We strongly recommend that you block the URL categories
that identify malicious or exploitive content. To get started, you
can clone the default URL Filtering profile which blocks malware,
phishing, and command-and-control URL categories by default. The
default URL Filtering profile also blocks the abused-drugs, adult,
gambling, hacking, questionable, and weapons URL categories. Whether
to block these URL categories depends on your business requirements.
For example, a university probably won’t want to restrict student
access to most of these sites because availability is important,
but a business that values security first may block some or all
of them.
For categories that you decide to alert on, instead of block,
you can very strictly control how users interact with site content.
For example, give users access to the resources they need (like developer
blogs for research purposes or cloud storage services), but take
the following precautions to reduce exposure to web-based threats: