A HTTPS content filtering solution is an Internet filter with SSL inspection. Its purpose is to inspect the content of “encrypted transport mechanisms” in order to detect any damaging or malicious code that may be masked by encryption and to identify possible breaches of acceptable use policies.
The reason for guiding companies to create a HTTPS content filtering solution is that, without one, most defenses against web-borne threats are not enough. An Internet filter unable to read the content of an encrypted conversation will not be as effective in recognizing threats to your online security.
Encrypted websites were originally created to facilitate secure transactions such as online banking. However, in 2014, Google announced that websites with SSL certificates would be elevated in search engine results pages. This led to many website owners encrypting their content for SEO purposes.
It also led to a number of different certification authorities partnering up with web performance and online security companies to provide Domain Validation SSL certificates for free. Without the same level of scrutiny in place as before, hackers set up fake phishing websites, obtained SSL certificates, and executed their online attacks without the risk of being recognized by a “standard” Internet filter.
The issue is predicted to worsen during 2017 due to Google’s aim to mark any website without SSL certification as “Not Secure” in search engine results pages and in the URL address bar. Effectively, genuine websites will likely witness a fall in traffic because of not having an SSL certificate, while scammers and cybercriminals will continue to use free Domain Validation services.
A solution to filter HTTPS traffic works by monitoring every request to visit a website against a series of filters. The first of these filters is a blacklist of websites known to harbor malware and viruses, and those that hide their true identities using a proxy server. If the website appears on the blacklist, the request to visit the website is not permitted and the user receives a message informing them why.
The second filtering mechanism in the series is a category filter. The category filter is set up by a system administrator to deny access to certain types of website thought of as unsuitable (pornography, gambling, online shopping, file sharing sites, etc.). This filter has SSL inspection to de-encrypt the content of any requested website, inspect it, and then re-encrypt it before granting access.
Keyword filters can be used to prevent access to websites by name or by specific words. They can deny users installing file types most commonly associated with malware or using specific applications. Many mobile and desktop applications can be targeted by hackers to share malware payloads using encrypted web pages. These threats would not be discovered by a filtering solution lacking SSL inspection.
Ransomware attacks often owe their success to the weakest link in a group’s defenses – their employees. Employees are duped into visiting an infected website, either by clicking on a link in a phishing email or by revealing login credentials on a fake website. One of the ways to prevent this from occurring is to use an HTTPS content filtering solution that has SURBL filters.
In a similar fashion to which blacklists compare requests to visit websites against a list of websites known to harbor malware, SURBL filters compare requests to view websites against list of IP addresses from which spam emails have come from – these IP addresses also being the most likely source of a phishing email.
SURBL filters cannot prevent Business Email Compromise (BEC) attacks when an internal email account has already been infiltrated, but they can prevent users visiting fake phishing websites. Research has shown that more than 90% of phishing emails have the aim of deploying ransomware as this is the easiest form of malware to monetize. An HTTPS content filtering solution reduces the possibility of a ransomware attack being successful.
The additional advantages of a HTTPS content filtering solution will vary according to the nature of a company’s business. An Internet filter with SSL inspection can be implemented in an office-based environment to stop productivity-sapping activities, restrict access to websites containing material offensive to other employees, and anonymizer sites used to get around filter settings.
For a company in the services sector – particularly a company that offers a Wi-Fi service to clients – a solution to filter HTTPS traffic can help protect customers´ devices from malware, block access to websites including material offensive to other customers, and prevent customers from using P2P file sharing applications that could lead to in a civil penalty for facilitating copyright infringement.
Schools, libraries and colleges can also gain from using an Internet filter with SSL inspection – especially those applying for E-rate discounts under CIPA or Library Service and Technology Act grants. Only a HTTPS content filtering solution with SSL inspection can be depended on for protecting children from exposure to adult material, and protect the devices used in the educational facility from malware.
Copyright © 2020 ComplianceHome