Converged security and networking to securely connect any user, device, or site to any workload or application.

Versa Secure Access Fabric Versa Zero Trust Everywhere Versa Titan Versa SASE Architecture Versa AI
Security Service Edge (SSE)

Secure user access to the web, cloud services, and private applications

Versa Secure Private Access

Zero Trust Network Access (ZTNA)

Versa Secure Internet Access

Secure Web Gateway (SWG) Firewall-as-a-Service (FWaaS) Cloud Access Security Broker (CASB) Data Loss Prevention (DLP) Remote Browser Isolation (RBI)

Versa Zero Trust - Premises

Secure Networking

Software-defined networking solutions with security built-in

Versa Secure SD-WAN Versa Secure SD-NIC Versa Secure SD-LAN Versa Routing Product Component
Solution Overview Work-from-Home Solutions WAN Edge Solutions Secure SD-WAN Security Routing Lean IT Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Federal Government Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Satellite ISP Technology Transportation
SASE ROI Calculator

SASE can save your company a lot of money. Use the industry’s-first SASE ROI calculator to quantify the cost savings you can achieve in services, asset consolidation, and labor when deploying Versa SASE.

Try It Now
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Top Energy Firm Global Satellite Provider Global Pharmaceutical Company Large Food Retailer National Dental Practice Global Retailer Global Financial Services Firm
  Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Case Study
Partner Overview Program Summary Technology Partners Microsoft Azure Google Cloud Dell Technologies
Titan for Partners Find a Partner Become a Partner Partner Portal
 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Read the Report
What’s New SASE ROI Calculator Analyst Reports Webinars
Videos Datasheets Solution Briefs White Papers & eBooks
Certificates Versatility 2023 Product Documentation Versa Academy
Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage Events
Careers Current Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
Secure Access Service Edge What are the Major SASE Components? What is Secure Web Gateway? What is ZTNA? What is CASB?
A Quick Introduction to SASE Architecture How to Adopt SASE Primary SASE Challenges Network Transformation with 5G
Why is SASE Necessary? What Kind of Company Should Use SASE? What are the Primary SASE Benefits? How Can SASE Help You and Your Organization?
Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location.

Read the Brief
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

The Versa Networks Blog

Industry Insights

SWG VS FWaaS

avik-bose
By Avik Bose
Principal Systems Engineer, Versa Networks
October 17, 2022

Introduction

With the initial introduction of the Secure Access Service Edge (SASE) model in 2019, Gartner defined a framework for a converged security and networking services category. This product category quickly gained broad industry adoption due to accelerating global trends, such as the need to accommodate Work-from-Anywhere (WFA) use cases. As a further response to industry trends toward adoption of SaaS and Cloud applications, Gartner introduced the Security Services Edge (SSE) category in early 2022 to provide a cloud-centric model for security. Most SSE vendors today offer FWaaS as a part of their SSE offering. Most SSE vendors also include Secure Web Gateway (SWG) in additional to FWaaS as a part of their core SSE offering and often there in not a very clear distinction between these two services, thereby creating additional queries with regards to the difference and use cases of these two products. The purpose of this article is giving more insight about these two services.

Definitions

Secure Web Gateway (SWG) as defined by Gartner is “A solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance.” What this entails is a security solution that inspects any outbound internet /web traffic and applies a wide range of security checks, including but not limited to URL Filtering, Application Control (allow sanctioned and Tolerated apps and apply granular controls on them like share, upload, download, login etc. while blocking Unsanctioned apps), Anti-Malware Scanning. Secure Web Gateways thus by design are limited to inspecting web protocols like HTTP and primarily for outbound traffic inspection.

Firewall-as-a-Service, as the name suggests, is a firewall that is hosted in a cloud environment and delivered as a service. The main advantage of Firewall as a Service is the scale as compared to traditional on-prem firewalls. The main use cases of Firewall-as-a-Service is to inspect traffic that may fall outside the purview of Secure Web Gateway and provide additional security features like ZTNA, Intrusion Prevention, Application Identification, etc. for outbound traffic inspection.

Differences

The following table illustrates the main key differences between Firewall-as-a-Service and Secure Web Gateway:

SI No Feature Secure Web Gateway FWaaS
1 Traffic Inspection direction Outbound Outbound
2 Protocol Support Internet/Web Traffic limited to HTTP, HTTPS All other protocols including DNS which are not inspected by Secure Web Gateway
3 Security Features Anti-Malware, URL Filtering, Application, Control for SaaS applications, SSL Decryption IPS, DNS Security, App Identification, ZTNA
4 End User Traffic on-boarding Method Explicit Proxy, PAC File SASE Client

Use cases

The following table illustrates the use cases where an organization may prefer to use FWaaS or Secure Web Gateway or both:

SI No USe Case Component
1 Inspect Branch Traffic SWG + FWaaS
2 Inspect only web traffic from remote endpoints Secure Web Gateway
3 Inspect all traffic from remote endpoints FWaaS
4 ZTNA SWG /FWaaS

Analysis

Today most of the SSE vendors offer both SWG and FWaaS as a part of their core SSE offering and generally do not provide a very clear distinction between these 2 services. Although most SSE vendors do offer both SWG and FWaaS as part of their core SSE offering, it can be confusing for businesses to understand the different value propositions for these services. The primary reason for the same is all the SSE vendors have as the primary Security Solution to be either a Secure Web Gateway or a Next Gen Firewall hosted on the cloud. Some Vendors have:

  • Next Gen Firewall as their core security offering on which SWG functionality have been added like the ability to onboard remote endpoints using an explicit proxy (PAC) file

while other vendors have.

  • Secure Web Gateway as their core security offering on which firewall functionality has been added to increase the number of protocols and services they can scan and provide additional security features like IPS.

However, as previously demonstrated, there is a clear distinction between Secure Web Gateways and FWaaS and each of these services have their own distinct use cases. It is advised that customer’s evaluating an SSE vendor, depending on their requirement, should either select a vendor which is offering

  • FWaaS with SWG functionalities or
  • a vendor which is offering Secure Web Gateway with FWaaS functionalities in-built. In addition, SSE Solutions of FWaaS with SWG functionalities offer some additional advantages as compared to SSE Solutions of SWG with FWaaS functionalities which are listed below:
    • Support for a wider range of protocols including voice protocols like SIP, VOIP, ACTIVE FTP.
    • Ability to apply the same set of security controls for both Internet and Private Access Traffic.
    • ZTNA engine is a part of the core firewall functionality and hence no additional components are required to implement the ZTNA solution including installation of additional VM’s.
    • Support for server-initiated traffic for Private Access

Conclusion

Versa SSE offers both SWG and FWaaS services from dedicated SSE Gateways using its highly rated Next Gen Firewall with SWG capabilities. Since, the Versa Next Gen Firewall Platform already has native capabilities w.r.t Dynamic Protocol Support, Integrated ZTNA Engine and one single policy for both Internet bound and ZTNA traffic. Versa SSE offers these unique advantages to its users.

  • Support for a wider range of protocols including voice protocols like SIP, VOIP, ACTIVE FTP and any additional protocol that involves Server to client-initiated flows.
  • Ability to apply the same set of security controls for both Internet and Private Access Traffic including but not limited to Anti-Malware, Device Posture check, Next-Gen IPS etc.
  • ZTNA engine is a part of the core functionality and hence no additional components are required to implement the ZTNA solution including installation of additional VM’s.
  • Versa SSE Platform offers a Unified SSE Solution with one UI for all SSE Components with one single policy engine.
  • Versa SSE platform offers the same set of FWaaS and SWG functionalities both for on-prem and cloud delivered services and hence can provide East-West segmentation and security for Branch traffic.
  • Versa SSE platform offers native TLS1.3 decryption support at scale both with client-less and Client-based modes of deployment.

Hit the Contact Us and drop us a line. We will get you in touch with a security expert to brief you how VERSA SSE can help your organization secure access to the web, cloud services, and private applications for any user irrespective of their location .


Topics



Recent Posts

Versa Security Research Team
Versa Security Bulletin: Palo Alto Networks PAN-OS GlobalProtect Zero-Day Vulnerability under Active Exploitation
By Versa Security Research Team
April 19, 2024
Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
Data Defense in Depth: Unifying Data Protection and Zero Trust through SASE for Ultimate Data Protection with Versa Networks
By Brad LaPorte, Gartner Veteran and Industry Expert, Lionfish Tech Advisors & Jon Taylor, Director and Principal of Security, Versa Networks
April 17, 2024
Jon Taylor
CyberRatings.org Recommends Versa Networks as a Top Tier Next Generation Firewall for Cloud Deployments
By Jon Taylor
April 3, 2024
Versa Security Research Team
Versa Security Bulletin: ConnectWise ScreenConnect Authentication Bypass and Path-Traversal Vulnerabilities
By Versa Security Research Team
March 8, 2024
Versa Security Research Team
Versa Security Bulletin: Volt Typhoon Exploitation of N-Day and Zero-Day Vulnerabilities
By Versa Security Research Team
February 28, 2024


Top Tags


Gartner Research Report

Gartner Magic Quadrant for WAN Edge Infrastructure

Gartner Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.