Your Secure Web Gateway Needs a Cloud Makeover

Feb 15, 2022
4 minutes
... views

In the early days of computing, leading engineers thought that 640K of computer memory ought to be enough for anyone. And not long ago, most employees worked at corporate offices, accessing all of their apps and data from the corporate datacenter. Teams of network and security professionals worked diligently to secure office environments from the threats that lurked outside their walls, deploying a wide range of multi-vendor, on-premise appliances, including web proxy appliances, to provide employees with internet access and security. 

Fast forward to today and we see significant numbers of employees frequently working from anywhere but their corporate offices. At the same time, the datacenter is no longer the center of the universe, dethroned by the massive adoption of cloud infrastructure, cloud applications, and other cloud services. Employees now access a variety of work applications that reside both in the cloud as well as the on-premises datacenter from anywhere--including their home offices, coffee shops, parks, and more--via a combination of employer-provided and personal devices. So what does the new world of working from everywhere mean for on-premises datacenter secured with legacy, on-premises web proxy appliances? And how does this traditional architecture impact remote worker access and productivity?

Research shows that this paradigm poses significant challenges for security professionals, including:

  • Limited app coverage. Over half of all remote workforce threats are for non-web apps, which are invisible to web proxies. Security teams can’t block what they can’t see, and the risk of a data breach increases without security for all web and non-web apps.
  • Incomplete security. Multi-vendor legacy products fail to provide complete, consistent security across all users and locations. On-premises web proxy appliances weren’t designed for cloud-based apps, so they lack the flexibility and scalability required in today’s environments. Also, the lack of integrated security policies, single-pane-of-glass management, and limited visibility expose organizations to advanced threats.
  • Poor end-user experience. Remote workers often struggle with slow network performance caused by backhauling all internet-bound traffic to the on-premises datacenter for inspection. This approach made sense when most users were at the main office, but it results in bottlenecks now that most workers are remote. Poor performance, along with inconsistent app access that can vary depending upon the user’s device permissions and location, results in frustrated users, reduced productivity, and more calls to the IT support desk.

A Modern, Complete, Cloud-Delivered Solution

Research from ESG Global shows that many organizations are open to a new secure web gateway approach, with only 8% of survey respondents indicating they are very satisfied with their current solution and not planning to change any time soon.

Today, organizations require a solution that seamlessly protects their remote workers as they access web and non-web applications from just about anywhere. The cloud secure web gateway capabilities within Prisma Access deliver modern, complete cloud security, as well as:

  • protection for all app traffic, with access to all apps and securing against all threats, not just web-based apps and threats, reducing the risk of a data breach by up to 45%.
  • complete, best-in-class security with industry-leading capabilities converged into a single cloud-delivered platform, providing more security coverage than any other solution with 4.3M unique security updates per day, 24.5x more than our nearest competitor.
  • exceptional user experience with our massively scalable network that provides ultra-low latency, backed by industry-leading SLAs, to ensure the best digital experience possible for end-users. We provide 10x more total encrypted tunnel throughput than the nearest competitor, with performance SLAs that are 10x better than any other cloud-delivered service.

The cloud secure web gateway capabilities within Prisma Access protect all users and applications across multiple connectivity options, using: 

  • the GlobalProtect agent to secure all ports and protocols, protecting web and non-web traffic for managed mobile devices.
  • agentless access for full protection of unmanaged devices.
  • IPSec for a seamless connection to branch offices.
  • a transition from legacy, on-premise, proxy-based solutions to our complete, cloud-delivered security platform with cloud-explicit proxy, no network architecture changes required.

In addition, Palo Alto Networks is the first vendor to introduce machine learning (ML)-powered security capabilities to our already impressive arsenal of best-in-class protections. Prisma Access leverages machine learning for proactive real-time and inline zero-day protection, introducing multiple industry firsts:

  • Prevention of up to 95% of unknown file and web-based threats instantly with inline ML. 
  • Prevention of other unknown threats in near real-time using zero-delay signature updates.
  • Extended visibility and security to all devices, including never-seen-before IoT devices, using ML-based detection, without the need to deploy additional sensors.
  • Automated policy recommendations that save time and reduce the chance of human error.

Learn how the cloud secure web gateway capabilities in Prisma Access can help your organization protect all users and applications, everywhere.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.