This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Real-Time Web Detection with Advanced URL Filtering

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Real-Time Web Detection with Advanced URL Filtering

JayGolf
Community Team Member
‎06-23-2022 07:42 AM

General Graphics.jpg

 

 

Traditional URL filtering provides risk categorization ratings of domains. The categorization of domains then allows organizations to create policies suited for their environment and deny traffic to known malicious domains. URL filtering has successfully prevented communication with known malicious threats, but the problem of undetected malicious domains still persists.

 

Advanced URL Filtering is a real-time cloud-based inline analysis system. This allows the ability to detect evasion, targeted attacks, and new and unknown malicious web-based attacks. Together, URL Filtering and Advanced URL Filtering provide a complete solution to withstand the web-based threat landscape. 

 

How Does Legacy and Advanced URL Filtering Actually Work?

 

The URL Filtering process begins once the firewall identifies traffic as web-browsing. When a client completes the TCP 3-way handshake, a HTTP GET is sent to the web server it wishes to connect to. At the same time, the firewall compares the URL in the HTTP GET request to the PAN-DB, URL Cache, and/or performs a dynamic lookup against the PAN-DB. During this comparison, a URL is identified to be either allowed or blocked based on the category settings set in the configuration.
 
The Advanced URL Filtering works in conjunction with the existing PAN-DB URL filtering solution. The Advanced URL Filtering service uses machine learning to analyze the URL in real-time. The data is used to generate a verdict that the firewall retrieves to enforce the web-access rules based on the configuration.

 

Advanced URL Filtering Configuration

 

The great news is Advanced URL Filtering is enabled through the same legacy URL Filtering profile specified in security policies. No additional configuration is needed if URL Filtering is already being utilized. URLs that are analyzed via Advanced URL Filtering show up in the log monitor as the category real-time detection, in addition to the threat type. 
 
Compatibility

 

The Advanced Filtering service is available on firewalls running PAN-OS 9.0 and later with the installation of content release 8390-6607 and later. 

 

For more details on the Advanced URL Filtering subscription, check out the following TechDocs article: Advanced URL Filtering Security Subscription.

 

Also check out:

 

Feel free to share your questions, comments and ideas in the section below.

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Until next time, 

JayGolf

 

  • 3024 Views
  • 0 comments
  • 3 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks