A great way to truly understand the vulnerability of today's enterprise network is to pick up a leading security vendor's latest Web Security Report.  Some are simply marketing fluff (hey, I'm in marketing and know one when I see one).  Others are a wealth of enlightenment: best practices and independent third party test results.  I encourage everyone to check out Blue Coat System's 2011 Web Security Report: here: http://dc.bluecoat.com/content/SecurityReport2011?dl=http://dc.bluecoat.com/content/2011WebThankYou


The 2011 report provides a relevant perspective on web use and threats, leveraging the real-time inputs from six Blue Coat product solutions into the WebPulse community cloud defense.  The cloud community encompasses an active community of 73 million users  and provides over 8 billion web ratings per day to web gateways and remote clients, plus provides deep analysis of over 2 billion web requests per week using automated technologies that include 300+ language-category rating libraries, 16+ threat detection defenses, plus security experts that fine tune the defenses and build new ones. No other vendor has anything comparable to combat real-time malware.


One key take-away from the testing highlighted in the Blue Coat Report is how cybercrime is rapidly evolving.  Today's sophisticated criminals are easily capitalizing on vulnerabilities and exploits on trusted sites, and rapidly producing a pluthera of malvertising that can trick even the most savvy web surfers.   Looking at growth rates for malware hosting, we see 29% growth for Open/Mixed Content sites that very few organizations block or filter downloads, plus 13% growth in Online Storage hosting malware.  How many people block these two categories or control EXE downloads?  The growth rates suggest they do not.


We saw a dramatic switch from the types of sites being attacked.  In previous years there was more malware associated with adult content categories.  Now we see a big increase in legitimate business related categories. Social networking leads in the fourth position - the key theme is that social networking consolidates online communications and replaces web mail which has now dropped to 17th place.  The impact of social networking is real and very visible in web category request rankings.


The NUMBER ONE web attack remains FakeAV where 99% of the time the user is in control of the situation and openly accepts the fake offer.  Plus cyber crime is now using more advanced animations and graphics to make their fake scans and offers more realistic.


The NUMBER TWO web attack remains the Fake Update for a video or software update the user unknowingly accepts as they wait to view a video or picture.  Social networking only increases the success of this web attack as friends share photos and videos.  And as noted earlier, we see over 110,000 new pornography sites per day and search results and downloading videos provide the opportunity for a Fake Update offer.


Also on our radar is watching live and rich media on the web.  Experts predict rich media to overwhelm web communications in the next few years…so far web use agrees with their predictions.


So what type of protection is required to keep ahead of these growing trends in web use and malware vulnerability?  Check out the security report and find out!