Top 3 Web Filtering Myths Busted
[00:00:05] We discuss many things starting off with misconceptions when it comes to web filtering. We also discuss the UTM involvement in managing security for organizations, including schools.
[00:00:47] Hello, Geoff, thank you for joining us on the podcast. Why don’t you introduce yourself to the listeners and explain your role here at Netsweeper?
[00:00:58] In terms of my background, I’m a career technologist. I’ve got 30 years in software design, implementation, and architecture. I’ve worked in all sorts of high-volume transaction processing roles.
I’ve worked in e-commerce, I’ve worked with Telco’s, I’ve done CRM and I’ve worked primarily with small to mid-sized companies.
At Netsweeper, I’m responsible for driving innovation and enabling special projects. My goal is to take that innovation and be able to introduce it into the core product offering and deliver that to the next customer base.
Myth #1: Web Filtering is Only About Control
[00:02:22] When we think about what filtering is, I think a lot of people immediately jump to tools for control and censorship. Those types of things obviously come with very negative connotations. And we can see the impact of what’s going on in terms of even looking at things like the US election and how both sides of the political spectrum are making arguments that social media is inappropriately censoring them and how that’s affecting the ongoing narratives around the world.
[00:03:00] And so nobody wants to see censorship or control. It’s not our goal at Netsweeper to limit any form of legal discourse that you would expect to be able to happen. But I think that’s a key differentiator.
[00:03:17] I think we can all agree that there are also inappropriate types of dialogue, inappropriate types of content, that exist that you wouldn’t want to expose kids to or that would be illegal within your country or municipality or whatever the case happens to be.
In the same way that you wouldn’t just let a minor walk up and have a dialogue with any random stranger and have them teach them about whatever they think is appropriate, you want to have the ability to have some level of control over things that is universally deemed acceptable inside of the existing structure.
In terms of the laws of what is appropriate for minors or for adults, these are already established. We aren’t trying to recreate those things and we aren’t trying to define what is appropriate and what’s not appropriate. The role of Netsweeper in the environment is to work alongside of already established norms and help bring that to the Internet.
And in fact, you may even have as an individual or as a family, your own personal views on what’s appropriate content and what’s not appropriate content.
[00:04:35] And the idea of being able to curate or control the experience that you have on the Internet is as relevant and important to you as an individual as it is in terms of the society, but societal values that you may participate in at whatever level of government happens to be appropriate.
[00:04:55] So we don’t believe in censorship. We don’t believe in control. We want to make the Internet a better place within the context of the already established norms that exist in whatever society that we’re participating in.
Myth #2: Cloud is the Only Right Solution
[00:05:11] As we all know, cloud technology and cloud deployment play an important role within Netsweeper’s infrastructure and offerings and really helps us stand out against competitors in the filtering technology industry and cybersecurity industry.
However, there seems to be a misconception that cloud is the only right solution, and other technology firms seems to jump on that trend.
[00:05:39] First, can you explain Netsweeper’s cloud technology and then explain why cloud is meant to be the enabler, not a choice of one or the other.
[00:05:51] I think that’s really critical in terms of understanding where the world’s going and how technical infrastructure gets built, and it’s very easy when you talk about something that exists within the network to get quickly pulled into a discussion about technology. And unfortunately, a lot of people have very strong beliefs about what is the right way to deploy a particular piece of technology.
You know, when you discuss cloud, it becomes, you know, are you a cloud only or are you client app only or are you on premise? And people tend to have strong opinions about that.
[00:06:42] The reality is, is that there are pros and cons to each of these types of deployments. And the discussion really should be about what is the business goals and what is the appropriate way of rolling out the technology so that it meets those business goals.
[00:06:58] As a vendor, when we’re looking at how we want to service the market, our goal needs to be flexibility because we recognize that each business has a different set of goals, has different cost of goods needs, has different resiliency requirements in terms of what they want to see out of a solution.
[00:07:21] And as such, then we need to be able to provide as a vendor a solution that doesn’t force them to make those decisions up front that meets their evolving needs as a business.
So, for example, if detailed monitoring is the solution, that is the right fit and is what they need because they need to be able to have guaranteed blocking of access to resources, implementing on premise might be the most appropriate so that it prevents a user on their own device from circumventing security.
So, if that is the most important thing that the business cannot accept any risk on, then on premise might be the better solution for them versus if you want something that’s easier, where you must be able to see the input that a user is making, maybe on the devices is better.
[00:08:13] So there’s different compelling drivers that affect what solution is most appropriate.
Cost. Every business is always interested in cost. And so, when we’re looking at a given solution that can be very different cost profiles, if you need to have a cloud service, but you want to also be able to firewall everything and inspect every single packet, that can be a significant cost because you have to move all of the data out and through that cloud offering in order to get that same level of security.
And with that comes throttling and latency and all sorts of other problems that may negatively impact the user experience.
[00:08:56] So I think suggesting that a one size fits all type of technical approach is not the right answer. For me, it just doesn’t provide the flexibility that is needed to meet the evolving business needs.
The solution needs to be architected in a way that allows different components to be able to be deployed either in the cloud or on premise or on the clients to address the goals, price, and operational requirements of the business.
[00:09:26] And not only that, but it needs to be able to evolve over time because as the business needs and drivers change, so should the application of the technology. It should be able to seamlessly move from those three different spheres so that you can maximize and optimize the solution in line with your business goals.
[00:09:50] So that that’s the way I see it. I think a properly implemented solution doesn’t force you to have to have those dialogues up front. It allows you to have the flexibility to meet your needs as time goes on.
[00:10:09] I think it’s very interesting how you’ve brought up these two very common points, goals and flexibility. And it really is about the organization or business or whoever is trying to deploy this cloud technology. It should be something that is beneficial and meets those goals of that organization.
[00:10:34] How do you differentiate your competitor if you don’t have a system that has flexibility at its heart?
[00:10:45] I 100% agree with you there.
Myth #3: A UTM is an Appropriate Solution for Web Filtering
[00:10:48] I would also like to touch upon the confusions that organizations, businesses, and school districts run into with web filtering when comparing it to a UTM, a unified threat management device. Obviously a UTM is an essential part of running a small organization in regard to upholding cybersecurity. So, there’s a lot of misconceptions that comes with that.
Can you explain how a UTM is not an appropriate solution for web filtering and why it’s really important to have a dedicated web filter, especially in a school.
[00:11:28] Sure, absolutely. A UTM has a place, there’s no question having a system in place that helps cover a wide variety of threats to the organization is important.
[00:11:46] UTMs tend to be general-purpose solutions to security, and they grew up from initial security providers that existed in firewalling and the threat management marketplaces.
[00:12:01] They focused on providing protection against external malicious attacks such as hackers or viruses, with a focus on minimizing data breaches and denial of service attacks and all these types of things that we hear about that are threats to the organizational presence on the internet. And that’s not what content filtering is.
[00:12:25] And so having systems in place that address those business needs is critically important in terms of a holistic approach to security for the organization.
[00:12:38] Now, having said that, Netsweeper is a complementary product, in my opinion, while organizations that provide UTM and DPI solutions will say that they do content filtering.
[00:12:58] For them, it’s a limited and adjunct part of their suite of threat management. And as such, it doesn’t typically have the same level of focus that Netsweeper puts on it.
[00:13:09] Netsweeper is a complementary product. It’s focused on the understanding, the nature of the content, and not just whether it’s a technical threat. So, it’s not about whether you’re undergoing a denial-of-service attack, or whether someone’s trying to hack into your systems.
[00:13:30] It’s more at the level of understanding that certain content represents a threat to your user base, as opposed to understanding whether or not it’s a technical threat at the infrastructure level.
[00:13:51] And it requires a significant amount of focus to be able to categorize all this information and understand that certain types of information shouldn’t exist within your environment and other types of information are completely reasonable to live inside of your environment.
[00:14:09] And it’s the responsibility of businesses to make sure that they provide a safe and secure environment. And as you pointed out, schools have a stronger responsibility in so much as people in those environments really do need that extra layer of protection from the vast quantities of information that exist out there in the wild west of the Internet.
[00:14:35] So a UTM is dealing with the huge number of threats that exist at the technical level. While they may have a bolt on product, they aren’t focused on the content, whereas we focus on the content and the categorization and it becomes a complementary, multilayered approach.
[00:15:02] There’s a concept of depth of defense. If you accept that any one solution is going to have vulnerabilities, then an approach to address that is this depth of defense where you put in multiple layers. And it’s just like if you hold a piece of Swiss cheese, it’s pretty easy to see where the holes are.
[00:15:31] But if you put three or four different pieces of Swiss cheese stacked on top of each other, suddenly none of the holes line up and you have an impregnable barrier. So, I think it’s important if you’re creating a holistic security approach that you want to have different layers of security.
[00:15:50] And when you look at Netsweeper and you look at our advanced AI and how we process and review all of the content that comes through the environment, and we can then categorize that content and allow you to put in place governance around which content is enabled, and which content is not. That is a huge piece of work and that sits at the core of our identity.
[00:18:09] And one thing I really like to touch upon about UTMs, is it’s not really meant for large scale settings. And cybersecurity is a high priority for organizations. They should individually get all those different packages that come with the UTMs, for example, a dedicated web filter, a dedicated firewall because they’re obviously more vulnerabilities if you just buy a one in all solution.
[00:18:39] Well, certainly with any organization, it’s hard to know where your blind spots are. So, having that depth of coverage I think is important and having a multi-tiered, sophisticated approach to threat prevention is important. I think you also touched on something that’s interesting, though, is UTMs, they sit in network.
[00:19:00] And so, as a result, scaling that can even be challenging when you’re running everything, when you’re doing everything through one common platform, scaling of that platform can become a challenge.
[00:19:14] And so that’s something to consider that even though a single platform can do potentially a whole bunch of different functions, it can for a large organization or when you get into larger Telco’s, it becomes a scaling challenge to scale up that platform and have it be able to take on all those roles.
[00:19:35] In many cases, they just need support to be able to process the terabit formation that are coming through some of these platforms today, especially with, you know, the changes in the world, the global pandemic. Everyone’s doing work from home.
There is more video and more bandwidth being consumed than really ever has been in history over the course of these networks. These implementations aren’t necessarily designed to scale and can’t deal with all of those things all at the same time.
And so, having secondary tertiary components in your network that are providing those layers, both of security and scalability, I think is an important element to this discussion as well.