The market for Web access security has changed significantly in recent years, with the emergence of rendering solutions. Gartner’s analysts tend to help companies navigate it.
John Watts and Lawrence Orans, analysts at Gartner, say the market for securing Web access is based on an observation: “new Secure Web Gateway (SWG) architectures have emerged in recent years, which has caused confusion in the marketplace as to their efficiency and cost over traditional Web proxy servers. ”
In fact, the 2018 edition of Gartner’s magic quadrant for this market has left at least one surprise : Menlo’s entry into the visionaries’ square. The latter offers a different approach from traditional proxy servers to protect against threats passing the Web, by placing an isolation layer between Web content and the end user’s workstation to prevent potentially malicious active content from reaching it. . Symantec has recognized the merits of the concept and bought a competitor from Menlo in 2017, Fireglass, to integrate it into its Web Security Service offering .
For Gartner analysts, the isolation provided by the rendering offset is far from lacking interest. They recommend combining these solutions with “DNS redirection or the full proxy to raise the overall security level of companies with the most stringent security needs.”
Most importantly, John Watts and Lawrence Orans emphasize the importance of a technical choice that is aligned with security needs, as compared to the seven primary goals of the Web Access Security Gateways. These are the application and reporting of acceptable use policies, the blocking of URLs known as threat vectors, the prevention of malicious content downloads, the blocking of malicious active content present in web pages, the visibility and SaaS application protection – native or integrated with a Cloud Access Security Gateway ( CASB ) -, bandwidth management, and finally data leak prevention – again natively or in conjunction with a DLP solution .
DNS redirection appears to be the most limited functional perimeter solution, with the fullest proxy offering the largest, and Web rendering being at an intermediate level. But as analysts point out, “the use of DNS redirection does not provide all the functionality of DLP, but using a CASB with integrated DLP can bring that capability to SaaS applications.” Therefore, for them, “it is imperative to understand where the gaps are and how they are taken into account when choosing a secure web gateway architecture.”
In practice, John Watts and Lawrence Orans argue that the more modest-needs businesses that already have a firewall or unified threat management (UTM) appliance “may consider that the protections offered by these solutions meet to their needs. But beware, “Debit concerns are the biggest problem facing customers who use these solutions because more features are enabled.”
Analysts present service-mode firewalls as alternatives, believing that their range of features “puts them in a position to compete with secure Web gateway providers.” And mention there Cato Networks, CenturyLink, Opaq, Palo Alto Networks, and Zscaler.