With phishing and ransomware attacks making headlines in the tech world, it's important to know what you’re up against and understand your options. Many businesses cover the security basics and implement protection from viruses, spam, and other attacks. However security is often breached internally in the most routine ways - such as workplace web browsing. It’s a common misconception that blocking access to porn and gambling sites in the workplace will protect users and the network from malware. Although banning these sites in a business setting is recommended it doesn’t mean you’re fully protected. Cisco report that 83 percent of malware comes from hijacked sites. This means you can be “served” malware from websites you trust and use daily.
The Internet is something of a security minefield where it's extremely easy for a regular web user to get into serious trouble. The most conscientious employee can do everything to protect themselves and still be taken by a malware infected site or a phishing scam.
How many Internet users are there globally?
According to numbers from Internet World Stats, there are approximately 5.17 billion Internet users (November 2021) half of which are from Asia.
The web is growing fast, with mobile devices being used to access social media the fastest growing segment, for perspective, in 2015 it grew by more than 280 million globally in 2016.
Image source: Digital 2021: Global Overview Report
Most Dangerous Places on the Web - Not all Web Dangers are Created Equal
You might think that the dark web is where malware writers hang out, but in fact they prefer popular sites with loads of traffic and several users to choose from. Of course, pornography sites still pose a problem for businesses that need to defend the network from malware, but attackers go for seemingly benign sites, load malware on them, and avoid the usual filters.
A recent Cisco report showed that common sites that host malware include aviation, chemical, pharmaceutical, agriculture and insurance – none of the sites you’d pinpoint as the usual suspects. These sites are often open for browsing on the private network, so attackers are able to avoid standard filters.
Hackers have numerous ways to fool users into downloading malware. One common way is to use PDF files. PDF files can have attached scripts that download malware in the background. Disabling JavaScript on PDF files help, but it’s still not 100% effective.
Adobe Flash is no longer supported, but there are still plenty of ads and other content that still use the plug-in. Flash has a history of being a vector for malware, and it’s not even activated by default anymore by recent versions of more popular browsers. Still, older browsers support it and users can enable it, leaving them vulnerable to Adobe Flash malware attacks.
Java-based servlets run on the local machine, but they have become much more infrequent compared to Flash malware. They still pose a problem should users find a malware infected site and give permission for the application to run on the local machine.
Hackers sometimes get access to the site itself, and this is probably one of the most dangerous attacks. They can insert malware or redirect users to a clone of the official site. Users assume that since they typed the official domain in the browser that the redirect is official. From there, the attacker can phish credentials from the user, steal credit card data, or even convince the user to download malware directly from the site. Even more convincing is that the attack is conditional, so attackers will only redirect the user should they come from a search engine, which means that the owner of the site who types the URL directly in the browser will never see that hacked content.
It’s a common misconception that blocking porn and gambling sites in the office will keep you protected from malware. Although banning these sites is advised, it doesn’t mean you’re in the clear. Since these legitimate sites are often used for business purposes, they can easily be overlooked when monitoring user activity. You might never know that a user is infecting his machine should they download any malware from an aviation site or view ads on an insurance site (as an example).
It’s another reason why you should always monitor traffic and activity on your network. Malware could download to the user’s machine and infect the rest of the network, which has been the cause for some high profile attacks in recent years.
You cannot block legitimate sites from access, but you can monitor user activity for suspicious downloads, suspicious network traffic that comes from a local machine, or possible stolen credentials from suspicious login activity. Don’t get caught with malware infecting your network for months and always monitor network activity even if it’s for seemingly harmless Internet
In this discussion we’re talking about general internet usage at work not people accessing the dark web. The dark web is a general term for more seedy corners of the web, where people live online anonymously. Usually, these sites are encrypted with mechanisms such as Tor. There are also sites or password-protected forums where cybercriminals trade secrets and stolen credit card numbers, these can also be considered part of the dark web. We will leave the untangling the dark web discussion for another day.
The most dangerous part of the internet tend to be the most popular.
According to TitanHQ analysts Top Blocked categories are :
1. Spyware and Malicious Sites >>> 60,000+ a day blocked!
2. Pornography/Sex
3. Nudity
4. Online Ads
5. Phishing/Fraud
6. Gambling
7. Illegal Drugs
8. Web-based Email
9. Social Media
10. Videos
These domains among others are to blame for at least 95 percent of the websites that pose a potential threat to visitors. We use data from over 500 million end users to power our analysis - can you afford not to protect your business?
Educating your users is an important part of your enterprise security strategy. Users need to be trained how to browse safely to protect their personal date, company data and the network itself. One of the most effective ways to enable web security is the use of SSL certificates. This is essential for sessions such as online banking, official government sites that deal with your private or financial information. An encrypted connection is ensured when the protocol is HTTPS://.
This warning means that the identity of the designated site is in question, opening the possibility of a man-in-the-middle (MITM) attack. Once authenticated to the site, an attacker can capture the user session and even capture cookies. They can also use JavaScript to perform actions on behalf of the user. Despite these dangers, many users ignore these warnings. Even more alarming is the fact IT pros do also. If you see a warning for an untrusted site, close the browser session. System Administrators must ensure that trusted certificates support all browser connections within the network. There is no reason for anyone to navigate to an untrusted site.
TitanHQ’s high quality web filter, WebTitan, provides a content URL database which is highly accurate, provides comprehensive coverage of the ActiveWeb, supports malicious website detection and zero-hour protection and updates, with flexible deployment options via an appliance or hosted in the cloud.
WebTitan’s URL policy engine includes 53 different website category options for web and URL filtering. There are also an additional 8 customizable categories. This gives you control over which sites can be accessed by users on your network. The easy-to-use, cloud based solution allows you to quickly set up user policies per network, group, users, device or IP address, giving you total control of your businesses web activity.
WebTitan is highly scalable, supporting small deployments through to ISPs and deployments with millions of users, with exceptional URL query performance. WebTitan provides market-leading accuracy, coverage and malicious website detection with an easy-to-integrate API.
Our web categories are collated through real time advanced analytics and detection from 500 million end users and no less than 5 trillion web queries per month covering 99.9% of the active web.
WebTitan – Over 500 Million End Users
Provide Protection
These categories allow you provide protection to business users by:
1. Blocking access to categories including malware, phishing, malicious sites and spam sites.
We recommend blocking the following categories from setup:
1. Compromised
2. Criminal skills / hacking
3. Phishing & fraud
4. Spyware and malicious sites
5. Spam
Those 5 categories will prevent your users from going to any dangerous sites or downloading viruses.
2. Adhere to corporate usage policy by blocking access to categories such as adult, pornography, gambling, hate speech and nudity.
3. Create usage policies to ensure resource protection, controlling or limiting access to social media, social sites, video or streaming sites.
WebTitan Features:
Coverage.
WebTitan’s network of 500 million users ensures over 99.9% coverage of the active web traffic
Accurate.
WebTitan uses a combination of machine learning and human quality assurance to maintain high accuracy, and it is updated in real-time
Fast.
WebTitan makes a decision in about 5 microseconds by using a local SDK, supplemented by cloud updates of uncategorized URL’s
Granular.
53 different web categories in over 200 languages
Easy Integration.
WebTitan is available in an easy-to-integrate API
Flexible Pricing
WebTitan is priced efficiently and on a flexible basis
Our market leading content categorization and malicious URL detection solution, WebTitan, also provides real-time, automated updates as new content and malicious sites are detected. We discover over 60,000 new malware iterations every single day.
The 53 Categories available in WebTitan for Web Filtering and URL Filtering:
1. Alcohol:
Web pages that promote, advocate or sell alcohol including beer, wine and hard liquor.
2. Anonymizer:
Web pages that promote proxies and anonymizers for surfing websites with the intent of circumventing filters.
3. Art:
Theater, museums, exhibits, photography, and digital graphic resources.
4. Business/Services:
General business websites.
5. Cars/Transportation:
Vehicles including selling, promoting, or discussion.
6. Chat/Instant Messaging:
Communication through chat or Instant Messaging services as well as sites with information about Instant Messaging communication or chatrooms. A particularly popular category with the increased popularity of FaceBook messenger. WebTitan has the functionality to allow access to Facebook but block Facebook messenger.
7. Community Sites:
Newsgroup sites and posting including forums and bulletin boards.
8. Compromised:
Web pages that have been compromised by someone other than the site owner, which appear to be legitimate but house malicious code. A very dangerous category in terms of malware threats.
9. Computers and Technology:
Sites with information about computers, software, hardware, peripheral and computers services.
10. Criminal Skills/Hacking:
Activities that violate human rights including murder, sabotage, bomb building etc. Information about illegal manipulation of electronic devices, encryption, misuse, and fraud. Warez and other illegal software distribution.
11. Dating:
Web pages that promote relationships such as dating sites and marriage sites.
12. Download Sites:
Shareware, Freeware and other software. P2P sites and software.
13. Education:
Educational institutions and schools. Educational and reference materials including dictionaries, encyclopedias,
14. Entertainment and Videos:
Web sites for videos, TV and motion picture including celebrity sites and entertainment news.
15. Finance:
Bank and insurance companies and other financial institutions. Active trading of certificates and stocks.
16. Gambling:
Web pages which promote gambling, betting, lotteries, casinos and betting agencies involving chance
17. Games:
Web pages consisting of computer games, game producers and online gaming
18. Government:
Government organizations, departments, or agencies. Includes police, fire, hospitals.
19. Hate Speech:
Web pages that promote extreme right/left wing groups, sexism, racism, religious hate and other discrimination
20. Health
Personal health and medical services including sites with information on equipment, procedures, etc.
21. Home/Leisure:
Sites with information about home improvement and decorating, family, gardening, hobbies, etc.
22. Humor:
Web pages which include comics, jokes and other humorous content
23. Illegal Drugs:
Web pages that promote the use or information of common illegal drugs and the misuse of prescription drugs and compounds
24. Job Search:
Web pages devoted to job searches or agencies, career planning and human resources
25. Mature:
Sites not appropriate for children. Includes sites with content about alternative lifestyles, profanity, etc.
26. Military:
Web pages sponsored by the armed forces and government controlled agencies
27. Miscellaneous:
Content Servers used to supply supplementary website content, or web pages that do not clearly fall into any other category
28. Music:
Web pages that include internet radio and streaming media, musicians, bands, MP3 and media downloads
29. News:
Web pages with general news information such as newspapers and magazines
30. Non-profits:
Clubs, communities, unions, and non-profit organizations.
31. Nudity:
Web pages that display full or partial nudity with no sexual references or intent
32. Online Ads:
Web pages strictly devoted to advertising graphics, banners, or pop-up ad content
33. Personal Webpages:
Websites about or hosted by personal individuals. Communication through blogs and guestbook servers. Information on personal hobbies and activities.
34. Pharmacy:
Web pages which include prescribed medications and information about approved drugs and their medical use
35. Phishing/Fraud:
Manipulated web pages and emails used for fraudulent purposes, also known as phishing
36. Politics and Law:
Sites that promote a political parties and interest groups. Information on elections and legislation. Sites that offer legal information and advice.
37. Pornography/Sex:
Explicit sexual content unsuitable for persons under the age of 18.
38. Portal Sites:
General web pages with customized personal portals, including white/yellow pages
39. Real Estate:
Web pages possessing information about renting, purchasing, selling or financing real estate including homes, apartments, office space, etc.
40. Religion:
Religious sites and information. Includes Sects, cults, occultism and religious fundamentalism.
41. Restaurants:
Food, dining and catering services including sites that provide reviews, advertisement or other promotion.
42. Search Engines:
Web pages supporting the searching of web, newsgroups, pictures, directories, and other online content
43. Shopping:
Online shops, catalogs and online ordering. Auction sites and advertising. Classified ads. Excludes shopping for products and services exclusively covered by another category such as health.
44. Social Networking:
Social networking web pages and online communities built around communities of people where users "connect" to other users
45. Spam:
Products and web pages promoted through spam techniques. Very important for malware protection.
46. Sports and Recreation:
Sports teams, fan clubs and news. Recreation activities including zoos, public recreation centers, pools, amusement parks
47. Spyware and Malicious Sites:
Sites or software that install on a user’s computer with the intent to collect information or make system changes without the user’s consent. A must block category.
An essential element of any web filter is blocking malicious sites
48. Tobacco:
Web pages promoting the use of tobacco related products (cigarettes, cigars, pipes)
49. Translator:
Web pages which translate languages from one to another
50. Travel:
Web pages which provide travel and tourism information, online booking or travel services such as airlines, car rentals, and hotels
51. Violence:
Web pages that promote questionable activities such as violence and militancy
52. Weapons:
Web pages that include guns and weapons
53. Web-based Email:
Web pages which enable users to send and/or receive email through a web accessible email account
Blocking access to malicious websites is now the primary reason for implementing a web filter; although there are many other benefits that can be gained from filtering the Internet. The benefits of enterprise web filtering software are numerous:
Web filtering is also one of the most effective ways to neutralize the threat from phishing. Phishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.
Organizations in heavily regulated industries such as the U.S. healthcare industry face stiff financial penalties for failing to prevent malware infections. In November 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights fined the University of Massachusetts (Amherst) $650,000 for allowing malware to be introduced onto its network. Enterprise web filtering software prevents end users from visiting websites known to contain malware or exploit kits and blocks botnet activity.
Other Benefits of Web Filtering
Enterprise web filtering software can be used to carefully control the web content that can be accessed by employees. By preventing employees from accessing certain categories of website – dating, gambling, and gaming websites for example – employers can dramatically improve productivity.
Filters can be configured to block webpages by category, URLs, or keywords. Employers may choose to block pornography by category, while restricting access to discriminatory website content using keywords. These controls are important to avoid the development of a hostile working environment, which could result in lawsuits being filed by employees. Many enterprises also choose to block access to websites which hog bandwidth: Video streaming websites such as Netflix and YouTube for example.
Blocking of Anonymizers, Proxies, and Port Bypassing
A web filter allows organizations to restrict access to certain types of website content. It is therefore important that acceptable usage policies cannot be bypassed. However, by using proxy servers, port bypass, or anonymizers, users could conceivably bypass an organization’s web filtering controls. To prevent end users from circumventing company AUPs, ensure your chosen solution includes IP and Port bypassing controls and that anonymizers and web proxies can be blocked.
Automatic Software Updates
Patch management takes a lot of IT resources; however, unpatched software can be exploited by hackers. To ease the burden on the IT department, look for a web filtering solution that includes automatic software updates.
HTTPS Inspection
Cybercriminals are increasingly using secure websites, yet not all web filtering software can inspect the content of websites that have SSL certificates. Many malicious websites use fraudulently obtained SSL certificates. It’s vital to the web filter also inspects these websites. For total protection, ensure a web filtering solution includes HTTPS and SSL inspection.
Time-Based Filtering Controls
Time-based controls can be used to carefully control the website content that can be accessed at certain times of the day. This allows personal Internet use to be managed or restricted during normal working hours.
Block Facebook Messenger
Many organizations prefer not to block access to all social media websites at work, yet would like to block access to Facebook Messenger. With WebTitan, Facebook Messenger can also be blocked without blocking access to Facebook.
Role-Based Web Filtering
It is possible to set different web filtering controls for different individuals – or groups of individuals - in your organization. Look for a solution that offers the ability to easily set privileges based on users’ roles in the organization. Some enterprise web filtering software allow filters to be added for all users or specific user groups. Look for web filter software that can be integrated with Active Directory, NetIQ and LDAP to make this process much less time-consuming.
Hopefully we’ve removed the misconception that only naïve users cause malware to enter the organization. As we’ve explained sometimes just visiting a website can trigger a malware injection. Events like this can have a detrimental effect on an organization, compromising your users, your data and fundamentally the future of the company. To prevent events like this and secure your network, data and users contact us today. We offer all enterprises the opportunity to try WebTitan Cloud, or WebTitan Cloud for WiFi and to evaluate our products in their own environment. To register for a free trial visit our website today or contact our sales team at info@titanhq.com. Our friendly team will be able to answer any questions you may have about our products and advise you on the most suitable deployment option to suit your organization’s needs.
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us