My company has a reasonably loose policy when it comes to employee Internet use. As long as you're not visiting...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
a "shady" site, you're OK. The 2013 Cisco Annual Security Report seems to indicate that thinking is completely backward though; most malware is served up through malicious online advertisements via otherwise secure, legitimate sites. How should enterprises react to this report? Are there ways to ensure Web browser protection for users?
Ask the Expert!
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Historically, the most malicious sites were found on the less-savory side of the Internet, so to speak, which meant organizations could block a significant amount of Web-based malware simply by preventing their users from visiting those sites.
As stated in the 2013 Cisco Annual Security Report, users are now more likely to be infected by what some would think is a secure website. Compromised ad networks, search engine poisoning and watering hole attacks are now making high-profile websites even greater security risks than sites that were traditionally thought of as "shady." From an enterprise perspective, this is especially troubling because the number of users who frequent secure websites will be far more than those visiting stereotypically dangerous ones.
In terms of how enterprises can react to this change in the Web security threat landscape, there are unfortunately not a lot of options that actually address the underlying issue. Blocking malware at the network level does not address smartphones using their cellular data connections, alternative Internet connections or mobile users on external networks. Network-based blocking and analysis does have significant advantages for detecting potentially suspicious network connections and blocking them, but if the outgoing connection is only blocked after the system is compromised, the protection might not be sufficient. With the increase in watering hole attacks, even whitelisting approved websites won't protect insecure clients.
Regardless of the platform, securing the client system is the only way to secure the general Web browsing experience for users.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.