This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
Our Safeguarding products are designed to help monitor internet activity and alert you to potentially risky behaviour. They can both block certain types of content and allow you to track what content users attempt to access, providing context around their searches.
Step 1: Smoothwall Filter or Monitor
Identify which product sent the alert to decide your next steps.
Emails from Monitor
Monitor tracks across all Apps and looks at keystrokes, rather than only Web requests to help determine intent.
Monitor also has a dedicated human Moderation Team. They analyse the activity, moderate which events are important and send your DSL an alert only when needed. This means you won’t receive an alert for false positives.
Emails from Smoothwall Filter
Smoothwall Filter’s Safeguarding Alerts functionality tracks and reports all concerning web access attempts for you to check and follow up with.
Safeguarding Alerting happens independently of filtering. For example, Filter may not block a student from accessing content about overcoming drug addiction. However, viewing this content may generate a Safeguarding Alert for Substance Abuse.
You should examine the alerts and reports to determine their context and whether further action is needed.
Step 2: Cloud Filter or On-Premise Appliance
- Safeguarding alert emails look different depending on whether Cloud Filter or On-Premise Appliance generated them. See examples of the emails to help identify which platform the alert came from.
- Sign in to the right platform.
- Use Safeguarding Reports to examine the user’s browsing history before and after the events that resulted in the email being sent.
Step 3: Check if the alert is a false positive
Examples
Smoothwall Filter can only determine that a specific device or user accessed a site at a specific time. It can’t determine the intent behind the web activity. Here are some example scenarios that may generate Safeguarding Alerts:
- A user brings their device home, accesses adult content, and forgets to close this down before bringing the device back to school.
- A user receives a spam email containing nefarious keywords or malware links.
- A user accesses a compromised website, link or redirect by mistake.
- A user is researching weaponry as part of their history homework.
Using our Reports
You need to infer intent using reports and surrounding web access events. You can select a specific timeframe or see what the user has accessed throughout the day. Look at the timestamps for the event that generated the alert, and see what events happened before and after.
- On-Premise Appliance: With the Safeguarding Report, you can drill down to a user and view their browsing history within an hour on either side of the breach. When more data is required to understand the context, you may also find the Executive summary of a specific user useful.
- Cloud: As well as using the Safeguarding Report, the User Report will show you what the user has accessed throughout the day.
What to do if it’s a false positive
If you believe the alert is a false positive and should not be generating alerts, let us know through our Feedback Form.
We will either update Smoothwall or advise you to add an exclusion so you are no longer alerted.