Overview

Content-control software, content filtering software, secure web gateways,censorware, and web filtering software are terms for software designed and optimized for controlling what content is permitted to a reader, especially when it is used to restrict material delivered over the Internet via the Web, e-mail, or other means. Content-control software determines what content will be available or perhaps more often what content will be blocked.

The motive is often to prevent persons from viewing content which the computer’s owner(s) or other authorities may consider objectionable; when imposed without the consent of the user, content control can constitute censorship. Some content-control software includes time control functions that empowers parents to set the amount of time that child may spend accessing the Internet or playing games or other computer activities.

Content Filtering Types

The Benefits of Content Filtering

  • Greater productivity – if 40% of employees’ activities are spent on non-work related activities, organizations can be losing many hours of valuable resource in an age when the cost of running a business is already extremely high.
  • Degradation of network performance – if people are continually using the web to download images, film clips and music, this will impact the network simply because it will slow it down. The result could be that you need to buy more (unnecessary) bandwidth to cope with the demand.
  • Need for legal compliance – some industries are regulated or constrained by stringent legal requirements, for example, financial services and pharmaceutical companies. As a result they must ensure that customer information is protected and not sent to a third party.
  • Growth in criminal activities – there has been many instances where individuals have used company resources to break the law. For example committing fraud or dealing in drugs using the company internet access.
  • To a large extent, organizations are responsible for the actions and behavior of their personnel.
  • Protection against loss of data – organizations need to protect vital information such as customer records and other proprietary information.
  • Enforcement of an acceptable use policy. An Acceptable Use Policy (AUP) is a set of rules and regulations that all employees would be required to sign regarding their behavior for using their PC and access to the internet. This, for example, could include only surfing the web for personal reasons (e.g. online banking) at lunchtime. It can also specifically outline that individuals should not send offensive material.
  • Prevent inappropriate use – by knowing that they are being monitored, personnel are unlikely use the network for reasons other than business.
  • Protection of reputation – preventing individuals sending scandalous emails can protect a companies brand and reputation.
  • Protection against harassment, defamation, fraud and illicit activities.

Network-based filtering

This type of filter is implemented at the transport layer as a transparent proxy, or at the application layer as a web proxy. Filtering software may include data loss prevention functionality to filter outbound as well as inbound information. All users are subject to the access policy defined by the institution. The filtering can be customized, so a school district’s high school library can have a different filtering profile than the district’s junior high school library.

E-mail filters

E-mail filters act on information contained in the mail body, in the mail headers such as sender and subject, and e-mail attachments to classify, accept, or reject messages. Bayesian filters, a type of statistical filter, are commonly used. Both client and server based filters are available.

Content-limited (or filtered) ISPs

Content-limited (or filtered) ISPs are Internet service providers that offer access to only a set portion of Internet content on an opt-in or a mandatory basis. Anyone who subscribes to this type of service is subject to restrictions. The type of filters can be used to implement government, regulatory or parental control over subscribers.

Search-engine filters

Many search engines, such as Google and Alta Vista offer users the option of turning on a safety filter. When this safety filter is activated, it filters out the inappropriate links from all of the search results. If one knows the actual URL of a website that features sexual explicit or 18 + content, they have the ability to access it without using a search engine. Engines like Lycos, Yahoo, and Bing offer kid-oriented versions of their engines that permit only children friendly websites.

Client-side filters

This type of filter is installed as software on each computer where filtering is required. This filter can typically be managed, disabled or uninstalled by anyone who has administrator-level privileges on the system.

Browser based filters

Browser based content filtering solution is the most lightweight solution to do the content filtering, and is implemented via a third party browser extension.

Web Security

Forcepoint Web Security
FortiProxy
Symantic Secure Web Gateway

Forcepoint® Web Security products provide modern, innovative defenses. They rely upon Websense ACE (Advanced Classification Engine) and the expansive WebsenseThreatSeeker® Network for real-time content analysis. They include forward-thinking features such as advanced threat dashboards, forensic reporting and data capture, sandbox analysis of malware, and data-aware defenses that provide containment of sensitive information. And they are easily managed through the Websense TRITON™ Unified Security Center.

FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention and advanced threat protection. It helps enterprises enforce internet compliance using granular application control. High-performance physical and virtual appliances deploy on-site to serve small, medium and large enterprises.  

  • Advanced Protection against threats – Integration with FortiGuard Threat Intelligence Service – Web, DNS filtering and     application control – Integration with FortiSandbox cloud and on-premise appliance – AV, IPS, DLP and Content Analysis
  • High performance and scalability – Custom –built security processing     units for high performance – Scalability from small to large     organizations – HA availability for redundancy
  • Content Caching and WAN Optimization – Static and dynamic content caching – Multiple Content Delivery Network – Decrease Network Latency – Lower bandwidth overhead

Symantic Secure Web Gateway (SWG) protects organizations across the web, social media, applications, and mobile networks. SWG acts as a proxy between users and the internet to identify malicious websites and payloads and to control access to sensitive content. SWG solutions consolidate a broad feature-set to authenticate users, filter web traffic, identify cloud application usage, provide data loss prevention, deliver threat prevention, and ensure visibility into encrypted traffic. Learn More.

Web Application Firewalls

Barracude WAF
Citrix WAF
FortiWeb

Barracuda Web Application Firewall protects applications, APIs, and mobile app backends against a variety of attacks including the OWASP Top 10, zero-day threats, data leakage, and application-layer denial of service (DoS) attacks. By combining signature-based policies and positive security with robust anomaly-detection capabilities, Barracuda Web Application Firewall can defeat today’s most sophisticated attacks targeting your web applications.

Barracuda Active DDoS Prevention — an add-on service for the Barracuda Web Application Firewall — filters out volumetric DDoS attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages while keeping costs manageable for organizations of all sizes.

The Citrix Web App Firewall prevents security breaches, data loss, and possible unauthorized modifications to websites that access sensitive business or customer information. It does so by filtering both requests and responses, examining them for evidence of malicious activity, and blocking requests that exhibit such activity. Your site is protected not only from common types of attacks, but also from new, as yet unknown attacks. In addition to protecting web servers and websites from unauthorized access, the Web App Firewall protects against vulnerabilities in legacy CGI code or scripts, web frameworks, web server software, and other underlying operating systems.

FortiWeb WAFs provide advanced features that defend your web applications and APIs from known and zero-day threats. Using an advanced multi-layered approach, FortiWeb protects against the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application, providing robust protection without requiring the time-consuming manual tuning required by other solutions. With ML, FortiWeb identifies anomalous behavior and, more importantly, distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity.

FortiWeb offers deployment options that can protect business applications, no matter where the application is hosted. Options include hardware appliances, virtual machines, and containers that can be deployed in the data center, in cloud environments, or in the cloud-native SaaS solution, FortiWeb Cloud WAF as a Service.