SecureNet Blog

Malware detection is king as far as Secure Web Gateways (SWGs) are concerned. And here we use the term malware in its broadest sense-any code, software, script, or content that has malicious, illegal, or deceptive intent. Its hard to argue that there is a feature more important than malware detection when purchasing a system or service to prevent Internet based security threats and secure your organization's web gateway.

When evaluating an Secure Web Gateway Solution, its important that there be a layered approach to securing against malware. A good SWG solution will have multiple engines or services for real-time scanning of incoming content for malware.

A good SWG solution will also not rely on only reactive scanning technologies such as signatures, rules, and site reputation. Multiple malware or anti virus engines do not cut it here. Depending on who you talk to you will only catch an average 28-39% of Internet based threats when using multiple, reputable malware/AV scanning engines that rely on signature based detection.

Although some sales people will work hard to sell you on reputation filtering as a proactive or dynamic feature, remember it is a very reactive technology and that virtually every SWG on the market has reputation filtering-its called a URL filtering database.

Solid Internet security requires more proactive features such as non-reputation, non-signature, behavior based scanning. By the time a reputation is established or a signature is provided, most likely the exploit has claimed its victims and is no longer in use. Behavior based detection in real time is a must have layer of security in an SWG solution.