascript) and site reputation analysis.

5. Does your tool have a geographical focus?

Some tools are focused on threats in a particular location (e.g. English websites in the United States). These tools may fall down when it comes to common web threats in a different location (e.g. Chinese websites).

6. Does your tool provide fine-grained controls for social media?

Most organizations want their network to be open to social media but want fine-grained controls over popular web destinations. For example, an organization may allow Facebook access but may want to block certain Facebook games.

7. Does your tool provide mobile device capabilities?

Your employees probably access applications and websites on third party mobile networks. Some vendors offer tools that force mobile web access through your web security gateway. This requires special malware detection that can analyze mobile apps across diverse mobile platforms.

8. What reports are available out-of-the-box?

Reporting is a significant SWG vendor differentiator.

9. Do you provide fine grained controls for enterprise SaaS applications?

Organizations may deploy SaaS applications but restrict certain functionalities. Secure Web Gateways are one way to achieve this.

10. What data leak prevention capabilities does your product have?

Data often leaks through approved websites. Some SGW products have capabilities to detect large outgoing files or prevent certain file types from being uploaded.

   

1. 101 Enterprise Architecture Interview Questions 2. 104 ITIL Interview Questions
3.  101 Leadership Interview Questions
4.  7 Key Enterprise Architecture Metrics
5.  10 Questions That Pop Up In Every Enterprise Architecture Interview
6.  Understand Enterprise Architecture With These 7 Simple Diagrams
7.  5 Business Dashboard Examples That Have CEO Appeal
8.  10 Soa Design Patterns Every Architect Should Know
9.  20 Easy to Use ITIL Metrics
10.  70 HR Metrics With Examples
11.  10 Phrases That Should Set Off Every CIO's BS Detector
12.  When to use ESB versus ETL
13.  ITIL V3 To The Rescue Configuration Management Systems And The End Of CMDB
14.  The 9 Principles Of Soa Design
15.  101 CIO Interview Questions
16.  Togaf In 90 Seconds
17.  10 Reasons Enterprise Architecture Is The Best Investment Any Company Can Make
18.  Business Capability Map
19.  Architect Drunk Implement Sober
20.  Business Architecture At 50000 Feet
21.  101 Principles of Enterprise Architecture
22.  Enterprise Architecture Current State Template
23.  Web Security Illustrated
24.  Data Architecture
25.  Understand Soa With One Magic Diagram
 
26.  The Lazy Architect's Guide to Enterprise Software
27.  Architectural Templates
28.  Gartners Top 10 Enterprise Architecture Pitfalls
29.  11 Soft Skills For Enterprise Architects
30.  Chief Architect Job Description
31.  8 Enterprise Architecture Risks
32.  What Every Architect Ought To Know About IT Governance
33.  RACI Responsible Versus Accountable
34.  Human Driven Dashboards
35.  ITIL V3 CMDB At 50000 Feet
36.  Gap Analysis Template
37.  ITIL
38.  Interview Questions
39.  Zachman Framework In 3 Easy Diagrams
40.  Why Lazy Enterprise Architects Are So Successful
41.  What is a Current State Enterprise Architecture Blueprint?
42.  What's a ERP system?
43.  Competitive Advantage Model
44.  IT Metrics
45.  7 Reasons You Need Architecture Principles
46.  Failure of the US Government's Enterprise Architecture Program
47.  7 Common Mistakes Enterprise Architects Make
48.  The 25 ITIL Processes
49.  How to Develop a Enterprise Architecture Marketing Plan
50.  The Big List of Information Security Threats


Permalink:
http://simplicable.com/new/10-questions-for-your-secure-web-gateway-vendor

People who viewed this also viewed

    Get to Know the Threats Facing Your Business        8 Ways To Protect Your Website From DDoS Attack
    WS Security in 90 Seconds        How To Implement SOA Security The Easy Way
    Why Lazy Enterprise Architects Are So Successful        Understand Enterprise Architecture With These 7 Simple Diagrams
    So You Think You're An Architect        Your Metrics Are Too Simple
    The Big List of Information Security Vulnerabilities        The Big List of Information Security Threats
Home »