URL Filtering

URL filtering limits access to specific URLs by comparing addresses of sites that users are attempting to visit against a database of either permitted or blocked sites. The purpose of URL filtering is to prevent employees from accessing sites that may interfere with the operation of the business — such as sites not related to work, sites with objectionable or illegal content, or sites associated with phishing attempts.

While unfettered web access is useful for employees and can make them more productive, it can also expose organizations to a wide range of security risks, such as propagation of threats, data loss or seizure, or legal issues.

How URL Filtering works

URL filtering matches all web traffic against a defined database, and then permits or denies access to a site based on whether it is found in the database. A URL filtering database will assign catalogued websites a URL category, or group. It will also define the conditions of access to that URL. For example, an address could be:

• Blocked: Defined on a site by site basis. This can apply to distracting sites, like social media or local news, or sites known to host various forms of malware.
• Allowed: SaaS websites, relevant to the organization and its workflow.
• Attached to defined IT policies: Visits to a particular website could be logged and organized, so that IT can see who visits certain sites, and at what time.
• Blocked or allowed URL categories: When actions are determined not on a site-by-site basis, but rather by the category encompassing multiple sites. This could include categories for malware or phishing sites, innocent but distracting sites, or questionable sites.

The databases used by URL filters can be stored on premises, live in the cloud, or both, depending on the needs of the system. Local lookups will help reduce latency between the user and the filter, if sites are frequently visited.

A cloud database, on the other hand, can be relied upon to maintain an up-to-date catalogue of all known sites.

In a hybrid solution, devices can adapt to unique traffic patterns, and use known users’ traffic to store more recently accessed URLs in an on-device cache, reducing latency. When needed, a master database stored in the cloud can be queried when the site isn’t found in the local cache.

Ideally, sites are classified automatically. URL filtering systems can use machine learning and other techniques to correctly categorize sites, or flag sites for manual categorization if necessary. Algorithms can also help URL filtering systems classify related sites automatically — for example, sites on the same domain or related domains, or sites with similar content in different languages.

URL Filtering customization

URL filtering is an important step when creating and maintaining a secure network. It can help protect endpoint devices and cloud services from possible cyber attacks, while also increasing user productivity and efficiency. Whether integrated into a security device or installed alongside a pre-existing security platform, URL filtering can help avoid unknown threats so the user doesn’t have to. By proactively avoiding suspicious or malicious websites, organizations can shield themselves from legal, regulatory,­ and productivity risks. A fully integrated URL filtering deployment allows enterprises to:

• Enforce safe browsing practices: The browsing habits of employees can be directly controlled. IT administrators don’t have to trust that employees will know to avoid potentially harmful sites; instead, they can guarantee it.
• Avoid malware: By blocking access to known malware and phishing sites, the chance for a security breach is greatly reduced.
• Customize policies: This includes setting permanent allow lists and block lists, as well lists customized by time of day or even user privileges.
• Define allow lists: Controlling the sites that users have access to gives administrators guarantees against accidental URL blocks by the filtering service.

URL Filtering disadvantages

One common issue is over-blocking, where necessary sites are blocked by the filtering services — for example, sales representatives may want to use LinkedIn for prospecting, but the site has been blocked due to concerns about employees looking for jobs during work hours. This lowers productivity, and can add strain to the IT department as employees request access to sites. Alternatively, websites classified as “safe” may change in nature over time, or may be taken over by attackers.

URL filtering helps organizations improve productivity by making sure that employee time is not wasted on unnecessary activities during office hours. Filtering can also help impeding the function of malicious code or spyware, phishing attempts, and other threats, which can be extremely harmful to an organization.