What is URL Filtering?
Uniform Resource Locator (URL) filtering is a process that enables organizations to restrict the websites and content that employees can access. Users are blocked from visiting specific sites and prevented from using corporate resources, such as devices or network bandwidth, in a manner that could negatively affect the organization.
The URL filtering process works by comparing the URL a user tries to visit against a database or list of sites that have been blocked or permitted for use. This typically prevents employees from visiting websites that could affect the organization from operating as usual, such as sites containing illegal or inappropriate content, sites not related to work, and sites that could be high-risk, malicious, or related to phishing attacks.
Filtering URL usage in this way can help employees become more productive. However, it can also lead to organizations being exposed to security threats, data loss, or legal issues.
First, Let Us Understand What is a URL
A URL is the text that is visible in the address bar of all popular web browsers. The URL indicates the specific address of a webpage or website, much like the address that is specific to a house or office.
However, URLs go beyond domain names, which refer to the base domain of the website, such as fortinet.com. Instead, the URL points to an exact page within the wider domain name.
How Does URL Filtering Work?
URL filtering works by comparing all web traffic against URL filters, which are typically contained in a database of sites that users are permitted to access or denied from accessing. Each site in the database is assigned to a specific URL filter, which could be a category or group. These typically include:
- Blocked sites: These are likely social media pages, shopping websites, unnecessary news outlets, or known malware-hosting sites.
- Allowed sites: Websites relevant to the organization and required by its workflow, such as Software-as-a-Service (SaaS) programs, are usually included in an organization's list of allowed sites.
- Defined IT policies: IT teams can create policies that log site users who visit certain websites at particular times. For example, a payroll website could be restricted to certain people that need access to it in the days leading up to payday.
- Blocked or allowed URL filters: This means the organization does not determine access to specific websites but defines categories for multiple sites. For example, they could create a category for sites that are innocent but could distract users, sites that are questionable, and sites that are known to contain malware or phishing pages.
The URL filtering process uses databases that are stored on-premises in a local server, in a cloud-based database, or a combination of both. The local option stores a list of frequently accessed sites, which ensure users get the maximum performance and minimal latency. A cloud-based database can be updated in real time so that the organization always has an updated record of known sites it should be allowing or blocking.
A URL category check can be carried out automatically if the URL filtering system uses techniques like machine learning or algorithms that filter domain names or similar websites.
Standalone URL Filtering
A standalone URL filtering solution may not be able to effectively control web browsing or prevent threats. That is typically because they cannot coordinate necessary actions and lack the visibility and integration capabilities to protect against emerging threats, various attack stages, and threat vectors.
For example, an organization’s intrusion prevention system (IPS) may detect a malicious website, but if the standalone URL filtering solution lacks the ability to communicate with the IPS, it cannot prevent the user from visiting the site.
An Integrated Approach to URL Filtering
Instead of standalone solutions, organizations must consider an integrated approach. This includes threat analytics; the protection of cloud services, endpoints, and networks; and threat intelligence insight that blocks known and unknown threats.
URL Filtering Work Customization
An integrated URL filtering solution enables safe web usage, reduced malware incidents, full visibility and inspection of traffic and websites, and tailored web-filtering controls like blacklists, custom categories, database customization, and whitelists.
Enforce Safe Browsing Practices
Organizations can ensure that all users are browsing the internet securely by limiting them to websites that are deemed safe. This enables them to take control of users’ browsing habits, while allowing IT teams to guarantee that employees cannot visit sites that could be potentially harmful to the organization.
Similarly, an organization can minimize the chances of a data leak or security breach by blocking access to sites that are known to contain malware or have been used for phishing attacks. IT administrators no longer have to trust users not to visit blacklisted sites because they can prevent them from doing so.
Organizations can create policies such as permanently allowing or blocking access to specific sites or groups of websites, such as social networking pages. They can also customize URL filter policies according to the time of day or the user privileges of employees.
Define Allow Lists
Creating an allow list ensures that IT administrators do not accidentally block URLs that users should be allowed to visit. This enables organizations to take control of the sites users visit in a way that does not prevent them from accessing programs necessary to perform their jobs effectively.
Importance of URL Filtering
There are many URL filtering benefits. One key advantage for organizations is to encourage their employees to be more productive by blocking access to distracting sites or those unnecessary for work, such as social media, fantasy sports, shopping, or news websites.
Another vital benefit is preventing employees from becoming victims of malware or phishing attacks. This keeps businesses safe and protects them from the risk of cyberattacks that could lead to data loss. It also reduces the chances of malicious code and spyware infecting corporate machines.
URL Filtering Disadvantages or Limitations
A common problem organizations incur with URL filtering is overblocking, which occurs when sites that users require access to are added to URL filters and block them from use. A common example is an employee wanting to use LinkedIn for new business and sales prospecting, but the site is blocked to prevent staff from searching and applying for jobs while at work.
Overblocking restricts employee productivity and frustrates staff by preventing them from using the resources they need to work effectively. It can also add to the IT team’s workload as they receive requests to obtain access to a website.
URL Filtering vs. DNS Filtering
DNS filtering is a similar technique but is different in specific ways. It blocks entire domains, which includes all URLs listed within a domain, whereas URL filtering only blocks specific webpages.
With DNS filtering, an organization can block a website and all of the pages it contains regardless of the URL. URL filtering is a more granular process that enables organizations to block individual pages within a website. This means that implementing URL filtering requires more customization and maintenance from an IT team.
A good example of this in practice is a financial service that wants to allow employees to access a multifunction news website that covers financial news and sports or sports betting news. DNS filtering would block the entire domain, preventing employees from reading both the financial and sports pages of the site. In contrast, URL filtering allows the organization to enable access to the financial pages but block the sports news content.
How Does URL Filtering Help Block Malware and Phishing Attacks?
Cyberattacks commonly encourage targeted users to visit malicious websites that either steal their personal information or download malware onto their device. Some of these attacks use fake websites that imitate a trusted, frequently used site to motivate users to enter their login credentials. URL filtering can block access to websites that have been flagged as dangerous and thwart the potential of malware and phishing attacks.
How Fortinet Can Help
Fortinet protects organizations and their users from web-borne threats with its Secure Web Gateway (SWG) solution. Fortinet SWGs enforce organizations’ access policies through web filtering, which prevents the use of unwanted software and malware, while ensuring optimal end-user experiences. This is crucial to preventing security risks as applications move to the cloud and organizations increase their attack surfaces.
The Fortinet SWG solution includes application control, deep traffic inspection, data loss prevention, remote browser isolation, and URL filtering. It provides one unified product that protects organizations from web attacks and enforces internet policy compliance through URL filtering, advanced threat defense, and malware protection.
Moreover, the Fortinet FortiProxy allows organizations to secure and optimize their networks against attacks that are increasingly becoming more sophisticated and versatile.