Resources > Security Terms Glossary > What is Web Security

What is Web Security?

What is Web Security?

Web security describes a set of cybersecurity protections that sit between enterprise users and the internet to prevent cyberattacks and data loss. It protects employees from accessing and being infected by malicious web traffic, websites, and viruses/malware.

Web security can include web application security, which includes practices and tools that protect public websites from attack. For this description, we are focusing on protecting the traffic the moves between a system, such as a server or an end-user’s device, and the internet. Web security has traditionally consisted of a “stack” of security appliances at an internet gateway. Traffic would traverse this security stack for inspection by a firewall or intrusion prevention system, sandbox, URL filter, data loss prevention, and more security and access controls.  

The use of the internet for business has increased dramatically as a result of rapid cloud adoption, making web security critical to business continuity. Its role in protecting organizations from cyberthreats has only increased as attackers become more sophisticated and the malware they’re delivering more devastating. Web security is the first line of defense in preventing the infiltration of malicious code that, once it gains a foothold inside the organization, can wreak havoc and lead to the exposure of sensitive data, costly ransoms, damage to an organization’s reputation, compliance violations, and a host of other serious consequences.

How serious have cyberattacks become?

Web security threats have evolved from a nuisance brought about by small-time hackers into a huge business that involves organized crime cartels as well as many state-sponsored actors. The level of sophistication of these attacks has risen dramatically, and many phishing emails and spoofed websites with malicious scripts are virtually indistinguishable from the legitimate sites they're copying. They leverage a variety of ready-to-use tools, including exploit kits, ransomware as a service, and JavaScript readily available on GitHub to launch attacks. Attacks have become so prevalent that Cybersecurity Ventures, publisher of Cybercrime Magazine, estimated the cost of cybercrime to be six trillion dollars per year worldwide, and if cybercrime were a country, it would be the world’s third-largest economy.

What threats does web security protect against? 

Cyberattackers most frequently carry out their attacks for money. Occasionally, attacks are designed to damage a company's reputation or for political reasons, but the vast majority are done in pursuit of a payout. There are many types of cyberattacks that can lure victims through malicious emails, and many that simply happen as people browse the internet, such as malicious redirects, which push users to malicious sites. There is SQL injection, which exploits an application vulnerability to inject malicious SQL query into a database and possibly tamper with or steal data. Cross-site scripting (XSS) attacks are another type of injection attack, in which malicious scripts are injected into trusted websites. Distributed denial-of-service (DDoS) attacks are well known because there have been many such attacks in the headlines. In a DDoS attack, hundreds or thousands of devices are hijacked, becoming a botnet that strikes against a system, network, or application to make it unavailable.

The most prevalent attacks are ransomware and phishing, with attackers using a variety of methods to infiltrate an organization to steal their data, encrypt data and hold it for ransom, lock up their systems, and bring down their websites. 

The following are just a few of these attack types:

Ransomware and double-extortion ransomware

Many people are familiar with the concept of ransomware, a type of malware, in which an attacker “locks” a system or encrypts files, so that its data becomes inaccessible, then holds it for ransom until the victim pays a specific amount of money, usually in cryptocurrency. Once the ransom is paid, the victim is supposed to receive a decryption key to regain access to files and systems.


Malware is the general term for malicious software, which can encompass viruses, worms, Trojan horses, spyware, and adware. Malware is coded to perform a range of functions, including stealing, encrypting, or deleting sensitive data; altering or hijacking core computing functions; and monitoring users' computer activity without their permission.


A phishing attack typically arrives as an email that includes a malicious attachment or a link to a malicious website that often mimics a legitimate site. The goal of the attack is to entice the recipient to take an action, such as clicking a link, that initiates subsequent actions, including downloading spyware, locking up files, and more. There are different types of phishing, such as spear-phishing, which targets specific individuals or companies, and Smishing, or SMS phishing, which targets victims by text message and entices them to click on URLs hosting phishing websites. 

How web security works 

A web security solution comprises many security services that can be divided into three categories: threat protection, access controls, and data protection, including DLP. In an on-premises instance, these technologies would be housed in a secure web gateway in the data center. The stack of hardware may include firewalls, URL and DNS filters, sandboxing for behavioral analysis and advanced threat protection, and many more. 

The problem with this approach is that there are gaps. All these appliances require ongoing patching—without that, they will miss zero-day attacks. Furthermore, falling behind on patching leaves organizations with vulnerabilities that attackers are just waiting to exploit. Appliances have limitations, making them unable to inspect all SSL/TLS (encrypted) traffic, where many threats are hiding. And these devices don't talk to each other, so correlating data from one security engine is next to impossible for information security teams. 

a diagram showing how zscaler web security works

The argument for cloud-delivered web security

A secure web gateway delivered as a cloud service provides real-time threat protection and policy enforcement for users accessing the web, even if those users are not on the corporate network. It prevents users from accessing infected websites and prevents infected or otherwise unwanted traffic from entering an organization’s internal network. 

The Zscaler Secure Web Gateway is 100% cloud-delivered, so it enforces security policies consistently, no matter where users connect, what endpoint devices they're using, or where applications are hosted. It is built on a global multitenant cloud architecture for massive scalability, so it can inspect all SSL traffic without performance degradation. It is far more than a single security service; with multiple security services including Cloud Firewall/IPS, Sandboxing, URL Filtering, DLP, and CASB, Browser Isolation, and CSPM, you’ll deliver airtight internet security across all users, on- and off-network.

The Zscaler Secure Web Gateway has been named a Leader in the Gartner Magic Quadrant for secure web gateways for 10 consecutive years, and in 2020 Zscaler was the only vendor in the Leaders quadrant.

Additional Resources:

Ebook: Transform how you Deliver Internet and Web Security

Datasheet: Zscaler Internet Access

Blog: The 2020 State of Cloud (In)Security

Webpage: Ransomware Prevention

Webinar: Best Practices to Stop Ransomware Without Disrupting Business