Zscaler Releases State of the Web Report for Q4 2010




Sunnyvale, California, February 28, 2011


Zscaler today released its Q4 2010 State of the Web report, which details the enterprise threat landscape and the variety of web-based issues facing Internet users. Q4 saw shifts in the sources of enterprise web traffic, and even saw some popular sites attempt to improve user security.  However, attackers continued to focus on social engineering attacks and circumventing legacy enterprise security systems.

Here are some of the top findings detailed in the latest Zscaler State of the Web report:

  • Local apps are generating more direct HTTP and HTTPS traffic: Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector.
  • Internet Explorer 6 is on the decline in the enterprise.  While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
  • Google is actively attempting to thwart search engine optimization (SEO) spam and fake antivirus attacks, the topmost Internet threats today.  However, most users remain exposed to these threats.
  • More sites, like Facebook and Gmail, are moving to HTTPS delivery.  This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.

"Attackers know the limits of traditional security solutions," says Michael Sutton, VP of Security Research at Zscaler. "But they are also very good at taking advantage of emerging technologies and new vectors for attack.  Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real time, all the time, regardless of source, to provide true protection.”

Zscaler’s Security as a Services (SaaS) architecture, consisting of over 40 global enforcement nodes, means that Zscaler sees and prevents tens of thousands of attacks every day. Thanks to their NanoLog technology, which allows granular logging without storage or network overhead, Zscaler can provide real-time reporting at the transaction level, giving their research team the ability to identify new threats and new trends.


About Zscaler

Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and Zscaler Private Access™, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.

Zscaler™, Zscaler Internet Access™, and Zscaler Private Access™, ZIA™ and ZPA™ are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

Additional Resources:

Media Contacts:

Tom Stilwell
Vice President, Global Communications
[email protected]