Blog Post

How To – Improve Your Secure Web Gateway Rollout With Endpoints

Today, we’ll go over how to monitor and test your new secure web gateway rollout using data from Catchpoint’s endpoint clients.

The principles of network security didn’t change overnight, but our abrupt transition to a remote workforce dismantled traditional concepts of how we secure our network. Offices were designed for people to access their resources on-site or through a few well-defined locations; security took the form of inline firewalls, web gateways, and VPNs that were routed through a datacenter or other resource hub. Even before lockdown, this kind of thinking was getting exploited and sidestepped too often to stay relevant.

Secure web gateways (SWG) like Zscaler, Forcepoint, and NetSkope have emerged to help people define virtual perimeters – when business-critical information is stored on IoT devices and applications in the cloud, it is more important than ever to have rails in place for your user and well-defined security protocols for your intellectual property.

By nature, a secure web gateway is a software that is usually directly installed on employee devices. All the activity that your users generate during the day will first go through the SWG, allowing that traffic to be inspected, vetted, and sanitized by the protocols that you have defined in the system.

While this emerging technology is a lifesaver for organizations in general, it can create some performance challenges.

Say I’m an end user in Brazil, for instance, and my company has just finished implementing Zscaler on my team’s laptops. My default settings are going to route my traffic through a node in Sao Paolo – along with everyone else who has Zscaler –and this is one of the largest metropolitan areas in the world. At peak hours, the Zscaler node will likely be 99% saturated, meaning I’ll frequently end up in a bottleneck with disruptive amounts of latency and packet loss. Even worse, there won’t be a clear way to troubleshoot this from my end… If you’re on the network team, how long would it take to figure out that the SWG is the issue while you’re on the line with your ISP and they’re reporting no issues across the board? Similarly, if an employee is reporting a network issue after implementing a secure web gateway, how would you troubleshoot their issues if you have no visibility over the critical path to the application?

The solution to this lies with Endpoint Monitoring. If you have visibility directly from the end user, you’ll be able to quickly separate device, local and WAN-level issues. Catchpoint’s Endpoint Monitoring can analyze a wide array of web browsing metrics, including local WiFi strength and quality, how long it takes for services to allow user interactions, and perhaps most importantly, the critical path between the endpoint and the monitored service.

Catchpoint has the largest and most effective synthetic node network in the world, and our endpoint client will help extend your reach even further by pulling live, actionable metrics directly from your users.

Today, we’ll go over how to monitor and test your new secure web gateway rollout using data from Catchpoint’s endpoint clients.

Over the course of this video, we’ll cover:

  • What secure web gateways are, and how they’ll interact with your employees’ devices.
  • How endpoint clients can help you monitor and troubleshoot network issues.
  • How to measure network metrics for your SWG-enabled endpoints inside of Catchpoint.

Let’s hop in!

Synthetic Monitoring
Network Reachability
This is some text inside of a div block.

You might also like

Blog post

Traceroute InSession: A traceroute tool for modern networks

Blog post

Adobe Experience Cloud Outage: The Impact of Relying on Third-party Services

Blog post

Internet Sonar: A Game-Changer for Incident Detection