Cisco is tackling the so-called "dark web" of online content that's not easily indexed or categorised by adding new usage controls to its IronPort S-Series Web Security Appliances.

The new technology is packaged as a software blade that works with Cisco's URL filtering database to make decisions about user web surfing to enforce acceptable-use policies.

The IronPort Web Usage Controls software has an engine that reads a web page on the fly and analyses the content to decide if it's objectionable or off limits according to corporate policy, says Vivek Bhandari, a product marketing manager at Cisco. Simply categorising websites into lists -- such as sports, shopping, hate sites or porn -- is no longer sufficient because the Internet is now filled with highly transient and often dangerous sites that comprise the "dark web".

"These sites are coming up and down so fast," Bhandari says, noting that the proliferation of blogs and social networking sites, with Web 2.0 technology underpinnings, are also contributing to an explosion in web content. Cisco says the dark web may constitute 80% of objectionable content, outside the 20% of websites that can still be put neatly into list form.

Cisco's S-Series appliances can perform malware detection and blocking. The new Web Usage Controls software adds the ability to monitor, block or warn users about web traffic based on a method that combines URL filtering lists with contextual heuristics for analysing content and checking hidden tags. Cisco's URL filtering database includes 65 URL categories and is updated every 5 minutes through Cisco's security intelligence operations.

With the configuration Cisco is advising customers to use, about 90% of objectionable dark web content violating policy will be detected via IronPort Web Usage Controls without causing the false positive rate to spike, Bhandari says.

IronPort S-Series appliances with Web Usage Controls, available now, start at $8,500.