SonicWALL CFS is deployed in a wide variety of large organizations, including business enterprises, universities, libraries, and government agencies, as well as distributed public Internet "hot spots". Ease-of-management, scalability and superior performance make CFS an ideal solution for larger enterprises with complex configuration requirements.
Mitigating risks of unrestricted access.
SonicWALL CFS helps mitigate numerous risks associated with not restricting employees, students, or other users from accessing Web sites that are inappropriate or offensive:
- There is a legal responsibility and obligation to keep the workplace free from offensive material, and not taking steps to do so could lead to costly lawsuits.
- Unrestricted access drains productivity by promoting wasteful Web surfing.
- Bandwidth usage patterns can be seriously affected when employees turn to bandwidth-hungry applications such as file-sharing, and this could affect the productivity of business-related applications.
- Unrestricted access often leads to infection by viruses, spyware and malware, since many of the sites that are contained in blocked categories are common sources of malicious attacks.
Flexibility and policy enforcement.
Administrators are free to create enterprise-wide policies that are specifically designed to meet their own requirements and legislative mandates. The dynamic rating architecture can be used to block up to 56 categories of objectionable or inappropriate Web content, providing a high level of transparent control, ease of administration, and granular policy enforcement. The local URL filtering feature adds flexibility by letting administrators go beyond categories to block or allow specific domains or hosts. Policies can be applied to individuals or defined groups (e.g., students and faculty) and set to block automatically-downloadable files or apply filtering by time-of-day.
Caching and performance.
SonicWALL CFS is built around a Web site caching and rating architecture that allows administrators to automatically block sites by category for easier administration. The caching feature stores URL ratings locally on the SonicWALL appliance, so response time is only a fraction of a second. In addition to filtering offensive Web content, CFS helps enhance performance by filtering out download sites for MP3s, streaming media, freeware and other files that consume tremendous amounts of bandwidth and are often the source of spyware and other malware.
Compliance and regulations.
A number of legislated regulations contain content filtering requirements that can be met using SonicWALL CFS. For example, the Children's Internet Protection Act (CIPA) requires all schools and libraries that receive eRate funding to install content filtering. The flexibility of CFS, and the ability to set custom policies for different groups or different times of day, makes it ideal for educational settings. In addition, the reporting necessary to comply with these mandates can be fulfilled by SonicWALL's Global Management System (GMS) and ViewPoint™ reporting package.
In addition to external regulation compliance, CFS is an integral part of internal compliance programs designed to reduce the liabilities that may incur when inappropriate content is allowed into the network. When Web access is unrestricted, not only is the result counter-productive, it can also result in costly lawsuits.
Visibility (reporting).
SonicWALL ViewPoint™ reporting software along with SonicWALL CFS can allow customers to run granular reports summarizing Web access details. Both real-time and historical reports can be easily customized and delivered in a variety of formats. In addition to comprehensive graphical reports, users also can take advantage of "at-a-glance" reporting.
How it works.
SonicWALL CFS is based on a rating architecture that relies on a dynamic database to block objectionable or inappropriate Web sites. CFS cross-references all Web sites as they are requested against a vast and highly accurate database of URLs, IP addresses and domains. The SonicWALL appliance then receives a rating in real time, and then compares that rating to the local policy setting. The appliance will then either allow or deny the request, based on locally-configured policy.
SonicWALL CFS categorizes millions of URLs, IP addresses and domains in a continuously updated, dynamically rated database. CFS rates over four million URLs, with hundreds more added daily. Because the ratings are determined both by artificial intelligence and human observation, the database is highly accurate, and the instance of false positives is minimized. The policy-based system allows the administrator to block all pre-defined categories or any combination of categories, and to apply these policies on a granular level. For example, if one group of users requires access to sites typically found within one category, this level of access can be granted, while still denying access to other users.
Categories range from offensive types of content such as "Violence," which would include anti-social Web sites that advocate use of weapons or explosives, to sites that may not be offensive but would otherwise cause a potential risk to the network in terms of bandwidth usage, such as "Software downloads" or "Streaming Media/MP3".
