Filter technologies are used to protect businesses’ and organisations’ IT environments from cyber threats and other harmful traffic. There are different types of filtering options, but as a basic rule all filter technologies look at web traffic that passes in and out from IT environments to decide what can pass through. These methods work at different layers of a network, which determines how specific the filtering options can be.
Filtering technologies look for suspect behaviour, surf patterns, links, known “bad” domains or specific patterns in different ways.
Large corporations can have a million DNS requests every second. Looking in detail at all that traffic would require enormous data power. Therefore, instead of one solution trying to do it all, companies install different solutions that work in layers and look at different parts of the traffic.
DNS filtering checks website requests against a database of prohibited addresses/domains and either allows the requested webpage to be displayed or refuses the request.
URL filtering is a more sophisticated and granular technology that can be used to block access to specific websites or parts of websites known to contain malware. The four most common ways in which a filtering solution prevents web pages from being loaded onto a user´s device are:
Blacklists. Lists of websites known to contain malware and viruses. When a request to visit a website matches a blacklisted website, the request is denied.
Category. Blocks websites that belong to a certain group of websites, such as pornographic sites or gambling sites.
Content filtering. Prevents access to items within, for example, an e-mail or website. The request is allowed, but the response is inspected at the proxy server to determine if it contains anything meeting configured criteria. It is used to block for example viruses, e-mail attachments, advertisements etc.
Keyword filtering. Blocks access to specific content by keyword without necessarily blocking access to an entire category of websites.
Most, if not all, businesses and organisations take steps to secure their IT environment against a multi-tude of threats with the help of filter technologies. However, whereas blocking of child sexual abuse is often included in one way or another in filter solutions, it is rarely, if ever, the focus of the technology.
Strengths and limitations
Filter technologies are only as effective as the intelligence put into the solutions – such as the lists of keywords, or of domains or URLs known to contain harmful material. Keeping those lists up to date requires a lot of work and continuous updates.
Traditional filter solutions focus on security threats such as business intelligence, service disruptions, ransomware, fishing etc, and unfortunately, child sexual abuse material comes far down the list. As a result, filter technologies are used to block child sexual abuse material, but they are less effective than they could be.