Integrated content filtering

Content filters now represent a common tool in the arsenal of corporate information security groups. . These all-in one tools provide a centralized approach to filtering an organization's Web traffic, electronic mail and file transfers for malicious code and/or inappropriate content. In the past, administrators hoping to achieve a robust security posture were forced to install and maintain a variety of devices ranging from antivirus software to URL filters.

The latest wave of content filters combines all of these technologies into an integrated solution, making for a reduced administrative burden. On the other hand, they come with a correspondingly heavy price tag. Some of the more popular solutions are Aladdin's eSafe Gateway, Trend Micro's InterScan eManager, NetIQ's Marshall Content Security Solutions and ISS' Proventia.

There are, of course, some fundamental questions that you should ask when evaluating any of these solutions for your enterprise:

• How much protection do I need? What type of filtering is necessary and what can I afford? Does the threat justify additional investment?



More Information Visit our URL/Content filtering for news, tips and expert advice. Learn top tools for testing your online security.

• Should I purchase an appliance-based solution or a software package that I will install on my own server? In some cases, you may wish to use a dedicated appliance for ease of administration and centralized security. If you're running several packages on the same server, you may wish to purchase a software license only and install it on your own hardware.


• What are the maintenance costs associated with the product? In addition to the initial license acquisition, you'll need to purchase annual support and update agreements to keep your software current and your filters functioning properly.


• Is there support for third-party security solutions? Many packages are capable of directly interacting with firewalls, intrusion-detection systems and other perimeter protection devices. Additionally, you may be able to integrate your current content-filtering solutions to get a second opinion from an independent algorithm.


• How will this software integrate into my current environment? If you're currently using an SMTP server, you may wish to use the content filter as an SMTP gateway. On the other hand, some packages are capable of integrating directly with other mail servers (such as Microsoft Exchange or Lotus Notes) at a higher level, increasing the efficiency of scans.

Most importantly, keep in mind the fundamental requirement: You must be able to trace the software back to a legitimate business need. If you can justify the expense (and some of these packages run over $25,000), integrated content-filtering packages can make security monitoring a breeze!

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Web Security Tools and Best Practices,   Application and Platform Security,   Web Application and Web 2.0 Threats,   Web Server Threats and Countermeasures,   Web Security Advisor,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Web Application and Web 2.0 Threats New Facebook worm propagates using sexy model Web security firm ranks Firefox, Safari browsers as flaw prone Web application vulnerability assessment shows patching progress Layoffs prompt insider threat fears, cybersecurity survey finds Botnet masters turn to Google, social networks to avoid detection Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Kaspersky system analyzes malicious URLs on Twitter for malware Pushdo botnet uses Facebook to spread malicious email attachment Do Facebook URL security concerns justify blocking social networks? Web Server Threats and Countermeasures Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis Web Security Advisor DNS rebinding defenses still necessary, thanks to Web 2.0 New defenses for automated SQL injection attacks PCI compliance and Web applications: Code review or firewalls? Worst practices: Bad security incidents to avoid Web scanning and reporting best practices Social networking Web site threats manageable with good enterprise policy Enterprise security in 2008: Building trust into the application development process PCI DSS Section 6: A plan for tackling application security Making the case for Web application vulnerability scanners Preparing for uniform resource identifier (URI) exploits RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.