A Secure Web Gateway (SWG) is the most suitable technology for this scenario.

SWGs are designed to protect users from web-based threats by filtering internet traffic,

enforcing security policies (like acceptable use and threat prevention), and inspecting

content for data loss prevention. For remote employees not using a VPN, a cloud-

delivered SWG can secure their access to web resources and protect company data by

routing their internet-bound traffic through its security inspection engines.

This directly addresses the need to protect data for users working remotely and

accessing the internet without a traditional VPN tunnel to the corporate network.

· B. Virtual private cloud endpoint: This technology enables private connections from

a Virtual Private Cloud (VPC) to specific cloud services (e.g., within AWS). It's not

designed for securing general internet access for remote employees.

· C. Deep packet Inspection: DPI is a method or technique used by various security

tools (including SWGs and NGFWs) to analyze the content of network packets. It's

not a standalone technology that a company would implement to solve this specific

problem.

· D. Next-generation firewall: While an NGFW provides broad network security, an

SWG is more specialized for securing web access and protecting against web-based

threats, which is a primary concern for remote users accessing the internet directly. A

cloud-based SWG is more directly applicable than a traditional NGFW for users not on

a VPN.

1. Cisco. "What Is a Secure Web Gateway (SWG)?"

o URL: https://www.cisco.com/c/en/us/products/security/web-security-appliancewsa/what-is-a-secure-web-gateway.html

o Relevant Information: "A secure web gateway (SWG) is a cybersecurity solution that

prevents unsecured traffic from entering an internal network of an organization. It is

designed for users to access the internet securely and use web-based applications

safely... SWGs sit in-line between users and the internet, inspecting web traffic and

enforcing company security policies." This supports the role of SWG in securing

internet access for users.

2. Palo Alto Networks. "What is a Secure Web Gateway?"

o URL: https://www.paloaltonetworks.com/cyberpedia/what-is-a-secure-webgateway

o Relevant Information: "A Secure Web Gateway (SWG) protects users from web-

based threats in addition to applying and enforcing corporate acceptable use policies.

An SWG does this by sitting between the user and the internet, inspecting web traffic

and blocking malicious code and unauthorized access." This emphasizes its role in

protecting users regardless of location.

3. NIST Special Publication 1800-33b. "Securing Telehealth Remote Patient

Monitoring Ecosystem." (February 2023)

o URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-33b.pdf

o Relevant Information: Page 24 (PDF page 32), Section 3.4.2 "Data in Transit": "The

telehealth RPM ecosystem may also use a secure web gateway to monitor network

traffic and block access to known malicious websites or content." This illustrates the

use of SWGs in securing remote operations and protecting data by controlling web

access.

4. AWS Documentation. "VPC endpoints."

o URL: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

o Relevant Information: "A VPC endpoint enables you to privately connect your VPC to

supported AWS services and VPC endpoint services powered by AWS PrivateLink

without requiring an internet gateway, NAT device, VPN connection, or AWS Direct

Connect connection." This defines VPC endpoints and shows their specific, non-

applicable use case here.

5. IEEE Access. "A Survey on Deep Packet Inspection for Intrusion Detection

Systems." (September 2020)

o DOI: https://doi.org/10.1109/ACCESS.2020.3024498

o Relevant Information: (Abstract) "Deep Packet Inspection (DPI) is a technique that

allows for fine-grained analysis of network packets by examining their payload

content." This identifies DPI as a technique, not a comprehensive solution for the

scenario.

6. Cisco. "What Is a Next-Generation Firewall (NGFW)?"

o URL: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-nextgeneration-firewall.html

o Relevant Information: "Next-Generation Firewalls (NGFWs) filter network traffic to

protect an organization from internal and external threats... NGFWs possess deeper

inspection capabilities that give them a superior ability to identify attacks, malware, and

other threats." This describes NGFWs but highlights their broader nature compared to

the specific web security focus of an SWG for remote users.