Incident Response, Malware, Network Security, Phishing, TDR, Threat Management

Web filtering evolves to meet changing threats

Updated Tuesday, Feb. 19, 2009 at 12:10 p.m. EST

Web filtering today goes beyond just blocking access. It now has to be integrating Web 2.0, managing data leakage, and guarding against malware coming in, according to a new study.

The study, conducted by Forrester Research and commissioned by McAfee, found that Web 2.0 use in business is prevalent, but so is the threat of data leakage and malware infection.

Findings from the survey, released Tuesday, indicate that web filtering is moving beyond just a security-centered function into more of a business-concentrated one, that data-loss prevention (DLP) is a top concern (but isn't practiced universally) and that mobile filtering strategies are important.

Forrester surveyed 253 IT security professionals at enterprises with 500 or more employees across North America and Europe to determine the market needs and requirements for the next generation of web-filtering solutions.

Because of the prevalence of dynamic Web 2.0 sites, filtering needs to be bidirectional, not just about where on the web a user goes, but also what they're sending out and what's coming back in, Tim Roddy, senior director of product marketing at McAfee, told Wednesday.

“Today's web has scripting, dynamic content and code embedded on pages at 12:01 that wasn't there at 12:00,” Dave Meizlik, director of product marketing for web and data products at web filtering vendor Websense, told Wednesday. “So as more and more sites on the web and companies utilize Web 2.0, this new method of content delivery and threat delivery requires a new set of technologies to be able to address it.”

The role of web filtering is changing from a security function to become more of a business function, the study found. That's because organizations are using web filtering beyond just defending against threats on the web. It's being used for employee productivity control, as a means to perform quality-of-service management of web traffic, for single sign-on of on-demand applications, and for more fine-grained control over web content, the study found.

“Web filtering is no longer just about malware and security threats; it is squarely a business function and will remain so as long as web communication is used for business purposes,” the study states.

Also, organizations are finding their need for web filtering extends to mobile devices. Eighty-four percent of respondents said that at least a quarter of their workforce is mobile, often accessing the internet for business purposes beyond the corporate network.

Web filtering is difficult on mobile endpoints, because browser traffic on these devices does not go through the corporate filtering points. So, a special solution is needed, though most organizations have not implemented one, the study found.

When it comes to the web threats that companies are most concerned about, data leaks came out on top, with 31 percent of respondents saying it has a critical business impact. Next came malware infection (29 percent), liability associated with inappropriate content (20 percent), and employees lured to phishing sites (18 percent), the study found.

Eighty-six percent of respondents said data leaks are an important threat, but only 68 percent said they imposed restrictions on blocking or restricting users from posting to blogs or wikis. Thirty-one percent said they didn't have any restriction for these sites.

The majority of respondents said it is with “fairly important” (53 percent) or “extremely important” (23 percent) that web filtering solutions have outbound content inspection features for DLP purposes.

When looking to web filtering solutions, organizations should look for vendors that offer secure web gateway solutions with what the study calls “future-looking” capabilities – web malware detection, an in-the-cloud infrastructure, a strong consolidation and integration strategy and the ability to perform fine-grained controls for Web 2.0 applications.

While web filtering used to be a fairly static approach using a list of URL categories, it now has many roles. It can serve as a bandwidth regulator that helps organizations manage the use of Internet bandwidth. It also now has to detect, in real-time, zero-day malware and protect the organization from new emerging threats. It also includes the ability to dynamically recognize uncategorized web content and make a filtering decision based on policies. All these are fairly new capabilities, Chenxi Wang, principal analyst at Forrester Research, Inc. who wrote the report, told in an email Wednesday.

Wang said on the list of "must have" web capabilities: URL filtering, anti-malware, content filtering and DLP.

Many of these capabilities are bundled together for one price but DLP is often billed separately. If you have to choose something to cut, perhaps cut DLP and keep a good content filter in place, Wang said -- although this is not a recommended practice. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.