Secure web gateways (SWGs), the security tools used by organizations to control, filter, and inspect network traffic, have undergone various enhancements over the years. From leveraging real-time threat intelligence to being integrated into modern security models as zero-trust architectures and secure access service edge (SASE), SWG's have kept pace with changing threats and technologies..
They have also expanded beyond traditional environments like offices to data centers, including those in the cloud. However, in each evolution, what has remained consistent is that the traffic had to be routed through SWGs to ensure security. However, in today’s time- and privacy-sensitive IT environment, this doesn’t make sense, according to Kunal Agarwal, founder and CEO of startup dope.security.
“It’s absolutely bonkers that after decades employees are still re-routing their internet traffic to a stopover data center to be secured,” Agarwal told MSSP Alert. “It causes all kinds of reliability and performance issues and really hasn’t worked well. Above everything, these technologies are really difficult to use and shouldn’t need a PhD to get started.”
SWG on the Device
Agarwal’s company offers organizations its Fly-Direct product, a cloud proxy that moves the SWG onto a user’s endpoint, skipping the need for internet traffic to go through a stopover data center – in keeping with the vendor’s airline analogy of the SWG environment.
“The way these products worked in the past is by re-routing your Internet traffic to a data center,” he said. “It’s like you’re taking a flight from SFO [to] LAX, but stopping over in NY. Why would you ever do that? Our Fly-Direct architecture is different: Everything is processed and inspected locally on the device, so your Internet becomes a direct flight every time. There are no stopovers.”
Bring on the Channel
Now the Mountain View, California, company is tightly incorporating the channel into the mix. On April 7, it announced Global Partner Program to expand the reach of its SWG technology among MSPs, MSSPs, and distributors. Dope is a channel-first company, Agarwal said, and listed Alturna Tech, Armature Systems, Guidepoint, Clarium, Optiv, and Spear Shield as its launch partners for the program.
“We work best with cybersecurity-conscious MSPs and channel partners because of their knowledge in the space and because they recognize the importance of implementing a SWG – or CASB [cloud access security broker] or SSE [security service edge], if you want to call it that,” Agarwal highlights. “Some of our largest MSP customers moved from Cisco Umbrella and Zscaler to dope.security because of the ease-of-use. If you’re managing 100s of customers, why not make it easy?”
This ease is aimed at both the channel and end-users, who have been historically stuck with “outdated ways of working.” The channel partners can get started with dope.security in a little as five minutes with instant access to products, along with direct engagement with the team.
“From an end-user perspective, customers are stuck in the past with an old way of thinking,” Agarwal emphasizes. “When you look at most SaaS products ... there’s a huge focus on end-user experience. But, when you consider cybersecurity products, the admin experience is always a battle. Unfortunately for everyone, the big players don’t update this, question why it was done this way, or – in other words – evolve.”
Big Names in an Expanding Market
The big players in the market include high-profile names in networking and security like Cisco, Zscaler, Barracuda Networks, Palo Alto Networks, Check Point, and Netskope, putting dope.security and its 30-plus employees in a highly competitive global market that is expected to grow from $12.3 billion last year to $44.4 billion by 2033.
Agarwal founded dope.security after holding positions with Forcepoint and Symantec, both of which offer SWG products and where he first saw the problems.
“I was in the weeds of Symantec and Forcepoint on a daily basis, and the sheer amount of tickets from customers was tough to keep up with,” says Agarwal. “The worst part was the ‘ticket aging’ metrics, where most of the tickets were open for months and months. Once I saw the same story play out at Symantec and then Forcepoint, the root problem became clear: it was the architecture. With some helpful nudging from my old managers, dope.security was born.”
The Fly-Direct SWG is deployed directly on the device—eliminating any “stopovers”—and is paired with what Agarwal describes as an “easy-to-use console.” It is complemented by CASB Neural, the company’s AI LLM-powered data loss prevention (DLP) solution.
Faster and More Secure
According to Agarwal, placing the SWG directly on the device delivers four times the performance of traditional data center-based solutions. By eliminating the need to route traffic through external data centers, it avoids the outages often associated with legacy SWGs and enhances privacy by keeping all decrypted traffic on the endpoint.
“By completely focusing on UX, we’ve enabled admins to get up and running all on their own with a few clicks on our website,” Agarwal states. “The end result is that a customer doesn’t need 10 meetings with us just to understand how to operate the tool or even get access to it. ... Click the free trial, download the agent, import their users [or] groups, you’re flying direct.”
