Zero Trust Upgrade Your Web Gateway

Once you have been in cybersecurity for a while you start to see enterprise use cases which resonate in the right way and right now upgrading your web gateway using the zero trust model is the one which resonates with me the most. What I like most about this zero trust upgrade is that I can isolate all the fucks I have to give about the malicious traffic passing through my gateway and call it a day.

What Is The Zero Trust Model?

The concept of zero-trust is rooted in the principle of “never trust, always verify” and revolves around the belief that you should never trust anything, even if it is already inside your security perimeter. This translates into shutting down user access to the network, specific machines or domains until the user is properly identified and authenticated as having permission to access anything. It also means isolating elements of your IT infrastructure to prevent lateral movement across it.

The Zero Trust Architecture model was created by John Kindervag and zero-trust architectures primarily work towards preventing lateral movement through your networks by intruders. When you consider that the point of infiltration is hardly ever the final target of an attacker, you understand why preventing movement through your IT infrastructure is important. Zero trust rejects the notion of the ‘defending the perimeter’ and makes the assumption that everything inside your perimeter is a threat.

Zero trust architectures have been adopted by some of the largest companies in the world, including Google who adopted the zero trust model earlier than most. With close to 100 thousand employees and even more devices connected to their networks, their risk was further increased by ever-increasing third-party integration with partners, systems, and clouds. Traditional perimeter-based security models were simply not flexible enough to keep Googles infrastructure secure from intruders.

What Is A Web Gateway?

A web gateway is the security appliance which sits between your IT infrastructure and the outside internet, it enforces your organization's network security policies and filters out any potentially malicious web traffic in real-time. A good web gateway will protect your users from accessing potentially malicious websites and becoming infected by the malware payloads on them. The web gateway will inspect your user's web traffic in real-time, analyze its content against corporate policies and threat analysis feeds to ensure that malicious or inappropriate content is blocked.

There are lots of different web gateways out there from lots of different vendors and most of the time these are deployed in some kind of enterprise IT environment. No matter the web gateway or who makes it, they mostly all have the same problem, they are unable to correctly categorize all web traffic all of the time.

The best web gateways will have live threat feeds integrated into them coming from multiple sources so that they can properly categorize threats against them as they appear in their web traffic in real-time, but of course, you cannot categorize everything. When you cannot properly categorize some web traffic as a threat, or as safe, you have two choices, you can let the user access it (and keep them happy), or automatically block it (and annoy the user who will probably complain). What do you do?

Adopt The Zero Trust Approach To Web Traffic

According to Gartner, the vast majority of cyber attacks directly target the end user as they use the internet as they normally do, the web browser is the single biggest infiltration point on your networks, an open window into your IT infrastructure and your web gateway simply cannot recognize every threat that wants to climb through it. If you want to leverage a zero trust approach when it comes to your web gateway you need integrate remote browser isolation capability so that you have a third option when you cannot properly categorize a URL, you physically isolate it.

By properly integrating a remote browser isolation capability from a browser isolation vendor like WEBGAP, you can physically isolate URLs in real time and give your users access to websites and content that you would have otherwise blocked. You could go further and not to trust any URL that isn't in one of your own corporate domains and physically isolate every website. Why trust anything?

The Endpoint Is The New Perimeter

Remote browser isolation is the zero trust model applied to web browsing and a nod to the idea that our users are most vulnerable to attacks when they are using the public internet, with remote browser isolation you simply apply the zero trust model to every website and forget about the risk, safely isolating them into the cloud built to handle the risks and insulating your users from the risks of the public internet.

If you have lots of employees you probably block a lot of their URL’s on the daily and annoy them in the process. It is far more effective to isolate those URLs and let the user access them than it is to just block them, or take a risk and let that traffic through.

Adopting a remote browser isolation solution is a fantastic way to deal with the web traffic that you cannot categorize and strengthen your cybersecurity posture in the process. In many smaller businesses who lack the experience, resources or knowledge to properly secure their users from web based threats, they isolate all of their web traffic onto remote browsers and eliminate the web gateway element completely. In the enterprise though remote browser isolation forms part of the wider cybersecurity ecosystem and beautifully compliment web gateways as a solution.

By upgrading your web gateway with a remote browser isolation capability you can adopt the zero trust model and reduce the restrictions that you place on your employees and their online activity when they visit potentially malicious websites.

ProTip: Never trust, always verify and when you can’t verify it, physically isolate it.

About The Author: Guise Bule is the co-founder of remote browser isolation startup WEBGAP and the founder of Secjuice, he has been focused on solving the big problems in cybersecurity with isolation for close to a decade.

Find him on Twitter using @GuiseBule.