My company has a reasonably loose policy when it comes to employee Internet use. As long as you're not visiting...
a "shady" site, you're OK. The 2013 Cisco Annual Security Report seems to indicate that thinking is completely backward though; most malware is served up through malicious online advertisements via otherwise secure, legitimate sites. How should enterprises react to this report? Are there ways to ensure Web browser protection for users?
Ask the Expert!
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Historically, the most malicious sites were found on the less-savory side of the Internet, so to speak, which meant organizations could block a significant amount of Web-based malware simply by preventing their users from visiting those sites.
As stated in the 2013 Cisco Annual Security Report, users are now more likely to be infected by what some would think is a secure website. Compromised ad networks, search engine poisoning and watering hole attacks are now making high-profile websites even greater security risks than sites that were traditionally thought of as "shady." From an enterprise perspective, this is especially troubling because the number of users who frequent secure websites will be far more than those visiting stereotypically dangerous ones.
In terms of how enterprises can react to this change in the Web security threat landscape, there are unfortunately not a lot of options that actually address the underlying issue. Blocking malware at the network level does not address smartphones using their cellular data connections, alternative Internet connections or mobile users on external networks. Network-based blocking and analysis does have significant advantages for detecting potentially suspicious network connections and blocking them, but if the outgoing connection is only blocked after the system is compromised, the protection might not be sufficient. With the increase in watering hole attacks, even whitelisting approved websites won't protect insecure clients.
Regardless of the platform, securing the client system is the only way to secure the general Web browsing experience for users.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.