By Jared Hrabak, Consulting Cybersecurity Engineer
As a kid, I joined the Boy Scouts, and after years of hard work and determination, I eventually reached the highest achievement level possible: Eagle Scout. The most pivotal lesson from my Scout training that has carried into every aspect of my life and career is that preparation pays off.
In today’s dynamic cybersecurity environment, “being prepared” is still my nature. It means the difference between a company thriving or failing. In my role, I dive deep into many aspects of security, and I believe some aspects should be part of any modern, advanced cyber strategy. An example of this is web filtering, which monitors and manages employees’ Internet access to maintain compliance with corporate policy and safeguard against potential threats. Many companies are lagging on this front, either unaware or uninformed of the potential risks around everyday Internet usage by their employees.
Ask yourself these important questions:
- Do you really know where your employees are going online?
- Is there potential for data loss by allowing access to file-sharing or personal webmail?
- Are risky domains and websites being accessed?
- Is there potential for a user to access a malicious website?
You might assume you’re effectively monitoring where employees are traveling online. I assure you, there’s more to the story. Here are some ways you can BE PREPARED, and three ways to advance your cyber strategy to close any gaps.
BE PREPARED with a Clear Acceptable Use Policy (AUP)
Ensure you have an acceptable use policy of what employees are and are not allowed to do on the Internet, including the balance between productivity, personal usage time, and loss of company data. If you already have one, be sure it’s reviewed and updated at least once a year, and that your employees receive policy training.
Role-based rules in your policy are equally important. Some employees, such as marketing and HR, may need access to social media and professional networking sites in order to perform everyday job tasks. Other functions and remote workers may need different access and permissions. As you review your employee base and their needs, consider their role context. The monitoring tools you use need to offer this flexibility.
Anomaly spikes in Internet usage behavior should send a red flag into your systems. Having a clear policy that is current and well-articulated with your employee base gives you a guideline to monitor and enforce. Be sure you have the right tools to monitor and alert your team on such flags.
BE PREPARED with the Level of Risk You’re Willing to Accept
The lack of a policy, or a murky one, simply means risk in the form of data, revenue, and productivity losses. It’s critical to have a clear handle on what level of risk you and your management team are willing to accept. This will define the functionality you need from a web filtering tool. If you’re uncertain about where to start, consult an expert to have the discussion. While there are many tools to choose from, identifying what’s right for your company is more of an art than a science, so getting resources engaged that can help facilitate the process is key.
BE PREPARED with the Right Tools and Resources
An effective cybersecurity strategy is empowered by the right tools, helping your internal team and/or outsourced experts get the job done. Here are three key techniques to apply when you’re ready to advance your web filtering capabilities.
1. DNS Sanitization → Following a web request, a call is made to where the Internet domain name and IP address reside. With DNS Sanitization, you can determine if the site is part of that user’s approved access and, if not, display a message that the access to the site is against policy and include a link directly to your online AUP.
There are several tools emerging that use machine learning to know if a site may be malicious, and some will automate blocking a dangerous DNS request. These kinds of technologies do the heavy lifting, so your security team doesn’t get backlogged.
2. NextGEN Firewalls (NGFW) → Most organizations have NextGEN firewalls these days. These devices are multi-functional and do more than just IP blocking. Modern firewalls offer deep packet inspection, so you can actually see what application(s) employees are opening, even if the traffic is encrypted. They also deliver intrusion prevention and give you the ability to use more data intelligence than ever before.
If the firewall’s bandwidth is not a concern, you can use SSL decryption to inspect traffic and see what is happening, essentially becoming the authorized middleman. It’s also important to remember that not everything needs to be decrypted, which will also save you bandwidth. Bigger organizations may find it easier and more cost-effective to offload that processing power to a proxy that can sanitize the data and company IP before it goes out. That makes your digital footprint more anonymous. Proxies and SSL decryption can go a long way in cost/risk savings and simplify your overall security posture without sacrificing critical security elements.
3. Cloud Access Security Broker (CASB) → Our CTO, Pete Schmitt, wrote a great blog about CASB, so I won’t elaborate too much other than to offer this: as your business expands and you move away from having on-premise hardware and software, enlisting a CASB can save you a world of time and complexity.
A CASB’s ability to let you know what kind of PII you have in the cloud, where it resides, and if it is publicly exposed will save you more than just time and a headache. Get proactive on this front, and work with a CASB solution to build an extended access control system in your cloud infrastructure that can be monitored, responded to, and documented.
4. Secure Access Service Edge (SASE) → Tim McCulloch, our Director of Solution Architecture, wrote a great blog about SASE. So, I won’t elaborate too much other than to offer this: as your business continues to evolve in maintaining a remote workforce, SASE may be the strategy needed for growth.
A SASE solution offers great flexibility for managing infrastructure, attack surface, and threat and data protection while still allowing employees to access controlled resources. Finding the right solution might assist in layering in Zero Trust network access.
The truth is, there really is no ‘one size fits all’ approach to advancing your web filtering capabilities. Enhancing your strategy and architecture on this front will reduce your risk and help you be more prepared. While technology is an enabler of your strategy, it’s up to you to determine what is used to protect business assets and prevent data loss. Protect the business without impacting productivity. Determine the level of risk the business is willing to accept for data loss, security incidents, or even productivity. Come prepared to justify the level of protection that is required to protect the business.
You may also think, “I just don’t have the time to research all of the vendors offering these kinds of solutions.” I get it. A great next step is to engage an expert team to help you assess your unique web filtering requirements and then tailor a course of action that fits your needs.
Security should be an ongoing process, not a one-time project. If you begin with the end in mind, you’re one step closer to being prepared.
Need help advancing your web filtering?
Our expert team can help you assess and design a solution that works for your specific environment and needs.
“As a Cybersecurity Engineer, Jared partners with clients to help them identify product solutions that match their cybersecurity governance, risk and compliance objectives. He enjoys educating and advocating for a successful cybersecurity practice by focusing on client success. Jared brings a wealth of experience in content filtering, cybersecurity operations, and military service to help put clients on the path to success.”Jared HrabakConsulting Cybersecurity Engineer