Filtering Rationale

Web Gateway and UTM use multiple technologies to categorise websites and emails, including, but not limited to, our proprietary real time content analysis engine and a large database of web addresses. A selection of predefined categories are included, which receive hourly automated updates. Our customers are in complete control of their filters and are able to modify the predefined categories or create new custom categories from scratch.

Customers can choose which categories of website are blocked, how sensitive the filters should be, whether to disable the web access for repeat offenders, if Safe Search should be enforced on common search engines and a wide array of other options. These settings can be applied globally, to specific networks or locations, user groups, workstations / devices, individual users, or any combination of the above through our unique Virtual Groups system.

Rather than relying exclusively on a database of known websites, our proprietary content analysis engine provides protection even for dynamic sites and social media - vital to safeguarding on the modern web.

Our predefined categories are designed to be used with their sensitivity level set to 5 out of 10, but customers can adjust the sensitivity to fit their needs. We are open to feedback from customers, and in cases where websites are miscategorised by the predefined categories we endeavour to update the categorisation criteria as quickly as possible.

HTTPS Decryption

Active HTTPS decryption provides protection even for encrypted web services and allows more detailed safeguarding reports.  Where full decryption is not appropriate, a "zero configuration" passive HTTPS inspection mode can be used which offers a reduced level of filtering and auditing.

To provide the best balance of privacy, safety and compatibility, several predefined overrides are included and receive hourly updates (e.g. Disable HTTPS Interception and Essential Services).  These disable HTTPS decryption for certain types of web service and at their discretion, customers can exclude additional web sites from being decrypted.  Services not decrypted by default include:

  • banking services, online payment gateways and other services which require enhanced privacy;
  • services required for core software, such as software updates, anti-virus updates, certification authorities, etc.; and
  • web services which are incompatible with decryption, for which filtering is not significantly impacted.

Unfortunately, maintaining compatibility with some applications would significantly impact the system's filtering capabilities.  For these applications, separate overrides are provided so that a decision can be made on a case-by-case basis as to whether or not to accept the associated impact to filtering in order to allow the application to work.  These overrides can be applied globally, to specific networks or locations, user groups, workstations / devices, individual users, or any combination of the above through our unique Virtual Groups system.

Opendium systems are designed for the best compatibility and the aim is always for applications to work unless they are blocked, and all application blocking to be carried out through the system's filters.  Our support team do not consider an application conveniently "not working" due to a compatibility problem as a satisfactory way to block it.