What is URL Filtering?
Users spend increasing time on the web, surfing their favorite sites, clicking on email links, or utilizing a variety of web-based SaaS applications for both personal and business use. While incredibly useful to drive business productivity, this kind of unfettered web activity exposes organizations to a range of security and business risks, such as propagation of threats, possible data loss, and potential lack of compliance.
Traditionally, companies have used URL filtering as a tool to prevent employees from accessing unproductive sites. With today’s URL filtering, firms enable secure web access and protection from increasingly sophisticated threats, including malware and phishing sites.
The Evolution of Modern Phishing Attacks
How Does URL Filtering Work?
URL filtering technology compares all web traffic against a URL filtering database, permitting or denying access based on information contained therein. Each website defined in the database is assigned to a URL category, or group, that firms can utilize in one of two ways:
- Block or allow traffic based on URL category. Create a URL Filtering profile that specifies an action for each URL category and attach the profile to a policy. This includes categories for malware or phishing sites.
- Match traffic based on URL category for policy enforcement. If the goal is for a specific policy rule to apply only to specific web traffic categories, add the category as match criteria when creating the policy rule.
URL filtering is enabled through local database lookups, or by querying a master cloud-based database. Local lookups on a limited, but frequently accessed, number of websites ensure maximum in-line performance and minimal latency for the most frequently accessed URLs, while cloud lookups provide coverage for the latest sites. To account for firms’ unique traffic patterns, on-device caches store the most recently accessed URLs, with the ability to also query a master database in the cloud for URL category information when an on-device URL is not found.
Stand-Alone URL Filtering Is Insufficient
Stand-alone URL filtering deployments, however, don’t have the right mechanisms to adequately control web browsing and prevent threats. They cannot coordinate actions and lack application visibility and meaningful integration with other required solutions to protect against the different attack stages and threat vectors. For example, phishing sites may be detected through an IPS or even a sandbox, but with stand-alone URL filtering, the lack of communication between sandbox, IPS and URL filtering technologies may result in inadequate protection of the URL request.
An Integrated Approach to Prevention
Instead, the incorporation of URL filtering into a natively integrated next-generation security platform, including threat analytics and intelligence to block both known and unknown threats, is required to adequately protect the network, endpoints and cloud services from tactics commonly used to bypass traditional security mechanisms. A fully integrated URL filtering deployment allows enterprises to:
- Safely enable web usage with the same policy control mechanisms applied to applications.
- Reduce malware incidents by blocking access to known malware and credential-phishing sites.
- Tailor web filtering controls with whitelists (i.e., allow), blacklists (i.e., block), custom categories and database customization.
- Facilitate SSL-decryption policies for full visibility and threat inspection into normally opaque traffic websites.
By addressing the lack of visibility and control from both the application and web content perspective, organizations can safeguard from the full spectrum of legal, regulatory, productivity and resource utilization risks.