SOCFortress Integrations — McAfee Secure Web Gateway (SWG)

SOCFortress
2 min readJan 8, 2024

--

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of McAfee Secure Web Gateway (SWG) security events using a single pane of glass.

About McAfee Secure Web Gateway (SWG) — Skyhigh Web Gateway

Skyhigh Web Gateway, now part of the McAfee Secure Web Gateway (SWG), is a web security solution designed to protect organizations against web-based threats, secure user activity, and enforce compliance policies. It offers features focused on securing web traffic, providing visibility, and controlling access to various online resources.

Key aspects and features of the Skyhigh/McAfee SWG include:

  • Web Security: Protects against web-based threats such as malware, phishing attacks, ransomware, and other malicious content by filtering web traffic.
  • Content Filtering: Controls access to websites and web applications based on predefined policies. This includes URL filtering, application controls, and filtering based on content categories.
  • SSL Inspection: Provides the ability to decrypt and inspect SSL/TLS encrypted traffic for threats and policy compliance.
  • Data Loss Prevention (DLP): Monitors and prevents sensitive data from leaving the organization via web traffic, helping to maintain compliance with regulations.
  • User Authentication and Access Control: Enforces authentication mechanisms and access controls for users accessing the web, ensuring appropriate permissions and policies are in place.
  • Integration and API Support: Provides integration capabilities with other security tools and platforms via APIs to enhance security posture and streamline operations.

Ingesting Skyhigh Web Gateway

Remote syslog forwarder configured in the web gateway appliance (standard syslog)

Visualizations

Quick stats in Landing page:

Events by gateway appliance, severity levels and URL Categories:

Events by HTTP version and URL Risk Categories:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress
SOCFortress

Written by SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).