Web security and content filtering: What’s the difference?

Most organizations recognize a need for content filtering. Educators aren’t the only ones who need to keep certain content inaccessible from their networks. Business managers and other professionals are learning the value of blocking websites that distract workers and reduce productivity. But unacceptable content isn’t the only thing that organizations need to keep out of their business networks. That’s where web security comes in.

Content filtering is relatively old technology. The Communications Decency Act of 1996 and the anti-censorship / freedom-of-speech activism that surrounded the law pushed content filtering into the industry mainstream. Several early tools relied on URL blocklists and keyword-based filters, some were proxy servers, and some were just installed on the endpoint. All of them had different standards of “indecency,” and ultimately this style of software just couldn’t keep up with the growth of the internet.

The Children’s Internet Protection Act (CIPA) was passed in 2000. CIPA provided a set of standards that must be followed by schools and libraries that want to participate in the E-rate program. CIPA requirements moved beyond blocking indecent content from children to requiring an internet safety policy that included protecting the personal data of minors, monitoring the online activity of minors, and educating minors on appropriate online behavior. Filtering software evolved into smarter technology that could evaluate context, file types, and identify malware correlations.

Attacks that can get past content filtering

Content filtering is much smarter than it was, but it doesn’t meet all of the requirements of CIPA and can’t protect networks from all web-borne threats. Networks can be exposed to attacks beyond the capabilities of content filtering, such as:

Drive-by downloads:  This happens when malware is installed from a website without the user’s knowledge. The website could be a legitimate site that has been compromised or a site that was designed to spread malware. The attack may be customized based on a visitor’s device and normally involves an exploit kit that can download additional malware later.  Microsoft is currently tracking a series of attacks that use this method.

Phishing sites:  These websites are designed to trick you into turning over your login credentials and personally identifiable information (PII). Normally the user will be sent to this website by a link they get through email or social media. Examples of this are brand impersonation emails from Microsoft, PayPal, Amazon, and so on. Users receive a notification to track a package, check on a transaction, or change a password. These notifications take you to a fake site that is designed to look legitimate. If you enter your information here, that information is captured by the attackers.

Remote Access Trojans (RAT):  This malware is meant to provide the attacker with complete control over the victim’s system. RATs are often spread through phishing attacks and drive-by downloads. The key to a successful RAT attack is the outbound communication between the malware on the system and the Command & Control Infrastructure (C&C or C2) used by the attacker. Comprehensive web security prevents this outbound communication.

Building successful web security

Web security is much more than content filtering. Advanced Threat Protection (ATP), application control, and SSL inspection are necessary to protect students from modern threats.  A successful internet security strategy will also protect mobile devices and block unauthorized applications that may be used to access harmful content.

Barracuda offers comprehensive web security and filtering solutions for organizations of any size.  Visit our website to schedule a demo or get a free trial to test in your environment.