Filtering Rationale

Web Gateway and UTM use multiple technologies to categorise websites and emails, including, but not limited to, our proprietary real time content analysis engine and a large database of web addresses. A selection of predefined categories are included, which receive hourly automated updates. Our customers are in complete control of their filters and are able to modify the predefined categories or create new custom categories from scratch.

Customers can choose which categories of website are blocked, how sensitive the filters should be, whether to disable the web access for repeat offenders, if Safe Search should be enforced on common search engines and a wide array of other options. These settings can be applied globally, to specific networks or locations, user groups, workstations / devices, individual users, or any combination of the above through our unique Virtual Groups system.

Rather than relying exclusively on a database of known websites, our proprietary content analysis engine provides protection even for dynamic sites and social media - vital to safeguarding on the modern web.

The filtering rationale for each category is shown in the category's description on the Opendium system's Filtering Categories page.  We are always interested in feedback such as whether a category's rationale meets expectations, and what our customers hope to achieve through the use of each category.  Any comments should be directed at our support team.

HTTPS Decryption

Active HTTPS decryption provides protection even for encrypted web services and allows more detailed safeguarding reports.  Where full decryption is not appropriate, a "zero configuration" passive HTTPS inspection mode can be used which offers a reduced level of filtering and auditing.

To provide the best balance of privacy, safety and compatibility, several predefined overrides are included and receive hourly updates (e.g. Disable HTTPS Interception and Essential Services).  These disable HTTPS decryption for certain types of web service and at their discretion, customers can exclude additional web sites from being decrypted.  Services not decrypted by default include:

  • banking services, online payment gateways and other services which require enhanced privacy;
  • services required for core software, such as software updates, anti-virus updates, certification authorities, etc.; and
  • web services which are incompatible with decryption, for which filtering is not significantly impacted.

Unfortunately, maintaining compatibility with some applications would significantly impact the system's filtering capabilities.  For these applications, separate overrides are provided so that a decision can be made on a case-by-case basis as to whether or not to accept the associated impact to filtering in order to allow the application to work.  These overrides can be applied globally, to specific networks or locations, user groups, workstations / devices, individual users, or any combination of the above through our unique Virtual Groups system.

Opendium systems are designed for the best compatibility and the aim is always for applications to work unless they are blocked, and all application blocking to be carried out through the system's filters.  Our support team do not consider an application conveniently "not working" due to a compatibility problem as a satisfactory way to block it.

Reporting Miscategorised Websites

Our predefined categories are designed to be most accurate when their sensitivity level is set to 5 out of 10.  Sensitivities can be raised or lowered at the customer's discretion.  However, customers should be aware that using high sensitivity levels significantly increases the risk of over-blocking.

When a web page is blocked, the user is given the option to report that it has been miscategorised and the reports are manually reviewed by our staff.  If our staff determine that the reported web page should not be considered to be part of the category:

  • Where possible, we will exclude the web page itself from the category.
  • We will review the website with a view to exclude the entire website from the category where appropriate.
  • Regardless of the sensitivity set by the customer, if the miscategorisation would still have happened were the sensitivity have been set to 5, we will review the real-time content analysis which was performed, with a view to adjust the filtering criteria to reduce miscategorisations.
  • If the miscategorisation was the result of the category's sensitivity having been set excessively high, we will usually not adjust the real-time content analysis filtering criteria.
  • We may choose to add the web page, or the entire website, to alternative filtering categories.

We are always interested in feedback regarding web pages which have not been correctly categorised and encourage our customers to report any such problems to our support team.  If our staff determine that a reported web page should be considered part of a category:

  • Where possible, we will add the web page itself to the category.
  • We will review the website with a view to add the entire website to the category where appropriate.
  • Regardless of the sensitivity set by the customer, If the miscategorisation would still have happened were the sensitivity have been set to 5, we will review the real-time content analysis which was performed, with a view to adjust the filtering criteria to reduce miscategorisations.
  • If the miscategorisation was the result of the category's sensitivity having been set excessively low, we will usually not adjust the real-time content analysis filtering criteria.
  • We may choose to add the web page, or the entire website, to alternative filtering categories.