Kerio Blog

Who cares about content filtering? You should!

Who cares about content filtering? You should!

With anti-virus software running on my computer, surfing the Internet feels pretty safe. But... do I really want to test my luck (and my anti-virus) to see if it can detect and block malware as it flows into my network or my laptop, though? No. That's why I employ an excellent content filter to protect me from visiting sites where I could encounter malware.

The amount of malicious URLs that we see on a daily basis here at Kerio is truly disturbing. What's more disturbing is how sophisticated the malware distribution points have become and how incredibly quickly hackers can turn on and off infected web pages.

Kerio Control UTM ships with a content filter module called Kerio Control Web Filter, which uses an excellent content classification service licensed from industry leader zvelo. Kerio Control Web Filter provides 27 broad categories, most of them productivity related. There are also nine specific security categories that you should pay close attention to and always block (Compromised, Phishing/Fraud, Anonymizer, Spam, Botnet, Hacking, Malware Call-Home, Malware Distribution Point, Spyware & Questionable Software) to make your network less susceptible to malware.

Content categorization in real-time
Like most things in Internet security, malware distribution is a game of cat-and-mouse. So what makes content filtering an excellent first line of defense? Simply put, it's the ability to prevent a user from even visiting a page deemed infected. Compare that to anti-virus software, which can only inspect content already on its way to your computer or network. By then it may be too late to stop any damage.

When a user visits a new website or a new page within that website, the URL is instantaneously queried to zvelo's automated categorization engine. If the auto-categorization engine is able to determine a category with a high confidence score, the URL will be immediately inserted and stored in the database. Kerio Control UTM can subsequently block or allow access based on your security settings. URLs stored within the database are quality controlled by a human team of Web Analysts.

Hackers often try to hack legitimate websites to make them part of their malware distribution scheme. That creates a complex challenge for all content categorization services. zvelo employs proprietary malicious website detection approaches, in addition to hundreds of external feeds that alert the security analyst team to malware and change the category of a page or a site in the database until the next security audit. Since content changes often on websites, clean pages also get revisited and audited, which helps improve categorization accuracy all around. This is an extra side benefit.

Best practice for network security
I strongly recommend that network administrators equip their Kerio Control UTM with Kerio Control Web Filter and anti-virus protection as critical components of a comprehensive multi-layer security strategy.

dvitek's picture
About the Author

@keriotech