Real-Time Web Detection with Advanced URL Filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

General Graphics.jpg

 

 

Traditional URL filtering provides risk categorization ratings of domains. The categorization of domains then allows organizations to create policies suited for their environment and deny traffic to known malicious domains. URL filtering has successfully prevented communication with known malicious threats, but the problem of undetected malicious domains still persists.

 

Advanced URL Filtering is a real-time cloud-based inline analysis system. This allows the ability to detect evasion, targeted attacks, and new and unknown malicious web-based attacks. Together, URL Filtering and Advanced URL Filtering provide a complete solution to withstand the web-based threat landscape. 

 

How Does Legacy and Advanced URL Filtering Actually Work?

 

The URL Filtering process begins once the firewall identifies traffic as web-browsing. When a client completes the TCP 3-way handshake, a HTTP GET is sent to the web server it wishes to connect to. At the same time, the firewall compares the URL in the HTTP GET request to the PAN-DB, URL Cache, and/or performs a dynamic lookup against the PAN-DB. During this comparison, a URL is identified to be either allowed or blocked based on the category settings set in the configuration.
 
The Advanced URL Filtering works in conjunction with the existing PAN-DB URL filtering solution. The Advanced URL Filtering service uses machine learning to analyze the URL in real-time. The data is used to generate a verdict that the firewall retrieves to enforce the web-access rules based on the configuration.

 

Advanced URL Filtering Configuration

 

The great news is Advanced URL Filtering is enabled through the same legacy URL Filtering profile specified in security policies. No additional configuration is needed if URL Filtering is already being utilized. URLs that are analyzed via Advanced URL Filtering show up in the log monitor as the category real-time detection, in addition to the threat type. 
 
Compatibility

 

The Advanced Filtering service is available on firewalls running PAN-OS 9.0 and later with the installation of content release 8390-6607 and later. 

 

For more details on the Advanced URL Filtering subscription, check out the following TechDocs article: Advanced URL Filtering Security Subscription.

 

Also check out:

 

Feel free to share your questions, comments and ideas in the section below.

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Until next time, 

JayGolf

 

Register or Sign-in
Labels