November 13, 2014 By Prakash Binwal 3 min read

Before jumping into the relevance of Web content filtering, I would like to start with broader trends we are seeing in the field of computing. Today, we are living in a world that is largely interconnected and breaks boundaries of organizations, industries, countries and even continents. These live interconnections are facilitating us in many ways, such as fast and easy collaboration around the world through social media, rapid developments and deployments of solutions through cloud computing and deep reaches to end consumers through mobile.

However, along with these benefits, we are also getting threats from the wider exposure we now have in the global community, where malicious hackers are hidden throughout. Malicious codes delivered through unsafe websites are one of the most common ways for hackers to plant their agents inside our machines. While the benefits of the Internet’s open communication and knowledge base are numerous, there is a large possibility that any normal user (and, at times, even smart technocrats) can be trapped by these hackers.

Web content filtering, one of the key constituents for cybersecurity controls for any organization, plays a very important role in this scenario. There are various approaches and solutions available to achieve this technical control on any end user’s machine. Each one has its own benefits and drawbacks. These solutions are divided into two broad categories: inline Web filtering and endpoint-based Web filtering.

Inline Web Filtering

Inline Web filtering is the technique in which the control is installed at the Internet gateway to the organization, which intercepts all Internet traffic and applies applicable filtering policies to allow or block Web access requests. These solutions do not require any component of the application to be installed at the endpoint.

Because of this, such solutions are commonly used in many organizations. This saves organizations from expending effort by managing endpoints to implement Web-filtering solutions. Since any Internet request has to pass through the Internet gateways, this solution has been very effective for many organizations. This not only saves organizations bandwidth, but also significantly addresses cybersecurity risks. For securing activities happening from within organizational boundaries these solutions are very important and effective.

At the same time, with a considerable shift from a traditional office-based work culture to work-from-anywhere practices, this approach has posed significant challenges to many organizations. As long as employees are working from office premises, the endpoint is protected by inline filtering. However, when they connect from any outside company gateway (such as their home, hotel or any public network), their Internet access is completely open.

Though companies may not bother with bandwidth usage when employees are not inside their network, there is still a great cybersecurity risk of infection. Carrying the infected machine inside the corporate network later makes the entire intranet vulnerable to infections. Outside corporate boundaries the only control an organization can have is the endpoint itself, as there is no guarantee about the level of protection from those external networks. Because of this, organizations are seriously considering endpoint based web filtering solutions to complement their network based protections.

Endpoint-Based Web Filtering

Endpoint-based Web filtering provides a solution to the emerging problem of protecting an endpoint from Internet-bound infections regardless of the gateway it connects to. This type of solution requires a piece of software be present in the machine itself, which receives a predefined filtering policy from the central server (an intranet gateway- or cloud-based server).

In this case, the endpoint receives policy updates at a predefined interval and applies the policy from the local system. This way, Web filtering will always be active, no matter which gateway the machine is connecting through. This type of solution effectively and significantly mitigates a malware infection risk, but at the cost of additional efforts of rolling out the software to all the endpoints.

The cost of endpoint deployment has been significantly reduced by effective and automated software deployment tools available today. This makes such solutions more attractive to organizations when they have to protect end points which connecting from a non-secure gateways.

Web Content Filtering

Another significant advantage of an endpoint-based solution is its ability to address individuals’ privacy concerns, regulations for which have been quickly emerging around the world. The endpoint-based approach, by its design, can provide a fairly nonintrusive solution to address underlying concerns related to individuals’ personal privacy. Since all filtering is applied at the endpoint itself, it is possible to keep all browsing pattern information within the boundaries of the machine. These regulations are very stringent in many European countries and are becoming a norm for many other countries, as well.

A good mix of these two web filtering approach can be very effective in today’s time where, at the one hand, we see a significant increase in cyber threats, at the other hand, we are strategically shifting our day-to-day activities and operations to less secured off-premises gateways.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today