The Zero Trust Web Gateway

Written by Guise Bule, Founder at Secjuice

The Zero Trust Web Gateway

Once you have been in cybersecurity for a while you start to see and hear enterprise use cases which resonate in the right way and right now upgrading your web gateway using the zero trust model is the enterprise security model which resonates with me the most.

Zero Trust Explained

The concept of zero-trust is rooted in the principle of “never trust, always verify” and revolves around the belief that you should never trust anything, even if it is already inside your security perimeter.

Zero-trust architectures primarily work towards preventing lateral movement through your networks by intruders. When you consider that the point of infiltration is hardly ever the final target of an attacker, you understand why preventing movement through your IT infrastructure is important. The zero-trust model rejects the notion of the ‘defending the perimeter’ and assumes everything inside the perimeter is a threat, it has been adopted by some of the largest companies in the world, Google was an early adopter.

Web Gateways Explained

A web gateway is a proxy that enforces URL restrictions and inspects the data going through it, typically a security appliance which sits between your IT infrastructure and the outside internet, it enforces your organization's network security policies and filters out any potentially malicious web traffic in real-time. They protect users from accessing malicious websites, phishing websites or worse. The web gateway will inspect your user's web traffic in real-time, analyze its content against corporate policies and threat analysis feeds to ensure that malicious or inappropriate content is blocked. Results may vary depending on the gateway.

Web gateways cannot categorize all of the traffic passing through them, you have to block the traffic you cannot categorize, or take a risk and let it through.

There are lots of different web gateways out there, but no matter the gateway they all have the same problem, they are unable to correctly categorize all web traffic. The best web gateways will have live threat feeds integrated into them coming from multiple sources so that they can properly categorize threats against them as they appear in their traffic in real-time, but you cannot categorize everything.

When you cannot categorize traffic as a threat, or safe, you have two choices, you can let the user access it (keep them happy), or automatically block it (annoy the user who will probably complain). What do you do?

Don't Trust anything

Most cyber attacks directly target the end user as they use the internet through a browser, the web browser is the single biggest infiltration point on your networks, an open window into your IT infrastructure and your web gateway simply cannot protect you through every threat that wants to climb through it. If you want to leverage a zero trust approach when it comes to your web gateway you need integrate a remote browser isolation capability so that you have a third option. You can physically isolate that cyber risk!

By properly integrating remote browser isolation capability you can physically isolate URLs in real time and give your users access to the websites and content that you would have otherwise blocked by default.

Zero Trust Web Traffic

Remote browser isolation is the zero trust model applied to web browsing, remote browser isolation refuses to trust any website and safely isolates web browsing into a cloud built to handle the risks, selectively isolating that which you cannot categorize, or everything not attached to your own domains.

If you have lots of employees, you probably block a lot of their URL’s on a daily basis and annoy them in the process. It is far more effective to isolate those URLs and let the user access them than it is to just block them, or take a risk and let the traffic through. Adopting a remote browser isolation solution is a fantastic way of dealing with the web traffic that you cannot categorize. In many smaller businesses who lack the resources to deploy and configure web gateways, they isolate all of their web traffic onto remote browsers and eliminate the web gateway element completely. In the enterprise remote browser isolation forms part of the wider cybersecurity ecosystem and beautifully compliments web gateways as a zero trust solution.

By upgrading your web gateways capability with a remote browser isolation solution you can adopt a zero trust posture and reduce the restrictions that you place on your employees and their online activity when they visit potentially malicious websites. Never trust, always verify and when you can’t physically isolate it.

Like the things we write? Follow @WEBGAP on Twitter for more!