Key factors in building a Secure Web Gateway

Abstract

A Secure Web Gateway, according to Gartner’s definition, is a solution that provides URL filtering, malicious code detection and blocking, and application controls for cloud applications to filter out objectionable software/malware in outbound Internet traffic generated by end-user devices and has the capability to enforce corporate policy and regulatory compliance [1]. Its predecessor – Web proxy - has been around since the beginning of the Web and evolved to meet the needs of a fast changing Web ecosystem. Traditionally, Web proxy servers have been used to fulfil the following requirements: 1) Enable several machines to share a single Internet connection; 2) Improve Web performance and save bandwidth by caching repeatedly-accessed content locally; 3) Provide a basic URL filtering capability. However, these capabilities are no longer sufficient to meet the requirements of today’s Web ecosystem. Firstly, with the development of Network Address Translation in the late 1990s, the needs to use proxy servers to share an Internet connection has been superseded. Secondly, caching does not improve performance much for mobile clients, and mobile traffic volume has already exceeded that of desktop’s [2, 3]. Thirdly, a Web content filter based on using a URL database cannot keep up with the growth of Internet traffic [4]. In addition, it has become difficult to detect and stop threats such as Botnet and Advanced Persistent Threat [5] because of: 1) The polymorphic characteristics of the threats; 2) The increasing use of encryption on the Web; 3) The increase in threats targeting end-users - the weakest link; 4) The increasing need to use a variety of end-user devices from multiple locations such as the BRING YOUR OWN DEVICE (BYOD) policy requirement. Hence, there is an imminent need to evolve from the current Web proxy solution to a Secure Web Gateway solution. This research provides a categorisation of the key factors in building a Secure Web Gateway, proposes a reference design and architecture, a practical implementation for a home vDSL connection and finally, a testing framework that can be used to evaluate the effectiveness of a Secure Web Gateway deployment.