Web Filtering
Description
Access to external websites shall be managed to reduce exposure to malicious content.
⚠️ Risk Impact
Web-based threats (drive-by downloads, phishing landing pages, watering-hole attacks) target users. Without web filtering, every employee is a potential entry point.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Deploy web filtering at egress (NetSkope, Zscaler, Cloudflare Gateway, AWS Network Firewall). Block known-bad categories. Alert on suspicious connections. Apply consistently across office + remote work.
💀 Real-World Attack Scenario
A user clicked a phishing link to a malicious watering-hole site. The site exploited a browser CVE for drive-by download. Without web filtering, the malware reached the endpoint; with web filtering blocking the destination, the attack would have failed at DNS resolution.
💰 Cost of Non-Compliance
Web-based malware breaches: 18% of 2024 enterprise breaches (Verizon DBIR 2024).
📋 Audit Questions
- 1.What web filtering is deployed?
- 2.Block categories?
- 3.Coverage — office + remote?
- 4.Suspicious-connection alerting?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Filtering on corporate network but not remote-work
- ⛔Blocking categories but not URL reputation
- ⛔Allowed/denied lists not maintained
📈 Business Value
Web filtering blocks attacks at the network layer before they reach endpoints.
⏱️ Effort Estimate
20-40 hours initial deployment + ongoing policy tuning
EchelonGraph integrates with web filtering for threat-intel feeds
🔗 Cross-Framework References
Automate ISO 27001 A.8.23 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →