- What Is Cyber Threat Intelligence (CTI)?
- What Are Cyberthreat Intelligence Tools?
- What is the Threat Intelligence Lifecycle?
- What is an Exploit Kit?
-
What is a Threat Intelligence Platform (TIP)?
- The Value of a Threat Intelligence Platform
- How Threat Intelligence Works
- Types and Examples of Threat Intelligence
- Why Do Organizations Need a Threat Intelligence Platform (TIP)?
- Key Characteristics of a Threat Intelligence Platform
- Types of Threat Intelligence Data
- Implementation of a Threat Intelligence Platform
- Threat Intelligence Platforms FAQs
- What is a Payload-Based Signature?
-
What Is a Fast Flux Network?
- What Are Unknown Cyberthreats?
- What are the Types of Cyberthreat Intelligence (CTI)?
- Threat Intelligence Use Cases and Examples
- What is Digital Forensics and Incident Response (DFIR)?
- What Is Remote Browser Isolation (RBI)?
-
What Is Dynamic DNS?
-
What Is a Cybersecurity Risk Assessment?
- Cybersecurity Risk Assessment Explained
- Why Is Cyber Risk Assessment Important?
- Common Cybersecurity Risks and Threats
- Different Approaches to Cyber Risk
- How to Perform a Cybersecurity Risk Assessment
- Determine the Scope of the Assessment
- Cybersecurity Risk Assessment Benefits
- Cyber Risk Assessment FAQs
-
What Is DNS?
- What is an Intrusion Prevention System?
- What is an Intrusion Detection System?
- What Is Spear Phishing?
- What Is a Circuit Level Gateway?
- What Are Malicious Newly Registered Domains?
- Firewall | Antivirus — What Is the Difference?
What is URL Filtering?
Users spend increasing time on the web, surfing their favorite sites, clicking on email links, or utilizing a variety of web-based SaaS applications for both personal and business use. While incredibly useful to drive business productivity, this kind of unfettered web activity exposes organizations to a range of security and business risks, such as propagation of threats, possible data loss, and potential lack of compliance.
Traditionally, companies have used URL filtering as a tool to prevent employees from accessing unproductive sites. With today’s URL filtering, firms enable secure web access and protection from increasingly sophisticated threats, including malware and phishing sites.
Related Video
The Evolution of Modern Phishing Attacks
How Does URL Filtering Work?
URL filtering technology compares all web traffic against a URL filtering database, permitting or denying access based on information contained therein. Each website defined in the database is assigned to a URL category, or group, that firms can utilize in one of two ways:
- Block or allow traffic based on URL category. Create a URL Filtering profile that specifies an action for each URL category and attach the profile to a policy. This includes categories for malware or phishing sites.
- Match traffic based on URL category for policy enforcement. If the goal is for a specific policy rule to apply only to specific web traffic categories, add the category as match criteria when creating the policy rule.
URL filtering is enabled through local database lookups, or by querying a master cloud-based database. Local lookups on a limited, but frequently accessed, number of websites ensure maximum in-line performance and minimal latency for the most frequently accessed URLs, while cloud lookups provide coverage for the latest sites. To account for firms’ unique traffic patterns, on-device caches store the most recently accessed URLs, with the ability to also query a master database in the cloud for URL category information when an on-device URL is not found.
Stand-Alone URL Filtering Is Insufficient
Stand-alone URL filtering deployments, however, don’t have the right mechanisms to adequately control web browsing and prevent threats. They cannot coordinate actions and lack application visibility and meaningful integration with other required solutions to protect against the different attack stages and threat vectors. For example, phishing sites may be detected through an IPS or even a sandbox, but with stand-alone URL filtering, the lack of communication between sandbox, IPS and URL filtering technologies may result in inadequate protection of the URL request.
An Integrated Approach to Prevention
Instead, the incorporation of URL filtering into a natively integrated next-generation security platform, including threat analytics and intelligence to block both known and unknown threats, is required to adequately protect the network, endpoints and cloud services from tactics commonly used to bypass traditional security mechanisms. A fully integrated URL filtering deployment allows enterprises to:
- Safely enable web usage with the same policy control mechanisms applied to applications.
- Reduce malware incidents by blocking access to known malware and credential-phishing sites.
- Tailor web filtering controls with whitelists (i.e., allow), blacklists (i.e., block), custom categories and database customization.
- Facilitate SSL-decryption policies for full visibility and threat inspection into normally opaque traffic websites.
By addressing the lack of visibility and control from both the application and web content perspective, organizations can safeguard from the full spectrum of legal, regulatory, productivity and resource utilization risks.
