Recently I was reading a very interesting article in a newspaper about the importance of web security in online banking. The editor reported about an incident that affected approximately 3000 personal bank accounts which caused damages of around £675,000 in online banking losses.
A Trojan horse known as Zeus v3 had been deployed on several legitimate websites by a hacker. That malware had infected thousands of computers and it had stolen a large number of log-in and password details of personal bank accounts with which the hacker could infiltrate the accounts and steal the money.
This type of incident could also happen in a corporate environment where confidential information can be stolen using malware which is silently deployed on corporate machines through normal web browsing activities by any employee on a legitimate website.
In recent years more and more malware is hidden on legitimate sites and millions of innocent web clients have unknowingly been infected.
While web filtering policies are important they are not enough to detect such types of malware or even to block silent deployment of malware in corporate environments. A normal web filtering policy is focussed on making decisions: either to deny or to grant a client web access request.
Decisions are made on a user defined policy basis which obviously gets more complicated when malware starts to appear on “good” websites. Furthermore because the internet is growing so fast it’s difficult to keep up with all the new sites that appear.
Nowadays web security is becoming more important than web filtering; especially web security solutions in the cloud that should protect corporate environments from malware before the threat has any chance of infiltrating the system.
Download control is one important component of web security solutions where files from host machines will be scanned through multiple antivirus engines against threats, virus, spyware, malware and phishing scams.
It is very important that antivirus engines are always kept up-to-date. This will ensure that all latest known malware will be blocked successfully by embedded antivirus engines.
However, it will be still difficult to detect unknown malware. Many software companies are developing smart components in web security products that are based on different heuristic approaches yet it is still a challenge to detect unknown malware with an acceptable low false positive rate. However, I believe that this type of component will be a great benefit for the future of web security software.