A Brief History of the Block Page

The Rise of Content Filtering and Secure Web Gateway Functionality

Aren't content filtering and secure web gateways the same?

We get that question a lot here Avast Business, and we could spend a lot of time pointing at Reddit and Slashdot arguments about this. Some folks think it's just marketing mumbo-jumbo, and some think the technologies do the exact same thing.

While both of these technologies accomplish similar tasks, they are quite different. Most of the differences lie in the origins and the implementation of the two. The proliferation of cloud-delivered security has also changed the landscape for both technologies:

The Origin Story

Content filtering has been around since the printing press. Humans have been trying to prevent other humans from consuming content for nearly 1000 years.

The earliest and most widely known example in my lifetime, just prior to the digital age, was the introduction of the MPAA movie ratings back in 1968. More recently, the ESRB started rating video game software back in the early 1990s, followed by an official ratings system back in 1994. We still use these systems today as a general guideline... at what age is my kid allowed to go to a PG-13 movie with their friends?

Both of these examples are perfect ones for what content filtering does and why it was created. Content filtering blocks objectionable content, and was originally designed to keep children safe.

Secure Web Gateways, however, came about with a different purpose in mind: Blocking access to known bad websites, downloads, and locations. This new purpose had significant content overlap with more traditional filtering technologies, but the problem being addressed was different; IT administrators wanted to block access to sites that might cause a data breach, company risk, or liability issues.

Implementation and Methodology

Content Filtering is implemented both on-premise and in the cloud. Many on-premise implementations are a combination of content inspection appliances and/or proxy servers, that inspect and categorize content as good or bad based on the on-page or off-page content itself. If you match a certain text string or other trigger, you get categorized by the appliance.

In a SaaS-delivered model, the processing power is delivered via cloud-based servers, eliminating the need to maintain some or most of the in-house hardware.

Secure Web Gateway technology has been around in various appliance-delivered flavors for years. Most firewalls, for example, can accomplish the same kind of categorization and block/allow lists that SWG can. Early on, appliances did nearly all of the work, inspecting and classifying sites by their DNS name or IP Address.

With the shift to cloud-based security came a new type of threat network: The DNS-based, machine-fed threat detection network. Processing cycles moved into a service-based, SaaS delivered architecture, and several large threat networks have sprung up on the DNS side as a result. These threat networks feed information to themselves as new sites get classified, and human cycles supplement when the machines can't make a determination.

As more data and devices started revolving around the cloud, SWG became an attractive and sensible way to filter bad sites and locations using nearly no internal machine resources.

So, Which One is Better?

I hate answering questions with this, but it depends!

Take some time out to answer a few questions, so that you can make an educated choice about what to implement: