This purpose of this post is to help you understand what URL filtering is and how URL filtering can help protect your company. Filtering limits user access by comparing their web traffic against a known database, preventing employees from accessing harmful or unproductive websites.
Users are spending an increasing amount time, surfing social media, clicking on emails, and utilizing cloud application for both personal and business use. While this can be incredibly useful to drive business productivity, this kind of unfettered web activity exposes organizations to a range of security. Examples of this are the propagation of threats, possible data loss, and potential lack of compliance.
To combat this, companies have used URL filtering as a tool to prevent employees from accessing unproductive sites. With today’s filtering, firms enable secure web access and protection from increasingly sophisticated threats, including malware and phishing sites.
So how does URL filtering actually work?
URL filtering technology compares all web traffic against a URL filtering database, permitting or denying access based on information contained therein. Each website defined in the database is assigned to a URL category, or group, that companies can utilize in one of two ways:
- Block or allow traffic based on URL category. Companies will create a URL Filtering profile that specifies an action for each URL category and attach the profile to a policy. This includes categories for malware or phishing sites.
- Match traffic based on URL category for policy enforcement. If the goal is for a specific policy rule to apply only to specific web traffic categories, companies will add the category as match criteria when creating the policy rules.
URL filtering is enabled through local and cloud database lookup queries. Local lookups on a limited, but frequently accessed, number of websites deliver the greatest in-line performance. Cloud lookups provide coverage for the latest sites that fall within your policy. To account for a company’s unique traffic patterns, on-device caches store the most recently accessed URLs. This provides the ability to also query a master database in the cloud for URL category information when an on-device URL is not found.