Definition
A Secure Web Gateway (SWG) is the security control point for outbound web traffic. It performs SSL inspection, URL filtering by category, real-time malware analysis, sandboxing for unknown files, content controls (CDR), and policy enforcement by user / group / location. Traditional SWGs were on-prem appliances (Blue Coat ProxySG, McAfee Web Gateway); modern deployments are cloud-delivered (Symantec Cloud SWG, Zscaler ZIA, Cisco Umbrella). Cloud SWG is the practical implementation of the web-security pillar of SSE/SASE - sitting between users and the internet regardless of where users sit. Symantec Cloud SWG (also marketed as Web Security Service / WSS) is the cloud evolution of ProxySG, with deep SSL inspection, granular policy, and tight integration with CloudSOC CASB and Symantec DLP.
Symantec products that implement this
- Symantec Cloud Secure Web Gateway - Cloud-delivered web security with SSL inspection, URL filtering, sandboxing, content disarm, and CASB integration. The cloud successor to the ProxySG appliance.
Related terms
- CASB (Cloud Access Security Broker) - Security layer between users and cloud apps; provides visibility, governance, and DLP for SaaS.
- ZTNA (Zero Trust Network Access) - Identity-driven, application-level access to internal apps - the modern replacement for VPN.
- SSE (Security Service Edge) - The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
- SASE (Secure Access Service Edge) - Convergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.
- RBI (Remote Browser Isolation) - Security technique that renders web content in disposable cloud containers; malicious code never reaches the endpoint.
Deep-dives on SWG
- ProxySG to Cloud SWG migration: a step-by-step engineer's guide - Migrating from on-prem ProxySG appliances to Symantec Cloud SWG (WSS) is the second-most-common Symantec project of 2026. The playbook: poli…