What is SWG
-
SASE?,
SSE?,
SWG is subset of SSE for security.
1. Requirements
Functional
-
1. Filtering and monitoring web traffic to enforce security policies
2. URL Filtering: Some URLs are marked as filtered and policies are enforced on their access.
3. Web Traffic Filtering: Inspect/filter web traffic in real-time, allow/block access to websites based on predefined security policies.
4. Malware and Threat Protection: Scan & block web content for malware, viruses, and other malicious code.
5. Data Loss Prevention (DLP): Enforce DLP policies to prevent sensitive data from being leaked or shared.
6. SSL/TLS Inspection: SWGs can decrypt and inspect encrypted web traffic to detect threats hidden within encrypted connections. This is crucial as many threats now use encryption to evade detection.
7. User Authentication: Integrate with identity and access management systems to enforce security policies based on user roles and permissions.
8. Reporting and Analytics: Generate reports and provide insights into web usage patterns and security incidents.
9. Cloud-Based or On-Premises: Can be deployed in the cloud/on-premises, or as hybrid solution, depending on an organization’s requirements and preferences.
10. Mobile Device Support: Protect mobile devices, ensuring that users are secured even when they access the internet from smartphones and tablets.
11. Anomaly detection:
Non Functional
- Scalable, Reliable, Fast, Highly available
3. Databases & Events
Databases
| Database | Stores |
|---|---|
| MySQL | 1. Cust-Public,pvt keys are stored in HSM(Hardware security module):
When tenant is onboarded, Cert hierarchy is created. All keys, certs, signatures stored here. 2. All tenant data 3. Storing meta data for Druid cluster |
| Redis (key/value store) | Generic task queing and task broker(Apart from kafka, when all nodes are not prod,cons) |
| Mongodb | Events which are fed to kafka are stored here and it acts as source of truth |
Event Pipeline/Message Buses
-
1. Kafka: Event Producers: Services. Services reach Evt-Svc, which puts events in kafka & also into mongodb
Events Consumers: Druid OLAP
2. Zero MQ: In memory fast storage, high performance. Whereas kafka is persistant datasource
Metadata of Distributed Systems
- Zookeeper
Observability
- Sumologic, Datadog(Bit inexpensive wrt sumo), SignalFX(Best solution for scaling the app), ELK(Druid Logging)
Load Balancing
- ngnix, haproxy, F5
4. HLD
@startuml
!pragma teoz true
actor Admin as ad
box "Home POP" #Cyan
participant UI as ui
participant provisner as pro
participant kanfigSvc as cs
end box
box "Mikro POP" #Gold
participant OtherSvc as svc
end box
ad -> ui: Configure Policies
note over ui
Policies stored
as files
end note
ui -> pro: policy data
pro -> cs: data
cs -> svc: policy data
@enduml