10 questions every Security Architect should answer before selecting a Secure Web Gateway – part II

This blog post is a continuation of a previous article I wrote, which introduces a checklist to be evaluated by security professionals when selecting a Secure Web Gateway (SWG) solution.

As you may imagine, this list is not exhaustive, the idea is to encourage discussion, which can lead to a list of requirements and desired product features.

To read the first part, click here.

Does the solution provide…

6 – easy to use troubleshooting capabilities?

That’s one of the most important aspects to be considered, especially during proof of concept tests. For technical readers: does it provide an equivalent to tail -f  and grep for querying on logs?

Relying on a report, which may take ages to run, is definitely not an option. Also, make sure log content will enable administrators to query for, at least, the following information : timestamps, username, source IP address, URI(URL), HTTP method, error codes and policy/rule match.

7 – access to good documentation and training resources?

It’s handy to have that question mark on the top right corner, but useless when it does not point to a place where you can find what you are looking for. Documentation is a key point during troubleshooting as well, before escalating an issue it should be considered, so make sure it is comprehensive and easily accessible.

Professional training shouldn’t be overlooked during budget reviews, and if you miss it, don’t fail twice, make a good deal out of negotiation. Some vendors provide training as a benefit for choosing their product, so make sure you get your team trained and, preferably, certified.

8 – backup and auditing capabilities?

This is self-explanatory but, believe me, there are products that still lack such features. And when asked about how to keep track of changes or how to restore a configuration state, they dare suggesting you to rely on screenshots!

The ideal solution would allow high privileged administrators to track changes made to the system (who, what, when), this should also be part of a configurable log/audit trail, not to be mixed up with question #5, which addresses log exporting capabilities only. Here it’s more about change/configuration management.

There must be a way to save and restore system configuration, including core elements, such as network and policy settings.

9 – presentable and comprehensive reports?

By presentable I mean easy to read and understand reports. Those famous “top 10 users” like reports are useful for some teams and also can serve as a baseline for metrics (bandwidth consumption, for example). Some products also allow administrators to export detailed reports in several file formats, such as CSV, which is always good since that data might represent input for other systems.

10 – caching capabilities?

Saving network resources seems to be a good decision, especially when the company does not have a high bandwidth internet connection. By caching static content (images, CSS, javascript), the solution is able to rapidly deliver content and, this way, network resources are freed up for other processes.

Few tweaks can represent a huge difference in performance, so carefully evaluate whether it’s worth changing defaults. There are several caching settings available, depending on the product: cache size, cache location (memory, filesystem),  objects storing algorithm, time to live and so on. The more features you have, the more chances to make mistakes.

One thought on “10 questions every Security Architect should answer before selecting a Secure Web Gateway – part II

Comments are closed.