My company has a reasonably loose policy when it comes to employee Internet use. As long as you're not visiting...
a "shady" site, you're OK. The 2013 Cisco Annual Security Report seems to indicate that thinking is completely backward though; most malware is served up through malicious online advertisements via otherwise secure, legitimate sites. How should enterprises react to this report? Are there ways to ensure Web browser protection for users?
Ask the Expert!
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Historically, the most malicious sites were found on the less-savory side of the Internet, so to speak, which meant organizations could block a significant amount of Web-based malware simply by preventing their users from visiting those sites.
As stated in the 2013 Cisco Annual Security Report, users are now more likely to be infected by what some would think is a secure website. Compromised ad networks, search engine poisoning and watering hole attacks are now making high-profile websites even greater security risks than sites that were traditionally thought of as "shady." From an enterprise perspective, this is especially troubling because the number of users who frequent secure websites will be far more than those visiting stereotypically dangerous ones.
In terms of how enterprises can react to this change in the Web security threat landscape, there are unfortunately not a lot of options that actually address the underlying issue. Blocking malware at the network level does not address smartphones using their cellular data connections, alternative Internet connections or mobile users on external networks. Network-based blocking and analysis does have significant advantages for detecting potentially suspicious network connections and blocking them, but if the outgoing connection is only blocked after the system is compromised, the protection might not be sufficient. With the increase in watering hole attacks, even whitelisting approved websites won't protect insecure clients.
Regardless of the platform, securing the client system is the only way to secure the general Web browsing experience for users.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.