Symantec Web Protection Suite: A Single Gateway for Web and Cloud Applications

The world is changing. The internet is changing. And the security demands on your network need to keep pace. If you had to describe your ideal Secure Web Gateway (SWG) with five words, hopefully Secure is at the top of your list. It’s even in the name. Soon thereafter, do words like Dependable, Flexible, or Capable come up? At Symantec, a division of Broadcom Software, we believe they should.

Whether in the office, at home or on the go, modern workers need access to web content and cloud applications to maintain high levels of productivity. If you can’t provide fast, secure access to that information, some “resourceful” employees will find other means to get it - behavior that poses a direct threat to their enterprise networks.

When it comes to managing and monitoring cloud applications, many information protection and compliance professionals count on the comprehensive Cloud Access Service Broker (CASB) capabilities enjoyed by our Symantec DLP Cloud customers. They get enterprise-grade protection for data in-motion and at-rest with an amazing set of controls and other management capabilities. However, sometimes a complete CASB solution is more than what you immediately need. In those cases, the dependable, flexible and highly-capable Secure Web Gateway (SWG) functionality in Symantec Web Protection Suite may be the perfect solution to solve many common CASB use cases.

SWG Leadership

The Symantec Secure Web Gateway has helped shape the entire SWG market. Our flagship SWG offering - Symantec Web Protection Suite - is a turnkey solution that includes centralized management, reporting, world-class threat intelligence, sandboxing, SSL inspection, isolation, and many of the features and functionality of Cloud Access Security Broker (CASB) solutions.

Symantec Web Protection Suite (WPS) includes visibility into the use of over 35,000 cloud applications to provide insight into Shadow IT and enable the blocking of unsanctioned applications. Indiscriminate blocking access by category is an old-school approach to a modern problem. The fact is, you want to enable secure and controlled access to foster productivity. And Symantec Web Protection Suite is up to the task.

Four Levels of Control

Symantec Web Protection Suite provides four new Application Visibility and Control features that are designed to work independently or in combination to solve even the most nuanced cloud application access problems. They enable more granular security by grouping applications and application functionality into types of use. Using application identification in this way ensures setting access policy controls is both easy to understand and simple to apply. 

The best way to understand how the controls work is to think of the policy on a sliding scale. On one end of the scale is the broadest definition and level of control. On the opposite end is the narrowest and most fine-grained level of control.

The four categories, or levels of application visibility and control are:

1. Application Groups
   Application Groups is the broadest way to look at cloud applications. Web Protection Suite customers can control up to 200 different application groups. In fact, every catalogued application on the web belongs to at least one. Examples of applications groups range from Backup to Billing & Invoicing, FileSharing to Workflow Management, and just about every other cloud application you can imagine
    
2. Application Names and Visibility
   Individual Application Names provides the capability for enterprises to target  specific apps they need while controlling the full Application Group. So, if you have a corporate account with Box you can create a policy to allow it, while blocking the rest of the File-Sharing app group. Identification alone has great value, and a simple to use, screen-based dashboard tool allows security managers to select from the applications seen and set policy to block them as needed.
    
3. Application Attributes
   Application Attributes expose additional meta-data about applications for even more granular control. Symantec, as a division of Broadcom Software, maintains over 200 attributes across it’s database of cloud applications enabling policy that can be combined with other criteria to meet security requirements. For example, enterprises could block access to all cloud applications which do not have proper certifications such as ISO27001 or SSAE-18 SOC2 Type II.  Or combine Application Groups with Attributes to protect your user’s privacy, for example only permit access to Health Care applications which have HIPAA compliance policies.
    
4. Application Operations
   Application Operations provides the most granular control of all. It drills down into specific operations of an application to apply further controls to what users can do. An intuitive policy editor allows administrators to select specific actions permitted for individual applications. Users can be permitted to interact with some of an application’s operations and denied access to others, such as allow downloads but deny uploads for certain file-sharing applications.

CASB for the Masses

The CASB capabilities of Web Protection Suite supercharge access security for the new realities of an expanding web and growing user population. It offers enterprises the SWG they need to answer the challenges of a changing world and internet. Each Web Protection Suite license follows-the-user whether you choose a cloud-delivered, on-prem, or hybrid security architecture. They can securely access cloud applications from your office, from home, from the airport, or anywhere in between. 

When a fully-capable CASB solution is more than you need for now, Web Protection Suite’s CASB features may be the perfect solution for you. Then when you’re ready for the full-featured CASB solution, powered by the Symantec CloudSOC engine, just let us know. We’ll be happy to help you step up.