Hybrid SWG: Internet Security, Take Two

The Internet is an essential tool for employees to effectively do their jobs. This gateway to endless knowledge (and cat videos) also constitutes an infinite attack surface, exposing organizations to malware and other malicious threats.

Protecting users from the perils of the Internet is a critical step towards keeping the corporate network safe from ransomware and other types of Internet-borne attacks. 

The most effective and commonly used Internet security solution is Secure Web Gateway (SWG). Existing SWG implementations, however, have drawbacks that can impact an organization’s security posture and network performance.

SWG – Take One

Current SWG solutions come in two form-factors, on-prem appliances or cloud-based services.

On-prem SWG appliances require deployment and maintenance at each office location, creating significant operational effort and cost. They also require backhauling of remote user traffic through a physical office location, and only then forwarded to the destination website. This so-called “trombone effect” adds latency, which impacts user experience, negatively affects productivity, and creates unnecessary congestion at the office network–also potentially impacting network performance.    

Cloud-based SWG solutions solve the above issues, but require all traffic to be routed through the cloud service. This often causes performance issues for certain high demand applications and requires organizations to bypass the cloud service and send traffic directly to the Internet, leaving users unprotected. Cloud-based SWGs also typically require decryption of SSL/TLS traffic (SSL Inspection). But since the location and security level of the cloud provider isn’t always known, this creates a potential attack vector and compliance concern.

Both on-prem and cloud SWGs suffer from significant shortcomings, which can put your organization at risk and negatively impact performance and user productivity. 

It’s time for a better way to deploy SWG.

SWG – Take Two

A new and revolutionary SWG deployment model is Hybrid SWG. It consists of a device-based SWG agent that works in concert with a cloud-based SWG. 

The device-based SWG deploys as an agent on employee devices. As such, it protects users where they are – home, office, or on the road. It also protects users even when they’re not connected to the corporate network or when accessing bypassed web services (split tunneling). 

The cloud-based SWG, meanwhile, protects all traffic passing through the corporate network allowing IT teams to apply an additional layer of access control to connected users. It is a completely cloud-based SaaS solution which requires no deployment or maintenance.

Hybrid SWG combines the advantages of cloud-based and on-prem SWGs while solving their drawbacks. 

Hybrid SWG – The best of all worlds

Hybrid SWG is a novel offering from Perimeter 81 which solves the greatest and most urgent pain points IT teams experience with existing SWG solutions, and adds new and unique capabilities.

Perimeter 81’s Hybrid SWG advantages:

  • Protects user traffic, even when not connected to the corporate network
  • Protects bypassed traffic (split tunneling)
  • Managed from a single-pane-of-glass (both device and cloud SWG instances)
  • No decryption of traffic outside the user’s device
  • Enables secure and fast direct-to-Internet connectivity
  • Flexible deployment models (device and/or cloud-side)
  • No on-prem deployment, management or maintenance
  • Secures public WiFi connections

SWG Deployments Comparison

Perimeter 81’s Hybrid SWG eliminates all the major drawbacks traditional cloud SWGs and on-prem appliance SWGs suffer from, and enables organizations to benefit from a higher level of security, improved compliance, better performance and simplified operations.