While some colleges and universities may deploy web filtering to block internal users from accessing certain content or websites, more and more higher ed institutions are turning to increasingly sophisticated web filtering to handle a wide variety of external security threats, particularly with the advent of bring-your-own-device (BYOD) programs.
When deployed as part of a "defense in depth" strategy, unified threat management (UTM) tools — which include web-filtering capabilities — enable IT to protect against spyware and malware, monitor bandwidth and network use and prohibit illegal activities or file sharing. Whether to take a software-based, managed-service or hardware appliance approach simply is a question of resources and specific needs.
For those institutions with limited resources, a software-based solution may be a cost-effective choice for preventing network users from accessing certain sites. But software solutions also require an institution to determine whether adequate server resources are available to dedicate to filtering tasks. Once hardware and licensing requirements are met, in some cases the total cost of ownership for a software-based solution can end up costing more than a hosted service.
The Right Tools for the Job
On many campuses, web appliances such as those from Sophos, Barracuda Networks and SonicWALL, provide edge-of-network security that halts malware before it reaches in-network browsers. Most can identify rogue users or policy abuse in real time, and offer reporting capabilities and endpoint protection that extends to offsite users and mobile devices. When it comes to the actual filtering, appliances can offer IT more granular control — in most cases, directly from the firewall, which also eliminates the need for a dedicated filtering server. Today's appliances also offer valuable insight into encrypted traffic, social network regulation and remote filtering capabilities.
John Grady, research manager for IDC's security products group, reinforces the value of today's multifunction web security and UTM devices: "I see this as the gradual evolution of unified threat management. The latest devices offer better integration between technologies, as well as application control and the ability for systems administrators to set very granular policies for users or groups of users."
Jon D. Allen, assistant vice president and chief information security officer for Baylor University, says his institution uses a security appliance, but does not actually prevent users from accessing malicious web content — like many research universities. He says the greatest challenge to his environment is the pace at which new threats come to light each month, or even each day.
"User education is becoming difficult," he says. "The days of broken-English spam emails are kind of falling behind us and the sophistication with which the attacks are coming in are at a level where it's very difficult for me to tell my user base, 'Hey, watch for this.' "
That's a common complaint among many institutions. Some, like The Ohio State University, further rely on a subscription service that provides the most up-to-date information on known threats.
"We don't actually block the malicious content, we warn the user," Allen says. "It's up to them, and then we're not keeping researchers from accessing the content they may need. At the same time, we're educating those users who may be on Facebook, download a plug-in to watch a video and have no clue that this could be damaging content."
Detection is "probably our greatest area of concern, that the hackers' ability to detect vulnerabilities and penetrate them without being detected has increased sharply."
— Tracy B. Mitrano, Principal, Mitrano and Associates
"We just implemented a next-generation firewall, and use it for the normal firewall rules, in-and-out traffic, but we've also implemented their anti-virus feature as well as the content filtering. We only filter known malicious and phishing sites. I just want to give people a fast, reliable and safe service that doesn't impede research."
— Timothy Smith, Director, Infrastructure and Operations, College of Arts and Sciences, The Ohio State University
"The throughput is quite a bit faster. It's hard to quantify when you're talking milliseconds and nanoseconds, but from a user's point of view, when you're filtering through all of that stuff, it is noticeable. Another nice thing about the appliance we use is that if malware or a virus is embedded inside another application, it actually looks at all of the code going through and it actually drops the packets. I've experimented with that, trying to download known infected programs off the Internet, and it stops me dead."
— R. Neal Moss, Systems and Network Analyst, Information Technology Infrastructure, Brigham Young University-Hawaii