Kunal Agarwal

Real-Time Policy Updates đŸ€©

July 26, 2023
3
 MIN READ
Real-Time Policy Updates đŸ€©

The Pain of Editing a Policy on “Legacy” SWGs

If you’ve edited a policy on a “legacy” secure web gateway (or most security products) before, I’m sure you have suffered the pain:

  1. Trying to edit something (where each page takes 10 seconds to load)
  2. Hitting save (then waiting 10 seconds for it to finally save)
  3. Waiting ~1 hour while the change “propagates”
Yeah, it’s the worst. The UX is đŸ€ź. But, >> why << does it take so long?
“Do things not because they’re easy, but because they’re hard.”

Every cyber product has a console to configure things and see whats going on, and the workers — could be endpoints, or hardware boxes, or similar. Naturally, the two entities have to get updates from one another.

So, when developing the product, you have two options:

  1. Polling every 30 minutes (old school ’90s approach)
  2. Pushing a policy down (like a push notification)

Let’s take a closer look.

‍

1. Polling for a policy (what everyone typically does)

Exhibit A. This is why it’s typically so slow

Seeing this diagram, you’ll notice this is the easiest way to implement a policy update mechanism. Have your legacy SWG poll the API every hour, and it’ll grab all of the latest and greatest configuration from the management console.

The downside? It takes a lot of ~time~ before changes take effect!

‍

2. Pushing a policy — the dope way

Exhibit B. This is like a push notification on your iPhone

Now, to make the admin’s life easier, you have to do a lot more work: push notifications. Honestly, it’s bread & butter in the consumer world, but an exquisite luxury (for some reason) in cybersecurity.

Could you imagine if you didn’t have push notifications for messages or email or some other app?

Of course, at dope.security, we had to do this right. So, we used off-the-shelf AWS WebSockets to make our life easier. By spending the time on this, we achieved a real-time policy update. Point, click, and you’re done!

See the real-time for yourself:

This is not sped up, try it for yourself, it actually is that fast.

I feel weird talking about features that are literally the bare minimum of a good product. But, it never surprises me that most cybersecurity PMs don’t care to prioritize these small little things.

And it’s these small little things that make me most proud of dope.security. We’re pretty much the only cybersecurity company that offers an instant free trial. All you need is a Google or Microsoft company account.

Thanks!

— kunala

Thought Leadership
Thought Leadership
User Experience
User Experience
← back to blog Home

Related Posts

Apr 30, 2024
3
 MIN READ

What is CASB Neural?

Mar 4, 2024
4
 MIN READ

Blocking Personal Microsoft 365 & Gmail Uploads with Cloud App Controls

Jan 17, 2024
2
 MIN READ

Tips from Galactic Senator Grace Chung, Head of Global Analyst Relations at Trellix

Check
Dope Security logo - links to the home page.
It’s not that we’re mad at yesterday’s cybersecurity.  Just disappointed.  So we made it better.  We made it easier.

We made it dope.
sales@dope.security
about
Our Story
Our Crew
Newsroom
Events
Partners
compare
Forcepoint
Zscaler
Cisco Umbrella
Netskope
documentation
Support
User Manual
[ DOPE.FOOTER ]
© 2023 dope.security Inc.
Made with
in California
EULAPRIVACYLEGALmanage cookies