The digital revolution has been a boon for today’s businesses by opening up new markets, improving targeting, and transforming product and service delivery methods. Unfortunately, this transformation has also been great for digital marauders around the world—for many of the same reasons. As users, devices, applications, and data continue to move out of the data center and into the cloud and the edge of the network, threat actors are taking advantage of the expanded attack surfaces by discovering and reaching new victims and pulling off highly targeted social engineering and spearphishing campaigns.
Security threats exist primarily online, with 90 percent of breaches stemming from the Internet. This makes sense given that the Internet is the most important business tool today and employees spend 75 percent of their workday using a browser. Securing modern work with traditional security models requires traffic to be backhauled to the data center, where it can be monitored and the security team can apply the appropriate policies. However, rerouting all traffic back to the data center creates latency issues, network complexity, and unnecessary IT overhead. Additionally, split tunneling—rerouting only data center traffic while allowing direct connections to the Internet—creates blind spots that put the organization at risk.
Radically rethink enterprise security
Given these architecture changes, it makes sense to move security closer to the user and deliver security services through the cloud—wherever a user is located and whatever device they’re using. This allows enterprises to leverage the scalability, elasticity, and coverage of the cloud instead of relying on expensive MPLS networks and dedicated circuits.
Simply moving your existing security stack to the cloud doesn’t solve the fundamental problem, however. Threats are growing increasingly sophisticated and attack surfaces have expanded exponentially. So doing the same thing but in the cloud is ill advised. Organizations need to radically rethink how they deliver security services in today’s modern world. They can do this by implementing a strategy that reduces threat surfaces, simplifies the security stack, scales easily and quickly, and provides a single point for visibility, control, and manageability.
A cloud-based secure web gateway (SWG) can be that central aggregation point through which all traffic flows while providing full visibility into traffic throughout the entire session without adding latency.
Considered a critical security technology within the Secure Access Service Edge (SASE) architecture, if you’re currently researching a cloud-based SWG for your enterprise, here are four must-haves to look for:
1. Isolation at the core
Isolation is the secret sauce that makes modern security work. A SWG with isolation at its core protects the enterprise by creating a protective layer around users wherever business takes them, blocking not only known and existing threats, but unknown and future threats as well. It’s here where enterprises can get away from having to make a simple allow-or-block decision at the point of click. An isolation-powered SWG allows organizations to block, allow (in certain circumstances), isolate, or render in read-only mode. This ability to nuance security decisions and treat all traffic as potentially malicious allows enterprises to prevent threats from reaching users in the first place.
2. Seamless integration
The modern security stack has many components that need to be tightly integrated into a single security stack capable of monitoring and controlling any traffic that flows to, from, and inside the enterprise network. The SWG acts as the glue that ties all these security services together and delivers them to users wherever business takes them and however they connect to the Internet. These security services include data loss protection (DLP), remote browser isolation (RBI), sandboxing, and Cloud Access Security Broker (CASB), while the SWG provides integration into SIEM solutions and the security operations center (SOC).
3. Global elasticity
Expanding coverage to new regions has always been a time-consuming process for the security team. Typically, someone would call a vendor, make the request, and two weeks later you’d get a thumbs up or down. A cloud-based SWG allows enterprises to scale around the world through the cloud at the press of a button. No provisioning. No additional configurations. No calling vendors. No new contracts. It should be and is that easy.
4. Single point of control
Observability is a critical capability in the multi-cloud world. Security teams need ultimate visibility into who the user is, what they’re trying to access, and what groups they belong to. Then teams need to be able to apply the appropriate policies and controls depending on preset rules. This visibility and control need to be consolidated on a single management console rather than spread out across disparate control panels.
Once considered a staple of enterprise security, on-premises proxies are no longer fit to secure modern work. Given that the world has changed dramatically since that technology was introduced, it’s definitely time for an upgrade that can protect the productivity of today’s distributed workforce.
The world is changing and legacy approaches to enterprise security are not keeping up. Learn more about Menlo Security’s SWG powered by an Isolation CoreTM and radically rethink how you secure work for your enterprise.
*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Marcos Colón. Read the original post at: https://www.menlosecurity.com/blog/why-enterprises-need-a-major-swg-upgrade