It was a new year in web content filtering. The breadth and depth of the products we looked at has improved significantly over last year’s tests. There are several new trends this time. First, products are displaying a variety of architectures. These range from in-line gateways that sit behind the firewall to a proxy device that re-routes web-bound traffic through itself. Of course, we also saw the traditional client-server products as well.
Last year, most of our products were software based. This year we saw several appliances.
The final trend we noted was the inclusion of additional tools that do not apply directly to, but integrate nicely with web content filtering. Chief among those tools was anti-spyware functionality. However, some blocked virus activity, spam, adware and phishing as well. Most blocked both based on the URL and content of the website, and some had up to 90 different categories of offensive content on which to build policies.
The first rule for selecting today’s web content filtering tools is: decide what you need to do. If all you want to do is block URLs, you may not need a sophisticated appliance that performs all of the other functions we found on many of the products we reviewed. Next, consider the size of your enterprise. This may help dictate the architecture that is most appropriate for your application. Finally, look at the traffic load the product will need to sustain. For example, will an in-line device become a choke point in your network? If so, you might want to look at a different architecture.
Another issue is the type of filtering you want to do. Today’s filters usually look at both the URL and the web page’s content. URLs generally are updated from the developer’s website. These "blacklists" need to be researched regularly. Don’t pick a product that requires you to create your own blacklist. This is a service that the vendor should provide.
Finally, if you decide that you want a product with multiple functions and can sustain any performance impacts (which should be minimal in most cases), what functions do you need? Is it practical in your enterprise, for example, to add anti-spyware to your web content filter? There are reasons to integrate functions and reasons not to. Explore your requirements and understand the impact of placing all your required services in a single device. Remember that multipurpose devices often do their primary tasks very well and their secondary ones not as well. Be sure that what you are getting is up to the task you are imposing on it.
This was a very straightforward test program. First, we installed the software or appliance as recommended by the developer. Then we allowed the product to capture its updates from the web URL that provides those updates. We collected several open source blacklists covering a wide variety of undesirable sites. We selected a number of representative sites from each category and verified that the sites were live. We then used those sites as test sites for each of the products tested.
Our overall impression is that web filtering products have come a long way in a short time. They are beginning to show a level of maturity that fits well as a countermeasure to some of the most pervasive security problems we experience today.