We’ve been getting some questions recently about our categorization techniques, and how users should handle specific content within a certain category. We hope this blog post on multi-categorization will provide more insight into the process, and will excite customers into using the feature for more granular security policy application.
Via the URL Filtering subscription, we categorize URLs based on content for customers. Instead of creating security policies based on URLs and IPs, customers can enforce higher level policies based on the URL’s content category. As such, users can protect not only against a broader range of threats, but also newly emerging threats unknown to the organization.
With PAN-OS 9.0, we introduced the concept of multi-categorization, where URLs can be categorized in multiple categories. This allows for customers to more granularly identify URLs, and enact appropriate security policies based on their organization’s preferences.
Why does it matter?
On one hand, websites are providing more services as the Internet evolves, and are categorized for each type of content provided. However, more commonly, the content of a website may fit under the definition of multiple categories. In the latter scenario, multi-categorization provides more context and granularity into the content of the website.
Let’s consider websites selling marijuana. Some organizations may want to grant access to marijuana sites, since the organization may want to conduct research (non-profits, venture capital, etc) and/or the drug may be legalized in their area (California, Canada, etc). However, security admins cannot simply allow access to all “abused drugs” category websites, as users could go against corporate policy and access websites for illegal drugs.
Multi-categorization allows admins to create policies targeted specifically at marijuana and abused drugs. We currently categorize legalized marijuana as both “abused drugs” and “health and medicine.” By creating a custom category for marijuana with both the “abused drugs” and “health and medicine” categories, security admins can target specific policies towards marijuana (e.g. allow, for this example) while maintaining their stances towards “abused drugs” and “health and medicine,” respectively.
How does it work?
Customers can create a Custom URL category, and list multiple categories under it. When a URL matches all categories of the Custom URL category, the policy of the Custom URL category will be applied, as opposed to applying the policy of any of the individual URL categories. In other words, Custom URL categories take precedence over individual categories.
Here’s an example of multi-categorization policy:
Consider the following hypothetical: A security admin blocks “online storage and backup” to prevent data leakage to risky sites. However, as part of this policy, the admin denies their users’ access to www.pixabay.com, a popular and low-risk image storage site. To unblock www.pixabay.com (and similar low-risk websites) but continue blocking other “online storage and backup” URL’s (such as www.dropbox.com ) , the admin creates a custom URL Category of “online storage and backup,” “freeware and shareware,” and “low-risk.” Then, in their URL Filtering Profile, they would allow this custom URL Category. Higher URL categories in the URL Filtering Profile take precedence in applying security policy, meaning that custom URL categories take precedence over single URL categories.
Where can I learn about more multi-categorization?
Please follow this link to learn more about multi-categorization.
Also, if you’d like to learn more about a website’s categorization, please visit here.
For a list of what each category indicates, please visit here.