Web-based threats: More prevalent, stealthy and changing constantly
But those who would profit from cybercrime can harness that web power, too. That is, a threat that once had been the exclusive domain of a particular application now potentially becomes a web threat too.
IT managers must walk a fine line of providing an open, collaborative network environment, and protecting the enterprise. The primary difficulty is the increased granularity required for determining what sites are malicious – in the past, a few simple rules were adequate protection, but malware authors have found many new ways to work mischief, and can infect even seemingly invulnerable servers for legitimate sites. Their attacks are silent, background processes – the user is not aware the attack is occurring. The malicious code foisted on end user's machine transforms it into a zombie -- a member of a botnet – or steals data with every keystroke.
Organizations cannot predict when the next threat will emerge and in what form – prior planning and preparation to protect your organization is essential. Traditional security measures require augmentation and multilayered protection at the internet gateway, on the network, and on the desktop. However, knowing which product best fits an organization's need is only the first step. Because the way vendors deal with malicious URLs differs significantly, evaluating the quality of the security vendors' research capabilities is key.