Continuing with my SASE journey, I wanted to talk a little bit about SWG.

A SWG is essentially a ‘Man in the Middle’ security perimeter hosted in the Cloud. Or you could call it the ‘Gatekeeper’, its primary goal is to make sure the traffic flow from your Corporate network is safe and allowed to leave to the Internet, vice versa any external traffic from the Internet is also permitted (based on your allowed policies).

The reason why we need a SWG is due to the fact most applications are now hosted in the Cloud with most traffic destined for the Internet.

Features of a SWG:

URL/DNS Filtering
Malware Detection
L7 Application Control
Sandboxing

One of the most common use cases of a SWG is to decrypt SSL/TLS traffic, as most Web traffic is now HTTPS, the SWG needs to be able to inspect this traffic. Decrypting TLS traffic can be extremely resource intensive and this is done by:

SWG intercepts the TLS handshake between the client and server, the SWG then creates its own TLS connection with the client and another one with the Server. This allows the SWG to be able to decrypt and encrypt the original traffic.

As mentioned before, this is extremely resource intensive so latency could be introduced.

AI/ML with SWG

With AI and ML being used more often with SWG, this provides a perfect combination in detecting any unusual activity/traffic that differs from the usual day to day anomaly. Or any behaviour that could be a threat to the organisation.

Cisco – Cisco Secure Access/Cisco+ Secure Connect
Fortinet – FortiProxy
Palo Alto Networks – Cloud SWG
Cato Networks – Cato SWG

Hope this helps! 😁