Further, blended threats in which links to malicious Web sites are delivered in email, instant messages or through social networking communications are becoming more popular, making the simple act of Web surfing a potentially devastating threat to corporate networks and security.
The problem is going to get worse for three reasons:
- Most Web pages and sites are not adequately protected from infection, such as SQL injection attacks or cross-site scripting, leaving them vulnerable to exploitation by malware authors.
- Defenses against Web-borne threats are not as extensive as those protecting organizations from threats delivered through email.
- When presented with a threat delivered through email or instant messaging, users generally have to do something, such as click on a link in a message – with Web-based threats, nothing more than visiting a Web page is required to become infected.
Among the many things organizations are doing to protect themselves against these threats is implementing any of the growing number of Web security capabilities. While on-premise solutions provide robust protection against Web threats, hosted solutions offer some unique advantages, including lower costs, more proactive threat protection, lower impacts on bandwidth and storage, and ability to free IT staff for activities that might provide more value to an organization.
This white paper, provided MessageLabs, now part of Symantec, discusses the nature of Web-borne threats, the options available to organizations to deal with them, and information on hosted Web security services.