Why email and web security should be tied together - attacks increasingly targeted using blended threats
Date:
By: Fran Howarth
Classification: White Paper
Research indicates that nearly two-thirds
of organisations in the UK were the victim of
malware attacks in 2009. Whereas previously
emails sent en masse were the preferred
mechanism for delivering malicious payloads,
the use of email security solutions and greater
awareness of the dangers of emails and their
attachments are making such attacks less
successful. Instead, attacks are becoming increasingly
targeted at specific organisations
or individuals, and are making use of blended
mechanisms for a greater chance that the exploit
will be successful. For example, an email
may contain a hyperlink to a malicious website,
or content downloaded from a website may infect
others when a user sends it to a contact.
The majority of organisations have implemented
some form of security controls for emails,
even if this is just basic anti-virus technology,
based on signatures of known exploits. However,
less attention has been paid to controlling
threats emanating from websites and webbased
applications, which are where the current
generation of threats are coming from. As
organisations look to upgrade their email protection
to gain better protection and to take advantage
of emerging capabilities such as email
archiving, they would be well advised to look
for a technology provider that can combine
email protection with web security controls.
This document is the first in a series of three
papers that looks at the realities of email and
web security today. The other papers discuss
how on-demand, cloud-based services are
evolving, what the ideal service should offer
and the benefits that organisations will gain
from using such services for email and web
security combined.