A HTTPS content filtering solution is a tool that inspects the content of “secure” websites in addition to “regular” websites. “Secure” sites are those authenticated by a Certificate Authority and whose URL begins with https://. When you navigate to a “secure” website, the data transferred between your web browser and the website is encrypted to protect against eavesdropping, tampering, or forging the contents of the interaction.
Originally used for secure transactions such as online banking, over the past decade more and more sites have been changing to HTTPS. In order to keep user conversations private, even social media sites have adopted secure connections. However, mirroring the growth of HTTPS websites, there has been a growth of fake HTTPS websites. Cybercriminals can obtain SSL certificates for free simply by verifying ownership of the domain. The SSL certificate is obtained before any malicious content is used on the domain. HTTPS means the connection to the website is secured. It does not mean that the website is not malicious.
Consequently, a “standard” Internet filter is not sufficient to ensure your Internet users are exchanging information with genuine websites. Although Internet filters can be configured to block access to every HTTPS website except those you explicitly allow, it is far safer to only implement Internet filters with SSL inspection – filters that decrypt the content of the website, inspect it, and then re-encrypt it before allowing access. With HTTPS web filtering, users can access any website that does not contravene your acceptable Internet usage policies. Businesses that do not have a content filtering firewall can easily implement a hardware or software-based standalone HTTPS URL filtering solution.
Benefits of Internet Filters with SSL Inspection
In addition to adding strength to an organization´s online security defenses, there are other benefits of Internet filters with SSL inspection. By implementing a HTTPS content filtering solution with SSL inspection, system administrators can choose to block or allow access to certain applications within a website.
Using solutions to filter HTTPS traffic that have SSL inspection capabilities, administrators can block access to applications such as Facebook Messenger and Facebook Live while allowing access to the rest of the Facebook site. The same process could be applied to Twitter, Google Apps and any other vehicles used to promote your business, but which you would not want your employees using for private conversations during work.
Internet filters with SSL inspection can also identify HTTPS websites containing inappropriate content in encrypted format that might otherwise be missed by a “standard” web content filtering solution. This means that access to websites containing pornography or racial hatred will be blocked by a HTTPS content filtering solution with SSL inspection rather than being allowed by a “standard” web content filtering solution because its category or keyword filters have been unable to find any prohibited material on the site.
Avoid CPU Strain with Whitelisting
There is a known issue with Internet filters with SSL inspection. The resources required to decrypt, inspect and re-encrypt every encrypted website can place a significant strain on CPUs during times of peak Internet activity. This in turn reduces Internet speeds, can affect access to emails and negatively affects network performance in general. Fortunately, there is a simple solution to overcome this common SSL filtering problem – whitelisting.
Whitelisting is a process in which the URLs of the most frequently accessed websites are entered into the HTTPS content filtering solution. This allows the websites to bypass the SSL content filtering mechanisms, reducing the volume of SSL inspection required and reducing latency. Most businesses will only need to enter a handful of trusted websites into the HTTPS content filtering solution in order to avoid CPU strain, so implementing the whitelisting solution should be quick and easy. Care should be taken, as when whitelisted, HTTPS content filtering will not take place. Whitelisting should therefore only be used on 100% trusted websites.
In addition to being able to whitelist trusted websites, it is also possible to whitelist trusted apps and apply the whitelisting of these apps to specific users or user groups. Whitelisting can be a quicker and easier alternative to creating exemptions from Acceptable Use Policies if, for example, you wanted to provide certain executives with access to the Facebook instant messaging app or Skype.
TitanHQ´s Solutions to Filter HTTPS Traffic
TitanHQ has developed a suite of solutions to filter HTTPS traffic – WebTitan Cloud, WebTitan Gateway, and WebTitan Cloud for WiFi – all of which have SSL inspection included as standard. Whether your organization is looking to add strength to online security defenses or to enforce acceptable use policies, WebTitan is an HTTPS content filtering solution that will meet your organization´s requirements.
Many organizations have already found that using WebTitan to filter HTTPS traffic ticks the right boxes. WebTitan´s Internet filters with SSL inspection are scalable and versatile, with simple configuration and a low maintenance overhead. The solutions to filter HTTPS traffic have been developed to make controlling the web pages your employees can access as simple as possible.
Importantly for the security of your network, TitanHQ´s solutions to filter HTTPS traffic conduct secure conversations in transparent mode. This mode alerts users to fake HTTPS certificates and possible man-in-the-middle attacks. Although the data being communicated may be encrypted, the enhanced level of security prevents cybercriminals using the channel of communication to create gateways in unmonitored ports. Businesses can choose whether or not to enable HTTPS content filtering. However, it is advisable to keep the HTTPS filter turned on due to the high risk of phishing attacks and malware downloads.
|WebTitan Gateway||WebTitan Gateway is a powerful HTTPS content filtering solution offering protection against all forms of Internet threats such as malware, ransomware, and phishing attacks. Our leading HTTPS content filtering solution can be installed directly onto an organization´s existing system or hosted within a virtual environment. Being a 100% software-based solution, hardware purchases are not required.|
|WebTitan Cloud||WebTitan Cloud offers the full security of Internet filters with SSL inspection with a low maintenance overhead. WebTitan Cloud is a DNS-based HTTPS content filtering solution which simply requires the realignment of an organization´s DNS servers. There is no on-site software installation required and filtering parameters can be set and adjusted via an easy-to-use web portal that has an intuitive interface. This is the easiest HTTPS URL filtering solution to implement. Businesses can content filter HTTPS and HTTP websites in minutes.|
|WebTitan Cloud for WiFi||WebTitan Cloud for WiFi is an appropriate solution for organizations maintaining a wireless network. WebTitan Cloud for WiFi protects your network from Internet threats as well as the devices that connect to the network. Regardless of the number of users connected to your wireless network, our solutions to filter HTTPS traffic for WiFi networks delivers filtered Internet access to all devices with imperceptible latency.|
Features and Benefits of the WebTitan HTTPS Content Filtering Solution
Whichever of our Internet filters with SSL inspection is most appropriate for your organization, each HTTPS content filtering solution will provide you with the following features:
- Automatic Updates
All software updates are automatically performed by TitanHQ. This includes updates to installed blacklists and category filters so that your HTTPS content filtering solution is always up to date. This allows your IT department to focus on business-critical issues.
As mentioned above, whitelisting trusted websites so they bypass the filtering mechanisms eliminates latency and enhances network performance. The whitelisting process on all WebTitan solutions is straightforward and executed via the web-based management portal.
- Email Alerts and Automated Report Scheduling
Our solutions to filter HTTPS traffic also save administrators time by registering whenever an attempt is made to access a prohibited website. The solution can be configured to send real-time alerts by email when this happens. Automated report scheduling delivers oversight into user browsing activity in order to help with the enforcement of acceptable use policies and nip HR issues in the bud.
- Backend Integration with LDAP / NetIQ / Active Directory
If your organization uses directory services such as LDAP, NetIQ, or Active Directory, WebTitan provides the APIs to integrate our HTTPS content filtering solution into your directory service and other deployment, billing and management tools.
- Simple Acceptable Use Policy Changes
Our Internet filters with SSL inspection allow system administrators to make acceptable use policy changes by user, user-group, department, or universally via an easy-to-use and intuitive interface that requires no technical expertise to use.
- Time-Based Filter Controls
Time-based filter controls enable your organization to set filtering parameters for specific times of the day. This can benefit an organization that experiences bandwidth issues during peak traffic hours, but wishes to relax their content controls during quieter periods.
- Multi-Lingual Filtering
Internet threats are not exclusive to the English language. All WebTitan solutions to filter HTTPS traffic support multi-lingual filtering to prevent employees falling victim to phishing campaigns launched by foreign hackers or viewing inappropriate material from overseas.
- Dual Antivirus Engines
WebTitan offers excellent protection against malware, botnets, and ransomware through collaboration with two leading antivirus companies. The dual AV engines from Bitdefender and ClamAV ensure that all known malware is blocked.
- Protection for WiFi Networks
Webtitan Cloud for WiFi allows businesses to extend the same level of protection they have in place on their wired networks to their WiFi networks, ensuring protection for all wireless and BYOD devices.
- Industry-Leading Customer and Technical Support
We believe that our Internet filters with SSL inspection could not be any simpler to implement and maintain. However, we will always be on hand to provide customer and technical support if you need help with filtering HTTPS traffic or have any other issues.
WebTitan HTTPS Content Filtering Solution Pricing
WebTitan HTTPS content filtering solution pricing is based on three different factors – The solution used to filter HTTPS traffic that suits your organization, how many Internet users you want the HTTPS content filtering solution to support, and the length of time you wish to subscribe to our service.
We also offer a monthly payment option for organizations on a restricted budget and – before you make a decision about subscribing to a HTTPS content filtering solution – we invite you to take advantage of a free trial without any obligation on you to continue with our service thereafter (all we ask for is your email address).
Internet Filters with SSL Inspection for MSPs
If your interest in Internet filters with SSL inspection is due to your organization being a managed service provider, we would like to speak with you. Undoubtedly you will appreciate that solutions to filter HTTPS traffic with SSL inspection provide the highest level of protection for your clients, but did you know that WebTitan offers its Internet filters with SSL inspection in white label format? Not only that, but we also offer the option of hosting the service within your own infrastructure.
With self-branding and self-hosting, managed service providers and resellers can market the HTTPS content filtering solution as their own and offer it as an additional service or stand-alone product – not only generating revenue from existing clients, but attracting new clients to your business and reinforcing your brand image. Contact us today for further information about Internet filters with SSL inspection for MSPs and for details of our MSP pricing structure.
Are guest networks secure?
Guest Wi-Fi networks are set up to keep guest users away from your main network and sensitive data and are essential for security. You should restrict what users can do when connected to the guest Wi-Fi network, including using web filtering to control Internet access. You can use a firewall and set a rule for access to a printer, but consider creating a separate intranet for guests.
What guest Wi-Fi security best practices should I adhere to?
Make sure you create a guest Wi-Fi network that is isolated from your main network. Set a SSID that does not draw attention to the business but can be recognized by guests. Set a unique password for guest users. Carefully control the Internet content guest users can access by implementing a web filtering solution.
Can users bypass a HTTPS content filtering solution?
The most determined users may be able to find a way to bypass a content filter, but there are steps you can take to make this difficult. First, you need to lock down your DNS settings so they can only be changed by the IT department. Then, you should configure the content filtering solution to block anonymizer services through which the internet can be accessed anonymously.
How does WebTitan Compare to Cisco Umbrella?
In many ways, WebTitan is a direct swap out for Cisco Umbrella, which is one of the most expensive content filtering solutions on the market. WebTitan provides the most important content control features businesses need at a fraction of the cost of Cisco Umbrella, with no hidden extras.
How much does a HTTPS content filtering solution cost?
There is considerable price variation between different HTTPS content filtering solutions. At the upper end of the price range are feature-rich solutions that cost more than $2.50 per user, per month. WebTitan on the other hand is very competitively priced and is a feature rich solution with highly granular controls that starts from as little as $0.90 per user, per month.