1. Filtering that installs client software on user devices and enforces organizational web policy locally, keeping users protected on any network worldwide without requiring a VPN
2. A centralized internal proxy that routes and controls all outbound employee internet traffic; users on the internal network send requests to it and it fetches pages on their behalf
3. Evaluates websites on a five-level risk scale (Trustworthy → High Risk) using automated crawling and manual overrides; blocks high-risk sites before users interact with malicious content
4. Prevents connections to malicious domains by returning no IP address during name resolution; effective against phishing sites, malware C2 callbacks, and all DNS-dependent application traffic