The Hidden Dangers of Secure Web Gateways: Why They’re Not Enough to…

In today's digital landscape, where browsers are the most commonly used enterprise applications, the need for robust cybersecurity measures has never been more critical. Despite the widespread adoption of Secure Web Gateways (SWGs), a significant portion of Highly Evasive, Adaptive Threats (HEAT) continue to slip through the cracks.

In today’s digital landscape, where browsers are the most commonly used enterprise applications, the need for robust cybersecurity measures has never been more critical. Despite the widespread adoption of Secure Web Gateways (SWGs), a significant portion of Highly Evasive, Adaptive Threats (HEAT) continue to slip through the cracks. This article delves into the reasons behind this phenomenon and explores how SWGs can be enhanced to better protect against modern threats.

The Rise of HEAT Attacks

According to the Verizon 2022 Data Breach Investigation Report (DBIR), web applications and email, primarily accessed via web browsers, constitute the primary attack vectors in security breaches, accounting for over 80% of such incidents. This statistic underscores the critical role that browsers play in enterprise security. However, the popularity of browsers also makes them a prime target for threat actors. These actors are employing highly evasive and adaptive techniques to gain an initial foothold through the browser before spreading through the network in search of more prominent targets.

The Evolution of SWGs

SWGs have been around for a while, but they were originally designed to solve a problem that has evolved into something completely different over time. Initially, SWGs were intended to be web filtering tools, serving as a firewall between enterprise networks and the public Internet. They identified potentially malicious content and made simple allow or block decisions based on static security policies.

Over time, SWGs have evolved to include URL reputation and sandboxing capabilities. This allowed organizations to first identify malicious content and then quarantine it before it could gain access to enterprise networks. However, threat actors have also evolved, developing evasive and adaptable techniques to get around these filters.

The Limitations of SWGs

Despite these enhancements, SWGs are not sufficient against today’s HEAT attacks. This is because the SWG sits between the end device and the enterprise network and isn’t in a position to block (or even identify) HEAT attacks that target the browser. Once these attacks make an initial access, they can lay in wait, find a way to spread to the network undetected, and deliver their payload.

The Need for SWG Enhancements

SWGs are not completely obsolete. In fact, they are quite resilient. They have evolved several times in step with evolving threats, and all we need to do is extend their reach to the browser. Here are four ways that SWGs can evolve to better meet today’s HEAT attacks:

Enhancing Visibility in the Browser

SWGs sit between the end device and the enterprise network and provide little visibility into what’s going on in the browser. Organizations need to extend visibility to the browser and monitor how users are interacting with the Internet. This includes the sites they are visiting, the files they are uploading and downloading, the Software as a Service (SaaS) platforms and cloud infrastructure they use to get work done – even social media and other interactions that take place outside the enterprise network.

Simply moving the SWG between the end device and the public Internet could enable this critical visibility. This would allow organizations to gain a comprehensive understanding of the threats they are facing and take proactive measures to mitigate them.

Analyzing Web Elements in Real Time

Phishing attacks are getting very good at imitating legitimate and trusted brands. SWGs need to use artificial intelligence (AI) and machine learning (ML) to analyze web elements such as images, logos, fonts, and metadata to determine if a site is what it purports to be. And it needs to do this in real time at the point of click.

Today’s attacks operate at the speed of business, and any delay in detection could lead to a breach. Multi-factor authentication (MFA) bypass is a good example of this. Threat actors are able to intercept MFA tokens and use them to gain access to an application within a few seconds. A SWG armed with AI/ML could detect a suspicious logo on a web form before the user enters their credentials.

Isolating the User from Potentially Malicious Content

SWGs could also be enhanced with isolation technology that creates a virtual air gap between the user and the public Internet. Executing all content – whether it’s deemed malicious or not – in a remote browser in the cloud before it gets to the end device would prevent HEAT attacks from gaining an initial foothold.

Tricking attacks into executing evasive techniques and even forcing them to deliver their payload before they get to the end device forces them to reveal themselves before they are ready – allowing traditional SWG capabilities such as URL filtering and sandboxing to work effectively.

Conclusion

In conclusion, while SWGs have evolved significantly over the years, they are not sufficient to stop today’s HEAT attacks. By enhancing visibility in the browser, analyzing web elements in real time, and isolating the user from potentially malicious content, SWGs can be updated to better protect browsers. This would not only enhance the security of enterprise networks but also provide organizations with a comprehensive understanding of the threats they are facing.

FAQ

Q: What are HEAT attacks?

A: HEAT attacks are Highly Evasive, Adaptive Threats that use highly evasive and adaptive techniques to gain an initial foothold through the browser before spreading through the network in search of more prominent targets.

Q: Why are SWGs not sufficient against HEAT attacks?

A: SWGs are not sufficient against HEAT attacks because they sit between the end device and the enterprise network and aren’t in a position to block (or even identify) HEAT attacks that target the browser.

Q: How can SWGs be enhanced to better protect against HEAT attacks?

A: SWGs can be enhanced by extending visibility to the browser, using AI and ML to analyze web elements in real time, and using isolation technology to create a virtual air gap between the user and the public Internet.

Q: What are the benefits of enhancing SWGs?

A: Enhancing SWGs would not only enhance the security of enterprise networks but also provide organizations with a comprehensive understanding of the threats they are facing. This would allow them to take proactive measures to mitigate these threats.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

If you like this post you might also like these

back to top