Web filtering

Web filtering is a security control that restricts the websites a user or system can visit. It utilizes DNS filtering for phishing and malware prevention by proactively blocking connections to known dangerous URLs, thereby preventing malicious payloads from downloading and stopping users from entering credentials into fake login pages.

The ISO 27001 A.8.23 web filtering control requires organizations to implement technical and administrative measures that manage and restrict access to external websites. Meeting ISO 27001 web filtering requirements ensures the organization systematically reduces its exposure to malicious internet content.

When comparing a secure web gateway vs proxy vs DNS filtering, DNS filtering blocks access at the domain name resolution level, making it fast and lightweight. URL filtering blocks specific web paths rather than just the domain. A Secure Web Gateway (SWG) provides deep inspection of web traffic, including SSL decryption and granular content filtering.

To understand how to implement web filtering for remote workers, organizations should deploy cloud-based SWGs, VPNs that route traffic through a secure perimeter, or endpoint-based web filtering agents. These tools enforce the corporate web filtering policy regardless of the user's physical location.

A robust web filtering policy template should define acceptable web usage, outline specific web content filtering categories and enforcement rules (e.g., gambling, adult content, malware), and detail the formal exception procedures. This policy is typically included as a section within the broader Information Security Policy.

Managing exceptions requires a formalized web filtering exception process and whitelisting procedure. Requests must be justified by business needs, reviewed and approved by security personnel, and restricted strictly to the required URL or IP address for a limited duration to prevent broader risk exposure.

For web filtering logging and reporting for audits, organizations must provide system logs showing actively blocked connection attempts, configuration screenshots of the filtering tool's active rule sets, and documentation proving that exception requests are handled through formal change management tickets. WatchDog Security's Compliance Center can help centralize this evidence and maintain an audit trail of collection, review, and ownership over time.

Best practices dictate a defense-in-depth approach, enforcing filtering at both the network gateway for on-premises devices and at the endpoint for mobile and remote workers. This ensures continuous protection and policy enforcement regardless of how a device connects to the internet.

Threat intelligence feeds powering the filters should update continuously and automatically. However, the internal web filtering configuration, including custom allowlists and blocked categories, should be formally reviewed at least annually or when organizational business requirements change.

Following URL filtering best practices for enterprises involves utilizing 'warn and proceed' features for ambiguous content categories, allowing users to acknowledge the risk before proceeding. Establishing a rapid, SLA-driven exception process also ensures that legitimate business activities are not indefinitely hindered by false positives.

Web filtering often fails in practice when policies go stale or exception approvals are undocumented. Tools like WatchDog Security's Policy Management can track policy versions and acceptance, while WatchDog Security's Compliance Center can help tie exception requests, approvals, and review cadences to audit-ready control evidence.

Auditors typically expect more than a one-time configuration screenshot: they look for recurring proof of enforcement, monitoring, and review. WatchDog Security's Compliance Center can organize scheduled evidence pulls (e.g., SWG/DNS filtering reports, category rules, exception tickets) and map them to A.8.23 so teams can demonstrate ongoing operation.