Sunnyvale, California, February 28, 2011
Zscaler today released its Q4 2010 State of the Web report, which details the enterprise threat landscape and the variety of web-based issues facing Internet users. Q4 saw shifts in the sources of enterprise web traffic, and even saw some popular sites attempt to improve user security. However, attackers continued to focus on social engineering attacks and circumventing legacy enterprise security systems.
Here are some of the top findings detailed in the latest Zscaler State of the Web report:
- Local apps are generating more direct HTTP and HTTPS traffic: Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector.
- Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
- Google is actively attempting to thwart search engine optimization (SEO) spam and fake antivirus attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
- More sites, like Facebook and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.
"Attackers know the limits of traditional security solutions," says Michael Sutton, VP of Security Research at Zscaler. "But they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real time, all the time, regardless of source, to provide true protection.”
Zscaler’s Security as a Services (SaaS) architecture, consisting of over 40 global enforcement nodes, means that Zscaler sees and prevents tens of thousands of attacks every day. Thanks to their NanoLog technology, which allows granular logging without storage or network overhead, Zscaler can provide real-time reporting at the transaction level, giving their research team the ability to identify new threats and new trends.
To obtain a copy of the Zscaler State of the Web report, please visit: https://www.zscaler.com/zscaler-state-of-the-web-q4-2010.php.
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications