My company has a reasonably loose policy when it comes to employee Internet use. As long as you're not visiting...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
a "shady" site, you're OK. The 2013 Cisco Annual Security Report seems to indicate that thinking is completely backward though; most malware is served up through malicious online advertisements via otherwise secure, legitimate sites. How should enterprises react to this report? Are there ways to ensure Web browser protection for users?
Ask the Expert!
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Historically, the most malicious sites were found on the less-savory side of the Internet, so to speak, which meant organizations could block a significant amount of Web-based malware simply by preventing their users from visiting those sites.
As stated in the 2013 Cisco Annual Security Report, users are now more likely to be infected by what some would think is a secure website. Compromised ad networks, search engine poisoning and watering hole attacks are now making high-profile websites even greater security risks than sites that were traditionally thought of as "shady." From an enterprise perspective, this is especially troubling because the number of users who frequent secure websites will be far more than those visiting stereotypically dangerous ones.
In terms of how enterprises can react to this change in the Web security threat landscape, there are unfortunately not a lot of options that actually address the underlying issue. Blocking malware at the network level does not address smartphones using their cellular data connections, alternative Internet connections or mobile users on external networks. Network-based blocking and analysis does have significant advantages for detecting potentially suspicious network connections and blocking them, but if the outgoing connection is only blocked after the system is compromised, the protection might not be sufficient. With the increase in watering hole attacks, even whitelisting approved websites won't protect insecure clients.
Regardless of the platform, securing the client system is the only way to secure the general Web browsing experience for users.
Dig Deeper on Web application and API security best practices
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.