I’ve often written about the benefits of using Web filtering products and services, like those offered by Websense and OpenDNS. Over time, however, attackers have become smarter about circumventing this common enterprise security control. AVG reports the number of websites set up to steal your data has nearly doubled from about 150,000 per day to 300,000 since October 2008. More alarming to AVG is the fact those sites are short lived and vanish sometimes within 24 hours. These “transient threats” make maintaining lists of dangerous websites extremely hard to manage, says Roger Thompson, chief research officer for AVG. “Security firms can no longer rely on just blacklisting sites,” Thompson says. AVG, like many other anti-virus companies, keeps track of rogue sites and updates its desktop anti-virus software with that list. But as the churn of new threats increases at an alarming rate blacklist databases become increasingly less effective. Source: Security Firm Sees Alarming Rise in ‘Transient’ Threats (PC World), Tech.Yahoo.com, 27 January 2009In addition to site pop-ups, attackers are increasingly planting malicious code on reputable sites. According to the Websense report, State of Internet Security, Q3-Q4 2008,— 70 percent of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. This represents a 16 percent increase over the last six-month period, according to new research released today from Websense Security Labs. The top 100 most popular Web sites, many of which are social networking, Web 2.0 and search sites, represent the majority of all Web page views and are the most popular target for attackers. — In the second half of 2008 more than 77 percent of the Web sites Websense classified as malicious were actually sites with seemingly “good” reputations that had been compromised by attackers. This percentage is up slightly from 75 percent in the first half of 2008. Does this mean filtering is no longer useful when planning how to protect the business, its employees, and its customers? The answer is no. As defenses strengthen, attackers must find new ways to circumvent them. This doesn’t mean we can disregard old controls as we move to block new attack vectors.Most security managers understand that relying completely on a strong network perimeter isn’t enough to protect our critical systems and sensitive data. However, we wouldn’t weaken or drop perimeter defenses as we build an internal controls framework. Similarly, we can’t disregard the value of blocking known bad sites because criminals find it easier to infect reputable sites instead of trying to stay under the radar of Web filtering and blacklist vendors. As security managers refocus their resources on emerging threats, existing control management may inadvertently or intentionally become less important. Defenses blocking high work factor attack vectors may weaken or simply go away. When this happens, attackers will once again have one or more soft targets, targets that may at one time have been inaccessible.Today, cybercriminals are using pop-up sites and infecting servers owned by reputable organizations. When we react to these threats, they will find some other way to get to our data and systems. Knee-jerk responses often result in dumping the old-but-reliable. Reacting intelligently to new attack methods means augmenting existing controls or replacing them with new controls which meet both old and new challenges. Related content opinion MQTT is not evil, just not always secure The MQTT messaging protocol standard used by IoT vendors is not inherenly secure enough. Solutions exist to secure it, but organizations and vendors must assess risk and properly configure IoT and network security. By Tom Olzak Jul 17, 2017 3 mins Internet of Things opinion IoT messaging protocol is big security risk Popular IoT messaging protocol lacks encryption and sufficient device authentication security. By Tom Olzak Jul 14, 2017 3 mins Cloud Security Data and Information Security Internet of Things opinion Anatomy of an insider attack Manage insider attack risks with scenarios and application of common sense. By Tom Olzak Sep 30, 2016 4 mins Business Continuity Security opinion Identity governance and admin: beyond basic access management User behavior analytics give additional power to identity management and compliance. By Tom Olzak Aug 30, 2016 5 mins Investigation and Forensics Compliance Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe