This blog was written by a third party author.
What is URL filtering?
URL filtering is one of the most common types of web filtering techniques used by organizations to restrict the kinds of content that their users may access. URL filtering blocks users from loading questionable websites or hosted files via corporate device or network resources.
The filter is triggered by comparing the URL address a user is trying to access against policy lists that specify whether to block, allow, and/or track visits to certain URL addresses. The URL filtering process occurs at the application layer by examining URL requests over common protocols like HTTP/HTTPS, FTP, and SMTP.
Malicious, time-wasting, or otherwise questionable URL addresses can be filtered on a page-by-page basis as well as on a category basis to broadly block access to certain kinds of content such as gambling, social media, or known phishing sites. The known malicious URLs and category definitions in a URL filtering database are primarily maintained by the security vendor supplying the enforcement product. URL classification is typically performed by the vendor through a combination of internal research, threat intelligence, machine learning, and artificial intelligence algorithms. In addition, the URL filtering database and enforcement policy lists are often highly customizable by the customer.
That customization can be done across an organization or be tailored to departments, user groups, or even specific users. Similarly, filtering policies could be applied according to time of day or user location. This makes it possible, for instance, to block cloud storage sites for employees except for the sales team who might need them to share information with prospects. Or it could be used to enable remote access by a financial analyst to certain cloud-based accounting software during business hours, but to limit that access after close of business.
Web filtering use cases and benefits
Web filtering techniques like URL filtering are best known for their cybersecurity use cases, however they provide additional benefits in a number of other business scenarios. The following are 4 of the most common uses of URL filtering and other content filtering methods:
URL filtering vs DNS filtering
URL filtering is a more granular form of web filtering than DNS filtering, which blocks or allows content across entire web domains based on DNS queries.
DNS filtering takes more of a blunt hammer approach to blocking sites. It is most appropriate for filtering out whole domains associated with highly malicious activity that have little chance of hosting legitimate content. Meantime, URL filtering takes more of a scalpel approach, allowing organizations to block certain specific web pages or hosted files from a given domain while allowing users unimpeded access to other legitimate pages hosted on the same domain.
This means that an organization could utilize URL filtering to carefully block compromised web pages for common sites without stopping users from accessing the rest of a site that may be crucial to their daily work.
The flexibility of of URL filtering comes with its downside compared to DNS filtering, as the tailoring of policies takes a lot more care and feeding when it comes to updating and maintaining block lists and aligning policies to dynamic user roles.
How secure web gateways support URL filtering
Cloud-delivered secure web gateways are increasingly becoming one of the preferred security tools leveraged to enforce URL filtering policies. Unlike hardware-based gateways and firewalls that have traditionally been the vehicle to perform content filtering, secure web gateways get the task done using a cloud-native architecture.
The cloud-based nature of the secure web gateway makes it possible to maintain a more comprehensive URL filtering database for enforcement without putting undue strain on local machines. Additionally, cloud-native secure web gateways don't require backhauling network traffic to centralized locations for the sake of inspecting traffic. URL filtering policies can be applied no matter where the user operates, or what device or cloud service they use. This enables an organization to inspect and filter traffic for remote users with minimal latency and fewer performance concerns.