I am looking for opinions and comments on what others are doing to secure their company networks while still allowing some form of web browsing by users. I am looking for a solution that will allow me to limit my networks exposure to malware/viruses from users browsing the internet. I have the standard safe guards in place such as local antivirus on client PC's, border firewall, web proxy, etc... However, I am looking to secure our network and web browsing further.
What is everyone else doing? i.e.: Only allowing whitelisted sites. Using two browsers, one for internal sites/whitelisted sites and a sandboxed virtual browser for all other browsing. Using two PC's homed to different networks (public & private).
Any feedback of ideas and product solutions that I can consider would be greatly appreciated.