A New Vision for Secure Web Gateways

In the recently released 2020 Gartner Magic Quadrant for Secure Web Gateways (SWG) report, Netskope was recognized as a visionary, entering a decades-old legacy security solution area first defined by proxy cache appliances. Times have changed since human rating labs, regional web filtering lists, the use of ICAP for threat and data protection of files, web object caching, bandwidth management, and scripting policies to filter out undesired web objects. 

SWG appliances are now being replaced by “in the cloud” SWG solutions, but their primary capabilities have not shifted tremendously. What has changed is the web traffic itself. Today, more than 50% of sessions are related to apps and cloud services, based on Netskope research. With almost 90% of users working in the cloud daily, and the average number of apps per organization having nearly doubled from 1,295 in 2019 to 2,415 in 2020, web traffic is no longer just websites. Add in the pandemic with increased working from home, use of collaboration tools, and sharing of data across projects between employees, consultants, third-parties, and customers, and it becomes clear that web and cloud traffic is now a flowing river of data.

Shadow IT has also introduced new apps and data risks that weren’t present in data centers. The replacement of legacy SWG appliances can migrate existing capabilities to cloud-based SWG solutions,  and shifting defenses to the cloud provides network and security transformation benefits, cost savings, and less complexity. However, this shift does not solve the Shadow IT risks and ignores both app and data transformations to the cloud.

Why move to a cloud security edge for web traffic only and leave out the river of data and thousands of apps? Solving these challenges today requires a new vision for SWGs: a single pass cloud security edge that analyzes web and cloud traffic, including Shadow IT apps, data risks, and cloud-enabled threats.

While SWGs add advanced capabilities in sandboxing, new ML-based models for threat detection, and targeted RBI for uncategorized and security risk websites, without visibility and analysis of app content and context, they ignore cloud phishing, cloud malware delivery, and the gamut of cloud-enabled kill chain stages. Phishing attacks on SaaS/webmail rank #1 year over year in the APWG.org Phishing Trend reports. Similarly, Netskope Threat Research notes 63% of malware delivery comes from the cloud, mainly cloud storage apps where the majority of the more than 400 apps surveyed offer little or no threat protection. It’s clear that the current model for SWGs leaves a lot of gaps in visibility and control—and more gaps the more organizations embrace a cloud-first environment.

Netskope’s vision for SWGs is the “secure web and cloud gateway,” or what we call our Next Gen SWG. Built in the cloud, and for the cloud, with more than nine years of forward and reverse proxy experience serving Fortune 100 customers, Next Gen SWG provides the “single pass” security at the heart of your SASE architecture for a safe and fast user experience of web and cloud.