From theregister.com
Defcon Secure Web Gateways (SWGs) are an essential part of enterprise security, which makes it shocking to learn that every single SWG in the Gartner Magic Quadrant for SASE and SSE can reportedly be bypassed, allowing attackers to deliver malware without Gateways ever catching on.
Using a tactic he’s dubbed “last mile reassembly,” SquareX founder and long-time security researcher Vivek Ramachandran said he’s managed to suss out more than 25 different methods to bypass SWGs, all of which boil down to the same basic exploit: They miss a lot of what’s going on in modern web browsers.
“[SWGs] were invented almost 15, 17 years back [and] it all started as SSL intercepting proxies,” Ramachandran told us. “As cloud security became more important people built out this entire security stack in the cloud.
“This is really where the problem begins.”
SWGs, Ramachandran explains, are mostly relying on their ability to infer application layer attacks from network traffic before they make it to a web browser. If, say, the traffic wasn’t recognizable as malicious, the SWG might not detect it, instead delivering it to a user’s browser.