Secure Web Gateway (SWG)

Enforce web access policy and block known threats – directly in the network path.

A Secure Web Gateway is how you control what users can access on the internet – by category, domain, or content – and block access to known bad destinations. It's also a key layer for stopping threats like phishing and malware before they ever reach a browser.

evolving ZERO includes SWG functionality as part of the platform, powered by Zenarmor. There's no separate proxy to deploy, no redirection, and no browser plugins. If you're using EVX, the Secure Access Client, or any other fabric entry point, SWG enforcement can happen right there — inline, without complexity.

More than just DNS

This is not DNS filtering or a basic allowlist. Zenarmor inspects live traffic, classifies it, and applies policy based on real flow data – with optional TLS inspection when needed.

It gives you control over internet usage, visibility into user activity, and protection against known threats – all from within the same enforcement stack as your other security services.

Key Features

Inline enforcement at edge

No redirection or PAC files. SWG policy is applied wherever user traffic enters the evolving ZERO fabric.

Full URL and domain categorisation

Allow, block, or log access based on category (e.g. news, gambling, malware, streaming) or specific FQDN.

SafeSearch and YouTube Restrictions

Enforce Google SafeSearch and YouTube Restricted Mode for all users automatically.

HTTPS Inspection (optional)

Enable TLS inspection for deeper visibility and more accurate categorisation of encrypted sites.

Granular, user-aware policy control

Apply different rules by user, group, time of day, or site – integrated with identity.

Threat prevention

Block known malware, phishing, botnet C&Cs, and IP reputation threats in real time.

No endpoint software required

All enforcement happens at the platform edge – not in the browser or device.

Why Evolving SWG over legacy solutions

Inline, fabric-native — no redirect needed

No proxies, no tunnel hacks. It runs directly inside the access fabric.

eBPF-powered performance

Zenarmor uses low-overhead, kernel-level inspection.

Category + reputation + real flow context

Decisions are based on what’s actually happening, not just domain lists or metadata.

Modern admin experience

Clean policy creation, live feedback, and integration into your existing visibility stack.

Home
Evolving Zero
Zero Stack
Evolving Secure Web Gateway