Share this article on:
Organizations that have implemented URL filtering to control the websites that employees are allowed to access can easily filter websites by category. However, not all websites are categorized, which creates a problem with URL filtering. Without a category, applying category controls is not possible. Now, Symantec has offered a solution to the problem.
When new websites are created it takes time for categories to be applied and the lag poses problems for URL filtering. The solution chosen by many organizations has been an all or nothing approach. Block all uncategorized websites or allow them to be accessed. When a category is assigned to the sites, they will be subjected to standard filtering controls.
The allow all approach could permit malicious websites to be accessed, while the deny all approach means potentially useful websites will be unnecessarily blocked. While IT departments may be willing to accept the latter, it can result in an increase in support calls to the helpdesk.
The Blue Coat Web Filter URL database is comprehensive, although the same problem with uncategorized sites applied. The company did make an attempt to speed up the categorizing of websites with Dynamic Real-Time Reporting (DRTR) in 2006. Using artificial-intelligence systems, it was possible to categorize websites in near real time, although DRTR did not work for all websites. Oftentimes, websites are created, but there is a delay in uploading content and black web pages are difficult to categorize, as are websites that just contain images.
Symantec has tackled the problem with two new tools: Threat Risk Levels and Web Isolation. Threat Risk Levels is part of Symantec’s Intelligence Service. Each website is assigned a threat risk level, with includes Blue Coat categorization capabilities as well as other information such as the geographical location of the site. The websites are assigned a risk level from 1 to 10, with one being the safest and 10 being the riskiest. Those risk levels are incorporated into the web filter can be used to allow or deny access to uncategorized websites.
The second tool was introduced following Symantec’s acquisition of Fireglass. Web Isolation opens up web content in a remote browser rather than the local browser, so there is separation from potentially malicious content. Policies can be set to allow websites to be accessed if they have a risk level of 1-3, for example, Web Isolation can be used for websites rated with a risk level of 4-6, and websites with a risk level of 7-10 can be blocked.
These two new tools ensure support calls to the helpline are kept to a minimum, users can access content then want to (within reason), but the riskiest uncategorized sites remain blocked due to the security threat they pose.