What I've usually seen is that they're using something like a Palo Alto/Cisco to do transparent/inline "blocking of bad stuff" like drive-by downloads, etc. and tracking general Internet usage. They could have also done it with an agent on each computer or whatever.
Many times the trigger is some troublesome employee or perhaps a malware outbreak somewhere.
In so far as circumventing it, best thing to do is use your own equipment for personal stuff. I have a VPN to my home office and use remote desktop (Windows 10 on both sides or ScreenConnect to my Mac) to keep things separate. No one can see the traffic, it's minimal, and legit.