Content Filtering companies have gained quite a bit of traction in the Computer Network Defense (CND) industry. The goal of content filtering is to attempt to stem the carnage that malicious sites can wreak on unsuspecting individuals and companies by blocking access to malware and other forms of ransomware.
The filtering engines work by way of proxying requests between the end user and the destination site. They are performing a “man in the middle” attack between the user and the destination by a number of different ways such as DNS cache poisoning (Cisco’s Umbrella), and content interception (Symantec’s Bluecoat). Filtering engines use a combination of human control and machine learning to differentiate safe sites from malicious sites. Even more than static understanding of sites, filtering engines can identify when a safe site is hijacked and will block traffic when that known safe site is compromised.
Identifying safe sites is not precise, and is not exact — the task is all a best effort. The beginning of the best effort is listing the site in the filtering engines. If you don’t have your site listed as “safe” by the content filter company, you will likely be blocked!
1. Goals of the bad guy
To understand the goals of the bad guy, and more importantly why your site might be blocked by a content filtering service, consider this: The goal of having a web site is to have folks be able to visit the site. At the same time, the goal of bad guys is also to have visitors land on their sites.
Now that we understand the simple goal, why are these “man in the middle” attacks being performed by the good guy? The reason is fairly straight forward.
In the case of content filtering, the goal is to prevent or at least reduce the opportunity of an unaware user landing on the malicious web site, and at the same time allow traffic to “known good” sites. This is where your site comes in.
Be sure to submit your site for review to as many of the content filtering and reputation sites as you can identify. Many companies who deploy a proxy content filter system will deny access to sites that have no reputation, and this will prevent potential users of your site from even accessing your site in the first place.
2. Content Filter sites to consider
Consider submitting your site to at least the following content filter companies. In each of the groups, the first URL link is the link to this site’s equivalent lookup. If available, you can click that link to understand what to expect from your personal report. The second link is the URL Submission link, to search for your particular URL.
Symantec Bluecoat WebPulse Site Review
McAfee Check Single URL
WebRoot BrightCloud Threat Intelligence
TrendMicro Site Safety Checker
Cyren URL Category Check
Palo Alto Test a Site
zVelo Web Categorization
Cymon Open Threat Intelligence
Talos real time check
If you have any questions or comments on this article please leave me a note by clicking here.