I\u2019ve often written about the benefits of using Web filtering products and services, like those offered by Websense and OpenDNS.\u00a0 Over time, however, attackers have become smarter about circumventing this common enterprise security control.\u00a0 AVG reports the number of websites set up to steal your data has nearly doubled from about 150,000 per day to 300,000 since October 2008. More alarming to AVG is the fact those sites are short lived and vanish sometimes within 24 hours. These "transient threats" make maintaining lists of dangerous websites extremely hard to manage, says Roger Thompson, chief research officer for AVG. "Security firms can no longer rely on just blacklisting sites," Thompson says. AVG, like many other anti-virus companies, keeps track of rogue sites and updates its desktop anti-virus software with that list. But as the churn of new threats increases at an alarming rate blacklist databases become increasingly less effective. Source: Security Firm Sees Alarming Rise in \u2018Transient\u2019 Threats (PC World), Tech.Yahoo.com, 27 January 2009In addition to site pop-ups, attackers are increasingly planting malicious code on reputable sites.\u00a0 According to the Websense report, State of Internet Security, Q3-Q4 2008,-- 70 percent of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. This represents a 16 percent increase over the last six-month period, according to new research released today from Websense Security Labs. The top 100 most popular Web sites, many of which are social networking, Web 2.0 and search sites, represent the majority of all Web page views and are the most popular target for attackers. -- In the second half of 2008 more than 77 percent of the Web sites Websense classified as malicious were actually sites with seemingly "good" reputations that had been compromised by attackers. This percentage is up slightly from 75 percent in the first half of 2008. Does this mean filtering is no longer useful when planning how to protect the business, its employees, and its customers?\u00a0 The answer is no.\u00a0 As defenses strengthen, attackers must find new ways to circumvent them.\u00a0 This doesn\u2019t mean we can disregard old controls as we move to block new attack vectors.Most security managers\u00a0understand that relying completely on a strong network perimeter isn\u2019t enough to protect our critical systems and sensitive data.\u00a0 However, we wouldn\u2019t weaken or drop perimeter defenses as we build an internal controls framework.\u00a0 Similarly, we can\u2019t disregard the value of blocking known bad sites because criminals find it easier to infect reputable sites instead of trying to stay under the radar of Web filtering and blacklist vendors.As security managers refocus their resources on emerging threats, existing control management may inadvertently or intentionally become less important.\u00a0 Defenses blocking high work factor attack vectors may weaken or simply go away.\u00a0 When this happens, attackers will once again have one or more soft targets, targets that may at one time have been inaccessible.Today, cybercriminals are using pop-up sites and infecting servers owned by reputable organizations.\u00a0 When we react to these threats, they will find some other way to get to our data and systems.\u00a0 Knee-jerk responses often result in dumping the old-but-reliable.\u00a0 Reacting intelligently to new attack methods means augmenting existing controls or replacing them with new controls which meet both old and new challenges.