Product Group Tests
Web content filtering (2007)
8e6 R3000 and Enterprise Reporter sports more than 90 different content categories, making it one of the most flexible products of its type. For its solid performance, flexibility and value we rate the 8e6 R3000 and Enterprise Reporter our Best Buy.
Priced at the low end of the spectrum for this type of product, Barracuda Web Filter is excellent value for organisations of just about any size. We liked this product a lot and we recommend it for its performance, feature set, cost and ease of use.
For its flexibility and wide range of protection options, we also rate Websense Web Security 6.3 Recommended.
Full Group Summary
Content filters do a lot more than block offensive websites these days. Anti-spyware and IM screening are just two of the added extras. But make sure you only buy what you need, says Peter Stephenson.
It was a new year in web content filtering. The breadth and depth of the products we looked at has improved significantly over last year's tests. There are several new trends this time. First, the solutions on offer are displaying a variety of architectures. These range from in-line gateways that sit behind the firewall to a proxy device that reroutes web-bound traffic through itself. Of course, we also saw the traditional client-server products represented.
Another trend is the expansion of web content filters to incorporate analysing instant messaging and peer-to-peer traffic. In addition to these two obvious potential policy violators, many of the products we tested also examine traffic from applications such as iTunes that access the internet automatically.
Last year most of our products were software-based. This time we saw several appliances. Generally speaking, these devices were easier and faster to deploy than software-only products. Additionally, policy management has become much less confusing and, as a result, less prone to error. We credit the move towards appliances in part for this trend. The hardware comes configured with well-thought-out dashboards and easy-to-deploy configuration and policy managers.
The final trend we noted was the inclusion of additional tools that do not apply directly to, but integrate nicely with web content filtering. Chief among those was anti-spyware functionality. However, some blocked virus activity, spam, adware and phishing as well. Most did this based on both the URL and content of the website in question, with some products boasting up to 90 different categories of offensive content upon which to build policies.
Selecting web content filters
The first rule for selecting today's generation of web content filtering tools is, decide what you need to do. If all you want to do is block URLs you may not need a sophisticated appliance that performs all of the other functions we found on many of the products we reviewed.
Next, consider the size of your enterprise. This may help dictate the architecture that is most appropriate for your application. Finally, look at the traffic load the product will need to sustain. For example, will an in-line device become a choke point in your network? If so, you might want to look at a different architecture.
Another issue to address is the type of filtering you want to do. The filters currently on the market usually look at both the URL and the web page's content. Generally URLs are updated from the developer's website. These "blacklists" need to be researched regularly.
Don't pick a product that requires you to create your own blacklist. This is a service that the vendor should provide and it should be reasonably automatic. However, be equally wary of products that won't allow you to add to the existing list or make it so difficult that it is unlikely that the blacklist will be maintained properly.
Finally, if you decide that you want a product with multiple functions and can sustain any performance impacts (which should be minimal in most cases, anyway), what functions do you need? Is it practical in your enterprise, for example, to add anti-spyware to your web content filter?
There are reasons to integrate functions and reasons not to. Explore your requirements and understand the impact of placing all the services you need in a single device. Remember that multi-purpose devices often do their primary tasks very well, and their secondary ones not quite as well. Make sure that what you are getting is up to the task you need it for.
How we tested
This was a very straightforward test program. First we installed the software or appliance as recommended by the developer. Then we allowed the product to capture its updates from the web URL that provides them (usually the vendor). We collected several open-source blacklists covering a wide variety of undesirable sites.
We selected a number of representative sites from each category and verified that the sites were live and contained the type of content that we expected. We then used those sites as test sites for each product. The solutions were tested for blocking based upon both URL and content.
Our overall impression is that web filtering products have come a long way in a short time. They are beginning to show a level of maturity that fits well as a countermeasure to some of the most pervasive security problems we experience today.