Web security gateway Overview: Best deployment Method

Source: Internet
Author: User

Web security gateway can significantly improve the overall security status of an enterprise, but it is not a product that is "deployed immediately forgotten, the deployment, configuration, and maintenance modes of the Web security gateway affect the security level it provides. In this article, we will discuss how to maximize your investment in Web Security Gateway by optimizing deployment, configuration, and maintenance.Select a Web security gateway deployment policyTo maximize the advantages of Web security gateway, enterprises must establish clear security objectives and understand the advantages and disadvantages of various deployment policies. Although traditional physical devices are still very popular, they are increasingly interested in Virtual Devices. As the deployment is relatively simple, cloud computing-based Web security gateway services are becoming increasingly popular. In fact, many such products now use cloud services to provide real-time URL search and credit services. It is already widely used to deploy Hybrid Elements that combine internal, hosted, and cloud computing. The key to success lies in choosing products or services that can be integrated into existing IT infrastructure (especially security infrastructure), and such products or services must be able to handle current and future network traffic loads. Products targeting small and medium-sized enterprises provide protection against basic threats and are easier to manage. enterprise-level products and services provide enhanced protection against advanced and targeted threats, however, more skills and resources are required for management. For enterprises with limited internal resources or professionals, cloud computing-based products and managed products are often a better choice. However, these options mean that enterprises need to hand over data to third-party systems and individuals, so do not forget to consider related compliance requirements. In addition, compared with the enterprise's internal Web security gateway, the disadvantage of these products is that they cannot use bandwidth and application control to block unnecessary traffic on the Internet, because the traffic needs to be transmitted to the cloud service for analysis. The proxy architecture is the most effective for the Web security gateway deployed inside the Enterprise. By forcing all Web traffic to stop at the web security gateway, it can allow or block any traffic before the traffic enters or leaves the network. Meanwhile, traffic is replicated and forwarded to the web security gateway for analysis through embedded passive monitoring deployment (also called TAP deployment. If the threat is not detected in time, the threat cannot be completely blocked because the traffic is not blocked in the embedded proxy configuration. The deployment of TAP is easier to deploy and change, and is also conducive to implementing enterprise policies. However, it is definitely not a reliable protection against network threats. Many Firewall vendors have begun to integrate the Web security gateway feature into their products, but the complexity of modern threats makes unified Threat Management (UTM) and other devices useless. For high-capacity networks, it is best to use a firewall to filter and block low-level network traffic, such as prohibited protocols or port requests, before traffic is transmitted to the Web security gateway. In this way, you can achieve an appropriate balance between performance and in-depth analysis. Before deploying a Web security gateway, you must ensure the normal operation of the existing security control. Otherwise, you must face poor security control, web security gateway only provides limited protection and does not provide additional protection. For example, because the Web security gateway adds a new device to the network, the enterprise must check the network topology of the enterprise and ensure that the network is correctly partitioned for different types of data and processes. In addition, investigate other security devices on the network, identify the types of threats these devices use to block, and record the rules and filters they use to enforce security policies. Determine who will sort the information and how to review the information. Enterprises must avoid such a situation, that is, neither the Web security gateway nor the endpoint device can defend against certain threats. As employees are critical to the security of all businesses, make sure they are informed of the latest social engineering attacks. Teach them how to identify potential attacks or recognize malicious links, so that you do not need to rely entirely on web security gateway to avoid network attacks.Reflect acceptable usage and compliance policies to the Rule SetControlling employees to use social networking websites is important because, although many such websites are valuable business tools, they also bring security risks and reduce productivity. Web security gateway can help enterprises deploy complex rules to enforce security policies, because they can provide visibility into network traffic. Observe the real-time bandwidth utilization or website access information so that administrators can adjust acceptable usage and security rules to optimize production efficiency and security. The granularity of fine-grained control provided by Web security gateway means that these rules can be specific to specific applications, rather than completely allow or deny rules that control ports and protocols. In addition, assigning bandwidth priorities for key applications means that enterprises do not need to prevent all employees from using a Web application or miss the advantages of cloud computing and mobile applications, while effectively implementing security policies.Development process used to review and investigate alert improvement Rule SetsWhen a rule is violated or reaches a predefined threshold, Web security gateway generates an alert, and an enterprise needs to deploy a program to process the alert, to ensure fast, effective, consistent, and organized responses. Priority sorting of events is very important, especially when multiple events need to be processed. Events involving high-value or key business systems or data, or events that may cause further damage, should be handled first. Finally, to quantify and evaluate the efficiency of web security gateway, enterprises need to record the event type, quantity, cost, and alert information. Continuous monitoring of visual responses to Web security gateway dashboards and traffic types allows administrators to reduce the number of false positives and improve bandwidth rules. Enterprises also need to establish an audit procedure to check that the rule set is executed as expected and that the security policy is correctly implemented.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.