Podcast Host

You're listening to the Cyberwire Network, powered by N2K. Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live Hacking labs where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether you're blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution.

Tim Nodar

The word is Secure Web gateway. Spelled secure as in protection from malicious activity, Web as in the Internet, and gateway as in a tool that regulates web traffic. Definition a layer 7 firewall that sits in line at the boundary between the Internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks. Example sentence the secure Web gateway prevented the user from accessing a malicious website. Origin and context in 1988, Jeff Mogul, Brian Reed, and Paul Vicsey, working for Digital Equipment Corporation, conducted the first research on firewall technology. This was the first generation of firewall architectures. Between 1989 and 1990, Dave Presetto and Howard Trickey of Bell Labs pioneered the second generation with their research in circuit relays. They also implemented the first working model of the third generation firewall architectures, known as application layer firewalls. Between 1990 and 1991, Gene Spafford of Purdue University, Bill Cheswick of Bell Labs and Marcus Random independently researched application layer firewalls. These application layer firewalls eventually evolved into next generation firewalls. Many years later, Marcus Random's firewall work received the most attention and took the form of Bastion Host running Proxy Services. In 1992, Digital Equipment Corporation shipped Dex Seal, the first commercial firewall, and included proxies developed by random. In 1994, Check Point software released the first stateful inspection commercial firewall, a layer three firewall that allowed security policy based on IP addresses, ports, and protocols. In 1994, William Cheswick and Steve Bellavin published Firewalls and Internet Security Repelling the Wily Hacker, the first book on firewalls as a technology. They called it a circuit level gateway and packet filtering technology. Interestingly, their ideas came from the desire not to keep intruders out of their networks, but to keep employees from going to bad places on the Internet. Palo Alto Networks launched the first next Generation Firewall in 2007, a firewall that not only does stateful inspection at layer three, but but most importantly, allows rules at the application layer. Layer seven firewall administrators could not only block network traffic to and from bad IP addresses, but could also block access to applications tied to the authenticated user. In other words, the marketing department can go to Facebook, but the developers can't. Next generation firewalls gave infosec leaders the first ability to enforce rudimentary zero trust policy. By the 2000 and tens, some firewalls had morphed into giant orchestration engines. In other words, instead of deploying multiple independent security tools in line at the perimeter that infosec teams had to manage and orchestrate separately, the next generation firewall became a Swiss army knife of security tools. One box either hardware or software that could do layer three policy layer seven policy, intrusion detection, anti malware, XDR, etc. By the late 2000 and tens, the secure web gateway emerged as a simpler firewall that abandoned the orchestration engine idea and just performed layer 7 policy functions. According to Gartner's information technology glossary, these gateways must, at a minimum, include URL filtering, malicious code detection and filtering, and application controls for popular web applications such as instant messaging and Skype. Native or integrated data leak prevention is also increasingly included. Nerd reference in 2015, Bill Cheswick presented at the Vintage Computer Federation conference and talked about some of the early days of computer security when he took a job at the famous Bell Labs in the late 1980s and worked for computer science legends like Dennis Ritchie, the cochurist of the C programming language and the Unix operating system. Written in C with colleagues Ken Thompson, Brian Kernighan, and Rob pike, and he talked about how his experiments with a proto firewall protected Bell Labs from the infamous Morris worm in the late 1980s.

Bill Cheswick

And in 1987 I said, I wonder if I could work at Bell Labs. Could this? Could I do this? I'm an IT guy. I could go be janitor for Dennis Ritchie. How cool would that be? I applied, and the interview for the day involved eight people, most of whom many of you have heard of Brian Kernighan, Rob Pike, Ken Thompson, Dennis Ritchie, and a couple others. My future bosses. And I decided, even if at the end of the day they decided I was a jerk and they never wanted to see me again. It was a pretty remarkable day. And it turns out they hired me and I started at the end of 1987. I was working there for three weeks and I said, well, I've started work. I volunteered to work as postmaster, which is kind of like volunteering to be proctologist. It's a thankless job because if you get it right, nobody notices and if you don't, they're really pissed off with you. And I went up to the postmaster, Dave Prozado, and I said, this email seems like a wave of the future. I want to learn something about it. I'll be postmaster. He said, okay, you got it. I also took over a prototype firewall he put up about a year before and started running it. About a year later the Morris worm came out and our firewall stopped it. In fact, I woke up the morning the Morris worm hit the Internet and a friend of ours had called the house and said, there's something bad on the Internet, you might want to check it out. And I went into work and there was Peter Weinberger on the phone calling various places and saying, did you get the worm? We didn't.

Tim Nodar

Ha ha ha ha.

Bill Cheswick

And of course it was my firewall that was keeping it out.

Tim Nodar

Wordnotes is written by Tim Nodar, executive produced by Peter, and edited by John Petrick and me, Rick Howard. The mix, sound design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening.

Bill Cheswick

Foreign.

Podcast Host

If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco. If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where Nordlayer comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings vpn, access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms, scales easily as your teams grow and integrates with what you already use. And now Nordlayer goes even further through its partnership with CrowdStrike, combining NordLayer's network security with Falcon Endpoint protection for small and mid sized businesses. Enterprise grade security made manageable. Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more.