What Is an SWG?

Why Do We Need SWG?

The era of using only enterprise data centers (EDCs) to access data and applications has come to an end. Simply protecting data centers (DCs) is no longer sufficient for meeting today's security requirements. Internet access is vital, but this brings many security threats and data leakage risks. To prevent this, there is a pressing need to regulate online behavior. For example:

• It is difficult to manage employees' online behavior, which brings security risks. Complex traffic composition (where entertainment generates a lot of the traffic) makes it difficult to ensure the traffic of key services.
• Visiting non-work-related websites during working hours reduces work efficiency.
• Employees can browse, publish, and spread illegal content, which affects the company's image or even causes legal risks.
• Employees may upload or publish confidential information to the Internet.
• Employees can email or browse confidential, gambling-related, pornographic, or other socially unacceptable content, which damages the enterprise network.
• When the intranet is congested, employees fail to access work-related websites, affecting workforce productivity.
• In some special industries, real-name authentication and Internet access are required.
• Some enterprises or organizations have security baseline requirements that mandate the storage of audit logs. Additionally, there are some specific guidelines for online and published content to avoid any negative impacts caused by illegal speech, websites, and other content.

What Are the Benefits of SWG?

• Regulated online behavior:

  Detailed audits and database with massive signatures help manage employees' online behavior by, for example, strictly controlling access permissions and prohibiting illegal or non-work-related behavior. In this way, workforce productivity is improved, and a more secure office environment is created.

• Intelligent bandwidth management:

  Key services are preferentially guaranteed, and P2P behavior is restricted to ensure service continuity and stability. Idle bandwidth resources are automatically allocated to improve bandwidth usage. Moreover, user traffic packages are customized, and applicable bandwidth is provided for users whose package traffic exceeds the quota.

• Egress gateway:

  The SWG offers high-performance NAT that ensures resource access for intranet and Internet users. It also provides various multi-egress uplink selection mechanisms to integrate service requirements and enhance service and data reliability. In addition, the SWG provides border security protection to effectively filter out unauthorized access.

• Auditability:

  Browsed information is stored locally. The stored data is in a clear, easy-to-understand format, so administrators can clearly understand the landscape of activities taking place on their company's network.

• Wireless marketing:

  Application access is accelerated and Internet access is improved. Network account statistics are collected and online behavior tracked in real time to create user profiles which can then be used for more precisely targeted marketing.

• Real-name authentication:

  Various and flexible real-name authentication modes are available to meet regulatory requirements, filter out unauthorized anonymous users, and prevent unauthorized users from stealing key data from the network.

What Are the Differences Between SWGs and Firewalls?

An SWG and firewall perform similar tasks, but they have the following differences:

Firewalls provide overall protection for network-wide traffic, focus on in-depth detection and refined control at the application layer, including application identification and control, and integrate a host of advanced security capabilities such as intrusion prevention system (IPS) and antivirus. All of this helps to ensure high network security.

SWGs focus on web security protection, including URL category filtering and antivirus, with the aim to safeguard web access. In addition, numerous functions such as access control, rate limiting, and traffic steering are provided to regulate and audit users' Internet access behavior on a per-user basis.

SWG Products

• Huawei firewalls also provide the URL filtering function to control users' URL access requests, helping to regulate online behavior.

  For more information about related products, visit Huawei firewall. For details about product configuration and maintenance, visit Huawei Firewall Product Documentation.