The Palo Alto Networks URL filtering solution in combination
with
App-ID provides
unprecedented protection against a full spectrum of cyber attacks,
legal, regulatory, productivity, and resource utilization risks.
While App-ID gives you control over what applications users can
access, URL filtering provides control over related web activity.
When combined with User-ID, you can enforce controls based on users
and groups.
With today’s application landscape and the way many applications
use HTTP and HTTPS, you will need to use App-ID, URL filtering,
or both in order to define comprehensive web access policies. App-ID
signatures are granular and they allow you to identify shifts from
one web-based application to another; URL filtering allows you to
enforce actions based on a specific website or URL category. For
example, while you can use URL filtering to control access to Facebook
and/or LinkedIn, URL filtering cannot block the use of related applications
such as email, chat, or other any new applications that are introduced
after you implement policy. When combined with App-ID, you can control
the use of related applications because of the granular application
signatures that can identify each application and regulate access
to Facebook while blocking access to Facebook chat, when defined
in policy.
You can also use URL categories as a match criteria in policies.
Instead of creating policies limited to either allow all or block
all behavior, URL as a match criteria permits exception-based behavior
and gives you more granular policy enforcement capabilities. For
example, deny access to malware and hacking sites for all users, but
allow access to users that belong to the IT-security group.