Real-Time Policy Updates 🤩

Real-Time Policy Updates 🤩

The Pain of Editing a Policy on “Legacy” SWGs

If you’ve edited a policy on a “legacy” secure web gateway (or most security products) before, I’m sure you have suffered the pain:

  1. Trying to edit something (where each page takes 10 seconds to load)
  2. Hitting save (then waiting 10 seconds for it to finally save)
  3. Waiting ~1 hour while the change “propagates”
Yeah, it’s the worst. The UX is 🤮. But, >> why << does it take so long?
“Do things not because they’re easy, but because they’re hard.”

Every cyber product has a console to configure things and see whats going on, and the workers — could be endpoints, or hardware boxes, or similar. Naturally, the two entities have to get updates from one another.

So, when developing the product, you have two options:

  1. Polling every 30 minutes (old school ’90s approach)
  2. Pushing a policy down (like a push notification)

Let’s take a closer look.

1. Polling for a policy (what everyone typically does)

Exhibit A. This is why it’s typically so slow

Seeing this diagram, you’ll notice this is the easiest way to implement a policy update mechanism. Have your legacy SWG poll the API every hour, and it’ll grab all of the latest and greatest configuration from the management console.

The downside? It takes a lot of ~time~ before changes take effect!

2. Pushing a policy — the dope way

Exhibit B. This is like a push notification on your iPhone

Now, to make the admin’s life easier, you have to do a lot more work: push notifications. Honestly, it’s bread & butter in the consumer world, but an exquisite luxury (for some reason) in cybersecurity.

Could you imagine if you didn’t have push notifications for messages or email or some other app?

Of course, at dope.security, we had to do this right. So, we used off-the-shelf AWS WebSockets to make our life easier. By spending the time on this, we achieved a real-time policy update. Point, click, and you’re done!

See the real-time for yourself:

This is not sped up, try it for yourself, it actually is that fast.

I feel weird talking about features that are literally the bare minimum of a good product. But, it never surprises me that most cybersecurity PMs don’t care to prioritize these small little things.

And it’s these small little things that make me most proud of dope.security. We’re pretty much the only cybersecurity company that offers an instant free trial. All you need is a Google or Microsoft company account.

Thanks!

— kunala

Thought Leadership
Thought Leadership
User Experience
User Experience
back to blog Home