Content-control software, content filtering software, secure web gateways,censorware, and web filtering software are terms for software designed and optimized for controlling what content is permitted to a reader, especially when it is used to restrict material delivered over the Internet via the Web, e-mail, or other means. Content-control software determines what content will be available or perhaps more often what content will be blocked.

The motive is often to prevent persons from viewing content which the computer’s owner(s) or other authorities may consider objectionable; when imposed without the consent of the user, content control can constitute censorship. Some content-control software includes time control functions that empowers parents to set the amount of time that child may spend accessing the Internet or playing games or other computer activities.

Content Filtering Types

The Benefits of Content Filtering

  • Greater productivity – if 40% of employees’ activities are spent on non-work related activities, organizations can be losing many hours of valuable resource in an age when the cost of running a business is already extremely high.
  • Degradation of network performance – if people are continually using the web to download images, film clips and music, this will impact the network simply because it will slow it down. The result could be that you need to buy more (unnecessary) bandwidth to cope with the demand.
  • Need for legal compliance – some industries are regulated or constrained by stringent legal requirements, for example, financial services and pharmaceutical companies. As a result they must ensure that customer information is protected and not sent to a third party.
  • Growth in criminal activities – there has been many instances where individuals have used company resources to break the law. For example committing fraud or dealing in drugs using the company internet access.
  • To a large extent, organizations are responsible for the actions and behavior of their personnel.
  • Protection against loss of data – organizations need to protect vital information such as customer records and other proprietary information.
  • Enforcement of an acceptable use policy. An Acceptable Use Policy (AUP) is a set of rules and regulations that all employees would be required to sign regarding their behavior for using their PC and access to the internet. This, for example, could include only surfing the web for personal reasons (e.g. online banking) at lunchtime. It can also specifically outline that individuals should not send offensive material.
  • Prevent inappropriate use – by knowing that they are being monitored, personnel are unlikely use the network for reasons other than business.
  • Protection of reputation – preventing individuals sending scandalous emails can protect a companies brand and reputation.
  • Protection against harassment, defamation, fraud and illicit activities.

Network-based filtering

This type of filter is implemented at the transport layer as a transparent proxy, or at the application layer as a web proxy. Filtering software may include data loss prevention functionality to filter outbound as well as inbound information. All users are subject to the access policy defined by the institution. The filtering can be customized, so a school district’s high school library can have a different filtering profile than the district’s junior high school library.

E-mail filters

E-mail filters act on information contained in the mail body, in the mail headers such as sender and subject, and e-mail attachments to classify, accept, or reject messages. Bayesian filters, a type of statistical filter, are commonly used. Both client and server based filters are available.

Content-limited (or filtered) ISPs

Content-limited (or filtered) ISPs are Internet service providers that offer access to only a set portion of Internet content on an opt-in or a mandatory basis. Anyone who subscribes to this type of service is subject to restrictions. The type of filters can be used to implement government, regulatory or parental control over subscribers.

Search-engine filters

Many search engines, such as Google and Alta Vista offer users the option of turning on a safety filter. When this safety filter is activated, it filters out the inappropriate links from all of the search results. If one knows the actual URL of a website that features sexual explicit or 18 + content, they have the ability to access it without using a search engine. Engines like Lycos, Yahoo, and Bing offer kid-oriented versions of their engines that permit only children friendly websites.

Client-side filters

This type of filter is installed as software on each computer where filtering is required. This filter can typically be managed, disabled or uninstalled by anyone who has administrator-level privileges on the system.

Browser based filters

Browser based content filtering solution is the most lightweight solution to do the content filtering, and is implemented via a third party browser extension.

Internet Security Solutions

Forcepoint Web Security
Trend Micro Web Security
Symantec Secure Web Gateway
GFI WebMonitor


Forcepoint® Web Security products provide modern, innovative defenses. They rely upon Websense ACE (Advanced Classification Engine) and the expansive WebsenseThreatSeeker® Network for real-time content analysis. They include forward-thinking features such as advanced threat dashboards, forensic reporting and data capture, sandbox analysis of malware, and data-aware defenses that provide containment of sensitive information. And they are easily managed through the Websense TRITON™ Unified Security Center.







More Information: https://www.forcepoint.com/product/cloud-security/web-security

FortiProxy is a secure web proxy that protects employees against internet-borne attacks by
incorporating multiple detection techniques such as web filtering, DNS filtering, data loss prevention,
antivirus, intrusion prevention and advanced threat protection. It helps enterprises enforce internet compliance using granular application control. High-performance physical and virtual appliances deploy on-site to serve small, medium and large enterprises.


Solution Description
  • Advanced Protection against threats
    – Integration with FortiGuard Threat
        Intelligence Service
    – Web, DNS filtering and
        application control
    – Integration with FortiSandbox cloud
        and on-premise appliance
    – AV, IPS, DLP and Content Analysis
  • High performance and scalability
    – Custom –built security processing
        units for high performance
    – Scalability from small to large
    – HA availability for redundancy
  • Content Caching and WAN Optimization
    – Static and dynamic content caching
    – Multiple Content Delivery Network
    – Decrease Network Latency
    – Lower bandwidth overhead

Trend Micro™ InterScan™ Web Security Virtual Appliance is a secure web gateway that combines application control with zero-day exploit detection, advanced anti-malware scanning, real-time web reputation, and flexible URL filtering to provide superior Internet threat protection.

InterScan Web Security is also available as a cloud-based serviceoffering that extends security to your users beyond your corporate network. Another option is a hybrid model of both the virtual appliance on-premise and SaaS models to accommodate the different parts of your business.


Product Description

Fits your current IT strategy but can seamlessly evolve

  • Stops threats before they affect your network or users
  • Manages staff Internet activity
  • Centralizes control
  • Enables on-the-spot remediation
  • Reduces appliance sprawl and energy costs
  • Provides flexibility with three deployment options

Stops threats before they can affect your network and end-users

InterScan Web Security defends against the evolving web threat landscape. It also provides application visibility and control to help you manage how your employees use the web and cloud-based applications.

More information: http://apac.trendmicro.com/apac/enterprise/network-security/interscan-web-security/virtual-appliance/index.html

An advanced, cloud-delivered network security service that enforces consistent internet security and compliance policies for all users regardless of location or device.


Solution Description

Security architectures are becoming more stressed with network traffic merging onto the web and into cloud apps such as Office 365. Your data—and your security—has to follow wherever your employees go. Defend your enterprise with an advanced cloud-delivered network security service that’s highly scalable, high performing, cost-effective, and simple to use.

  • ‘Direct-to-net’ security reduces web traffic backhauls to corporate data centers and protects your entire enterprise, especially remote and branch offices, and mobile users.
  • Advanced capabilities—including secure web gateway (SWG), data loss prevention (DLP), advanced threat protection (ATP), cloud access security broker (CASB), email security, and more—secure all internet traffic with consistent policies that follow users wherever they go.
  • Security policy automated alignment, performance acceleration, security policy enforcement, and other optimizations secure Office 365 traffic.
  • SD-Cloud Connector simplifies connecting office locations to Symantec cloud-delivered applications.
  • Integration with Symantec Endpoint Protection (SEP) extends complete security all the way to your endpoints.

More information: https://www.symantec.com/products/secure-web-gateway

GFI WebMonitor® proactively protects your company from threats to productivity and malware by giving you complete control over Internet access in your company.


More Information: https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-webmonitor