Now I've come to realize that blocking websites based on categories is like playing whack-a-mole. Every time a company like Google brings up a new URL, I'm dependent on my Web filtering vendor to find it and add it to the right category. And it seems the vendor is not as efficient at doing that as I had expected.
So for now, I'm going to use the new software I downloaded to continue analyzing the traffic going from my network to the Internet. When I find people going around the system, I'll manually block the offending sites. But in the long run, I may need to consider using a different product, or a combination of products -- or maybe even a completely new approach. Blocking known, unwanted websites is a "blacklist" approach, which relies on the effectiveness and completeness of the blacklist. A "whitelist" approach, in which I would specify all known good websites that have appropriate (and approved) business purposes, may turn out to be a lot more effective. But it also may turn out to be unmanageable, due to the large number of websites in use by my company's employees. The analysis software may be able to help with that too. This is something I'll be thinking about as I plan my next set of security technology improvements.
Sign up for CIO Asia eNewsletters.