Zscaler Releases State of the Web Report for Q4 2010
Sunnyvale, California, February 28, 2011
Zscaler today released its Q4 2010 State of the Web report, which details the enterprise threat landscape and the variety of web-based issues facing Internet users. Q4 saw shifts in the sources of enterprise web traffic, and even saw some popular sites attempt to improve user security. However, attackers continued to focus on social engineering attacks and circumventing legacy enterprise security systems.
Here are some of the top findings detailed in the latest Zscaler State of the Web report:
- Local apps are generating more direct HTTP and HTTPS traffic: Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector.
- Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
- Google is actively attempting to thwart search engine optimization (SEO) spam and fake antivirus attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
- More sites, like Facebook and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.
"Attackers know the limits of traditional security solutions," says Michael Sutton, VP of Security Research at Zscaler. "But they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real time, all the time, regardless of source, to provide true protection.”
Zscaler’s Security as a Services (SaaS) architecture, consisting of over 40 global enforcement nodes, means that Zscaler sees and prevents tens of thousands of attacks every day. Thanks to their NanoLog technology, which allows granular logging without storage or network overhead, Zscaler can provide real-time reporting at the transaction level, giving their research team the ability to identify new threats and new trends.