Untangling the State of the Web

By Samuel Greengard

Over the last decade, the Web has evolved into a central hubfor business interaction. However, the growing complexity of today’s onlineenvironment is creating new and different challenges? particularly thoserevolving around digital security. Cloud security firm Zscaler’s first quarter ?Stateof the Web? security research report offers a glimpse at how the onlineenvironment is changing.

The company examined approximately two hundred billiontransactions from millions of users across the globe and identified a number oftrends in its quarterly ?State of theWeb? report. One of the most prominent issues: changing patternssurrounding social networking. During the period, Facebook accounted for 41percent of Web 2.0 traffic, down from 43 percent in Q4 2011 and 52 percent forthe same period last year. On average, this represents a 2.8 percent drop inFacebook use per quarter.

Meanwhile, Twitter use is on a slow and steady rise, up from5 percent in the first quarter of 2011 to 7 percent for the first quarter of2012. Overall, social networking sites accounted for 4 percent of policy blockswithin the enterprise by the end of Q1, up from 2.5 percent at the beginning ofthe quarter.

"There is less personal browsing and social mediaactivity going on at work?partly because of cutbacks in staffing and partlybecause of changing attitudes about the use of social media," notes MikeGeide, senior security researcher for Zscaler ThreatLabZ. In addition, he saysthat organizations are increasingly tapping into social media for businesspurposes and using it in different ways than individuals.

Not surprisingly, mobile traffic continues to rise, both onWiFi and business networks. Zscaler reports that Apple device usage in theenterprise surged to 48 percent of overall mobile traffic, while Androiddeclined to 37 percent. The corresponding numbers for the fourth quarter of2011 showed iOS accounting for 40 percent of mobile traffic and Android 42percent.

Geide says that, overall, malicious content on the Web isincreasing. During the first quarter, Zscaler detected an alarming rise in SQLinjection attacks such as LizaMoon. "Some of the malware campaigns aremassive and many involve legitimate Websites," he notes.

In fact, nearly 10 percent of the sites that Web userssuspected were malicious and reported to the firm turned out to malicious.Another 10 percent were rated suspicious. Unfortunately, "Users are slowto update browser plug-ins, and attackers recognize this fact and takeadvantage of it," Geide explains.

Outdated plug-ins continue to serve as a particularly ripeattack vector. In addition to the Flashback Trojan on the Mac?it infected approximately650,000 computers?Zscaler found that 35 percent of installed Adobe Shockwaveplug-ins and more than 60 percent of Adobe Acrobat plug-ins were outdated. OutdatedJava plug-ins stood at 5 percent. Geide sees exploits increasingly repurposingexisting threats to circumvent antivirus software, which uses signaturematching.

"There is a general and ongoing rise in malware,? Geideconcludes, ?and there?s a need for a sharper focus on security."