Symantec Secure Web Gateway - Product Update

Symantec, a division of Broadcom Software, recently beefed up its Secure Web Gateway (SWG) lineup with a new all-in-one SWG solution (Web Protection Suite) as well as a new hardware appliance to help enterprises better protect their networks, users and data from an onslaught of malicious website traffic on the internet and in the cloud. 

In support of our new Web Protection Suite, we transformed our HW appliances, separating the hardware purchase from the software purchase with enterprise subscription licensing. For customers, that means greater flexibility and cost savings when it comes to deployment. They can choose how to deploy the Symantec SWG solution – as a SaaS hosted service, in their own private cloud, as a virtual appliance or on dedicated hardware. We sat down with the Product Management Team for Symantec Secure Web Gateway to learn more. 

Q: What options do you offer to customers for Symantec’s Proxy-based SWG solution?

A: We offer customers a cloud-based solution and an on-prem solution, with our new subscription licensing, which gives customers a lot of flexibility.

But as we better understand our customers, we see that most want to go to the cloud but have developed many custom, on-premises integrations. To support them we have introduced a new offering called Symantec Web Protection Suite or WPS, which allows customers to have a license to run SWG anywhere, whether it's Symantec’s SaaS SWG service, a SWG appliance deployed on our S210 or S410 hardware or in a virtual environment or in the public cloud.

The new WPS license gives the customers the flexibility to run them where they are today, but migrate to the cloud tomorrow, or even next year – all in one single offering. We think of it now as a single SWG offering from Symantec, not as a set of discrete products, which makes it much easier for customers to transition at their own pace in terms of how they want to deploy our leading SWG solution.

Q: Symantec just announced an addition to its SWG appliance mix.  Can you offer a refresher on what Symantec announced last year and also talk about the significance of this new appliance? 

A: Sure, the S210 is a lower end version of the S410, which we announced last year. The S210 is meant to essentially complete the appliance line, starting with the S210 being able to support smaller regional or branch office deployments all the way up to high end data centers with multi-gigabit capacity using the S410. Both the S210 and the S410 support our new services framework that allows us to support multiple applications on these new hardware platforms. So, with all the work that's been developed for the S410, all those features are now available on the S210. 

Q: They essentially have the same set of capabilities across the entire hardware platform line?

A: Yes, that’s right. The benefit of the new S210/S410 ecosystem is that it allows you massive flexibility in adapting your workloads to the traffic profiles you have now, and then changing the mix around if you add new locations, add new users or have different workloads and policy for analyzing traffic. The new platform allows all that flexibility to essentially shrink, grow, resize, move or add new applications across our new hardware or in your own virtual environments (on-premises or cloud).

Specifically those capabilities include the ability to run high-capacity proxy applications in either discrete segmented workloads or as larger instances. You can essentially use the platforms to divide up your proxy workload. And more significantly, you can also add an advanced threat protection module with Symantec Content Analysis and pair that with proxies, if you want the most advanced protection for all your web security traffic.

Q: Given the changes in the threat landscape what do you think modern SWGs need now?

A: I think there are four key things that a modern SWG must be able to handle:

First, there's been a significant adoption of cloud-based applications that changes the traffic profile that a SWG needs to be able to handle. You're going from traditional, general, internet-based browsing, to a rise in traffic from cloud applications that some users may live in throughout the workday like Salesforce. A modern SWG must be able to handle that growth in cloud traffic and provide the same level of inspection and protection that customers are used to.

Next, an effective SWG solution must provide comprehensive coverage and easy-to-deploy flexibility so an organization can scale, migrate, move or adjust their deployment as needed. For fixed users this could include on-premises deployments on high-performing hardware, like we introduced last year and are adding to today, to virtual deployments or in a customer's own cloud environment, and our SaaS SWG service when users are roaming. No customer is alike and cookie cutter SWGs won't cut it.

Adding to that flexibility, a customer needs to be able to manage their intricate SWG policy across all their deployment. Basically a “create once, use broadly” policy mechanism. That's what our UPE or Universal Policy Enforcement allows. Craft the policy that is right for your organization, industry vertical or meets your internal compliance and security standards and apply it at HQ, branch offices, remote locations or roaming users.

Finally, an effective modern SWG must integrate with other technologies to align with SASE framework recommendations. It's more than just the basic proxy you deployed years ago...that proxy is still critical, it's the foundation that provides traffic decryption, full content analysis and deep file inspection. But it goes beyond that and includes dynamic sandboxing, remote browser isolation, DLP, and zero trust network access, along with other SASE components. The modern SWG has to be that foundation, and we’ve already completed the majority of these capabilities into our SWG to be SASE ready. That's what sets Symantec apart.

Q: How does the transition to the cloud increase potential vulnerability for enterprise users?

A: With the transition to cloud applications, if you look at every client application, they have to support an encrypted HTTPs session by default. Obviously, you wouldn't want to transfer plain text data over the Internet. And so, all of these modern SWGs have to handle newer TLS sessions. TLS 1.3 is the newest version that all browsers have adopted to provide end-to-end encryption to ensure that data in flight is fully protected between the user and the service that they're going to.

However, because it is encrypted, that's essentially where malware is going to hide since if you can't inspect the contents of that, you're blind to the threat, the malicious payload. And so modern SWGs need to be able to support the full range of TLS versions that cloud applications are using without security downgrade and continue to still inspect the TLS session to look for advanced threats. Symantec has been supporting TLS 1.3 for some time now.

Q: You mentioned that with the introduction of the new S410 a year ago, Symantec also introduced subscription licensing for those core components. What flexibility does that software licensing give to a customer when it comes to deployment options?

A: Subscription licensing provides not just the flexibility of being able to deploy the SWG capability wherever you want it, but you can manage it in all these environments: ESX, KVM, Azure, AWS, GCP - all with the same single license. So you're not limited to just the hardware delivery form factor; essentially you can use your SWG anywhere you need to deploy and consume it.

Q: With new licensing, this provides some additional benefits to the customer. What are those?

A: We've consolidated our license in two different ways. The first is that in the past, if you bought a Symantec SWG product, there were additional features that could be added on after the fact. And they had separate configurations to entitle that feature and to manage it. We simplified all of that to make it simpler to deploy.

We wanted to provide those features as core features so that customers wouldn't have to manage different pools or different instances. We included all the capabilities into the subscription for:

• decrypting encrypted traffic
• content filtering and threat protection
• threat categories
• risk levels

You also have the benefit of having that follow wherever you deploy the instance, rather than managing separate elements. That was one significant change in the transition to subscription licensing. 

The second consolidation with our license is that the framework collapsed the notion of managing individual discrete appliance instances into an aggregate capacity pool. So instead of buying, for example, 10 appliances or 10 virtual appliances, you just buy the capacity of 10 virtual appliances under a single license. This gives you the flexibility of deploying the equivalent of 10 new appliances, or wrapping that up into one large instance. The new license allows you to manage and resize your total computing needs – small or large – rather than managing an individual appliance. That's the flexibility of the subscription license.

Q: How do you charge for the solution?

A: We wanted to make this available in many different environments and have it be simple for the customer. We took the license and modeled it where your licensing is calculated by how much compute capacity you need to handle your SWG workload.

Q: You mentioned that there are some solutions now available as part of your subscription license that were separate before? 

A: The most important add on is the content and threat protection services on top of a proxy available through Content Analysis that delivers Symantec AV and advanced Machine Learning, and all the malware detection engines it includes. Two of the primary applications that run on the framework are Symantec Proxy and Content Analysis. With the proxy application we took all the threat and content feeds that are consumed by the proxy and allowed the proxy to automatically consume all those data services including:

• the content categories
• the security categories
• the reputation and risk level feeds
• the location feeds
• CASB application discovery feeds

You can use the proxy to understand all the traffic you see for URL categorization, threat risk scoring or cloud application usage. All those data services are a part of the subscription and are delivered directly to the proxy with no additional add-on costs. And all of the data that feeds it is automatically maintained, available and always up to date.

On the Content Analysis side, we did the same thing by including the Symantec malware detection engines as part of the base content application. Every customer has the benefit of consuming all the malware patterns and the engine updates directly onto the Content Analysis application without the need for a separate add on. One of the newer technologies on Content Analysis is the advanced machine learning that can do static policy analysis of content as well.

To learn more about our Secure Web Gateway (SWG) lineup with a new all-in-one SWG solution (Web Protection Suite) please contact us here. At Symantec, we continue to focus on helping enterprises better protect their networks, users and data from an onslaught of malicious website traffic on the internet and in the cloud with our industry leading solutions. Make sure you are protected with the best.