A web page is made up of many individual pieces of data and may come to the user hundreds of individual packets, so this ability to 'look inside' them is crucial.
The device can then make decisions based on user, file-type, MIME-type, active content type, original web site, time of day, browser, user, group, site of user and other such factors. It can also take individual objects and redirect them to virus scanning devices, something that is not possible if the only understanding gained is on a packet-by-packet basis. There is a further parallel to be drawn over virus scanning, which is similar in its function to x-raying hand luggage, while metal detectors that passengers must walk through are like removing mobile code such as Java and Active-X.
Acting On Intelligence
Security gateways, also, provide an enterprise with complete logs of every user, every request, everything that happens. They allow security-critical statistics to be analysed, such as time online by user, users creating the most Web traffic, most popular sites, split of data by site category, the amount of streaming data and types of browser in use.
This gives the organisation far better information on which to act. Take the usual security system based largely on firewalls, which list traffic only by IP address, not by user. From a HR perspective this is useless, as management cannot discipline staff if they are unsure who is doing what, and so the threat pervades.
So, just like airlines who need to know their most important customers, who habitually arrives late at check-in, who uses multiple airlines, and who is loyal, security gateways can show what each user does, for how long, and where they go. Then the company's management can ascertain whether there is a problem that needs to be addressed.
Implications For The IT Function
The most significant capability on security gateways is the quantum leap in security sophistication that they deliver to the enterprise. Essentially, they allow organisation to upgrade or downgrade their security curtain as circumstances dictate, just like an airport.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.