With anti-virus software running on my computer, surfing the Internet feels pretty safe. But… do I really want to test my luck (and my anti-virus) to see if it can detect and block malware as it flows into my network or my laptop, though? No. That’s why I employ an excellent content filter to protect me from visiting sites where I could encounter malware.
The amount of malicious URLs that we see on a daily basis here at Kerio is truly disturbing. What’s more disturbing is how sophisticated the malware distribution points have become and how incredibly quickly hackers can turn on and off infected web pages.
Kerio Control UTM ships with a content filter module called Kerio Control Web Filter, which uses an excellent content classification service licensed from industry leader zvelo. Kerio Control Web Filter provides 27 broad categories, most of them productivity related. There are also nine specific security categories that you should pay close attention to and always block (Compromised, Phishing/Fraud, Anonymizer, Spam, Botnet, Hacking, Malware Call-Home, Malware Distribution Point, Spyware & Questionable Software) to make your network less susceptible to malware.
Content categorization in real-time
Like most things in Internet security, malware distribution is a game of cat-and-mouse. So what makes content filtering an excellent first line of defense? Simply put, it’s the ability to prevent a user from even visiting a page deemed infected. Compare that to anti-virus software, which can only inspect content already on its way to your computer or network. By then it may be too late to stop any damage.
When a user visits a new website or a new page within that website, the URL is instantaneously queried to zvelo’s automated categorization engine. If the auto-categorization engine is able to determine a category with a high confidence score, the URL will be immediately inserted and stored in the database. Kerio Control UTM can subsequently block or allow access based on your security settings. URLs stored within the database are quality controlled by a human team of Web Analysts.
Hackers often try to hack legitimate websites to make them part of their malware distribution scheme. That creates a complex challenge for all content categorization services. zvelo employs proprietary malicious website detection approaches, in addition to hundreds of external feeds that alert the security analyst team to malware and change the category of a page or a site in the database until the next security audit. Since content changes often on websites, clean pages also get revisited and audited, which helps improve categorization accuracy all around. This is an extra side benefit.
Best practice for network security
I strongly recommend that network administrators equip their Kerio Control UTM with Kerio Control Web Filter and anti-virus protection as critical components of a comprehensive multi-layer security strategy.
Original article available on our blog.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of