Colleges Take a Sophisticated Approach to Web Filtering

While some colleges and universities may deploy web filtering to block internal users from accessing certain content or websites, more and more higher ed institutions are turning to increasingly sophisticated web filtering to handle a wide variety of external security threats, particularly with the advent of bring-your-own-device (BYOD) programs.

When deployed as part of a "defense in depth" strategy, unified threat management (UTM) tools — which include web-filtering capabilities — enable IT to protect against spyware and malware, monitor bandwidth and network use and prohibit illegal activities or file sharing. Whether to take a software-based, managed-serv­ice or hardware appliance approach ­simply is a question of resources and specific needs.

For those institutions with ­limited resources, a software-based solution may be a cost-effective choice for preventing network ­users from accessing certain sites. But software ­solutions also require an institution to determine whether adequate server resources are available to dedicate to filtering tasks. Once hardware and licensing requirements are met, in some cases the total cost of ownership for a software-based solution can end up costing more than a hosted service.

The Right Tools for the Job

On many campuses, web appliances such as those from Sophos, ­Barracuda Networks and SonicWALL, provide edge-of-network security that halts malware before it reaches in-network browsers. Most can identify rogue users or policy abuse in real time, and offer reporting capabilities and endpoint protection that extends to offsite users and mobile devices. When it comes to the actual filtering, appliances can offer IT more granular control — in most cases, directly from the firewall, which also eliminates the need for a dedicated filtering server. Today's ­appliances also offer valuable insight into encrypted traffic, social network regulation and remote filtering ­capabilities.

John Grady, research manager for IDC's security products group, ­reinforces the value of today's multifunction web security and UTM devices: "I see this as the gradual ­evolution of unified threat ­management. The latest devices offer better integration between technologies, as well as application control and the ability for systems administrators to set very granular policies for users or groups of users."

Jon D. Allen, assistant vice president and chief information security officer for Baylor University, says his institution uses a security appliance, but does not actually prevent users from ­accessing malicious web ­content — like many research universities. He says the greatest ­challenge to his environment is the pace at which new threats come to light each month, or even each day.

"User education is becoming difficult," he says. "The days of broken-English spam emails are kind of ­falling behind us and the ­sophistication with which the ­attacks are coming in are at a level where it's very difficult for me to tell my user base, 'Hey, watch for this.' "

That's a common complaint among many institutions. Some, like The Ohio State University, further rely on a subscription service that provides the most up-to-date information on known threats.

"We don't actually block the ­malicious content, we warn the user," Allen says. "It's up to them, and then we're not keeping researchers from accessing the content they may need. At the same time, we're educating those users who may be on ­Facebook, download a plug-in to watch a video and have no clue that this could be damaging content."