Cloud web filtering explained
What is cloud web filtering?
Organizations in a wide variety of industries benefit from web filtering, which explains why it is one of the most commonly deployed security technologies. In today’s highly distributed and mobile workforce, employees and contractors within a company may access the web from corporate owned PCs and mobile devices as well as various devices owned by their users under “bring your own device” (BYOD) programs. But the web is full of content that may be inappropriate for work and can be a common medium for cyber-attacks like malware and phishing.
How can businesses provide their workers with the web access they need without facilitating access to malicious web content or websites that they shouldn’t visit while on the job? That’s where cloud web filtering comes in.
What is a web filter, and what are they used for?
A web filter is software that interfaces with browsers to restrict the websites that may be counterproductive to cybersecurity or employee job performance. Filters make decisions on which websites to allow based on safe lists or block lists, also known as whitelists or blacklists. Safe lists allow users to visit websites that match the criteria documented in the rule, while blocking all others. Although this is an effective method of protecting an organization against many web-based threats, it is also very restrictive and may prevent users from accessing sites needed to do their job. It can also overload IT staff with exception requests. For this reason, many businesses choose to utilize block lists instead.
How block lists work
Block lists use filters to determine which sites to restrict, and then allow access to all others that don’t match any rules within those filters. Filters can be created based on URL, keyword, or rating (which can also be referred to the website category or quality). URL filters are typically used to block websites that are known time wasters or to be of high risk. Keyword filters actually do a live review of the content within the web pages upon navigation and then make a blocking decision if a match is found. Website rating filters check which category a web page has been rated for and then make an allow/block decision accordingly. The most common filter categories that companies block include pornography, gambling, and violence. Most web filtering software comes with a pre-loaded set of filters that may be altered to fit a company’s specific requirements.
Content filtering has evolved over time. More recent content filters have replaced Bayesian analysis with artificial intelligence (AI) machine learning. Bayesian analysis is a way of applying statistical inference with Bayes’ theorem to update the probability for a hypothesis as more information becomes available. Thus, administrators tweak the content filters with new rules based on what they’ve learned about undesirable web or email content. But with machine learning, the artificial intelligence behind the content filter learns how to identify undesirable content on its own over time, through use. It can be a more effective way for a content filter to improve its effectiveness. In addition, some newer advanced web filters may include data loss prevention capabilities.
The web is full of potential cyber-threats and keeping them away from a company’s internal networks is vital. Web filters can be an effective way of protecting an internal network from web-based malware and phishing from spoofed websites.
Web filtering for cloud and mobility
With the rapid implementation of cloud computing over the past few years, organizations have access to scalable and powerful computing capacity like never before. Cloud-based web filters offer the processing power of thousands of synchronized servers without having the up-front costs or maintenance of on-premises appliances.
The availability of cloud platforms makes it much easier and more effective to maintain databases of undesirable web URLs, as well as databases that artificial intelligence machine learning reference to improve their content filtering heuristics and algorithms over time.
Millions of new webpages are uploaded onto web servers every single day. Manually maintaining URL blocklists or blocklists of web content patterns is difficult to do effectively. Cloud-based web filtering solutions make it possible to dynamically adapt to the web as it constantly evolves, without having to schedule updates.
Plus, as more smartphones and tablets are being used in organizations of all sizes, the number of endpoints in corporate deployment is greater than ever. The latest cloud web filtering solutions can be as effective with mobile devices as they are with PCs.
Pros and cons of cloud web filtering
Like anything else, cloud web filtering solutions have associated strengths and weaknesses. More organizations are implementing cloud platforms for improved scalability of their networks, so they can increase and decrease their size and capacity according to changing business needs. Web filtering vectors can also be subject to distributed denial of service (DDoS) attacks, just like any other type of network entity.
When web filtering is deployed as a cloud-based software as a service, there’s much greater capacity to help weather those attacks. Because on-premises web filtering solutions often use fewer servers than cloud solutions, they’re more susceptible to being shut down from an overload of data packets. Uptime is a metric that’s very important for all kinds of businesses, as network outages can cost a company a lot of money in the form of lost productivity.
Deploying a cloud web filtering service can also be more affordable for organizations, as they don’t need to deploy web filtering servers on their own premises. Besides the cost of the servers themselves, running web filtering services off of a company’s own network infrastructure incurs additional expenses in electricity consumption and extra staffing.
One possible disadvantage of cloud web filtering solutions is that they entail sharing a company’s web traffic data with a third-party cloud software provider. Some industries such as banking, healthcare, education, and government are subject to data privacy regulations which may require all web filtering to be conducted completely in house, so web traffic data isn’t shared with a third-party entity.
Protect against web-based threats with AT&T Global Security Gateway
AT&T Global Security Gateway offers unified protection against web-based threats across all office, remote, and mobile users. It is fully managed 24x7 by the AT&T Security Network Operations Center with service options that fit the needs of SMBs to enterprises and supports both cloud and hybrid environments. For more information about the solution, visit the Global Security Gateway page.
To get sales help from an AT&T Cybersecurity specialist, please complete this form.