The Crossover from Email to Web

It wasn't that long ago we thought of email when someone said the word virus or malware. Corporate IT budgets included line items for an email gateway and anti-virus software became so commonplace, that today, I doubt there are any organizations that don't have some form of protection on their incoming email. While we continue to hear about virus and malware outbreaks, for the most part they have moved from email to hybrid viruses, ones that use a combination of email, vulnerabilities, and/or web pages to deliver their payload.

Because email is so well protected today, much of the malware today is distributed on webpages, where there's less protection. Even if you are protected by a corporate web proxy, it's unlikely you have the same protection when browsing the web from home, and that leaves the web an inviting target for those intent on doing harm. It's also likely that you aren't protected by a corporate web proxy, or that your corporate web proxy doesn't do any anti-virus or anti-malware scanning. The reason of course is that most IT departments implemented the web proxy to implement corporate HR policy and not to protect the organization from malware and threats.

With the recent shift of attacks moving from email to hybrid and web, there's a real need for organizations to re-evaluate their web security, and start scanning for viruses and malware on webpages that their users are accessing from the corporate network. It's a tough decision to implement such a policy as there's less tolerance for slowdowns created by an added layer of scanning in web browsing as compared to email. With email you can get away with a slightly longer delay when scanning for viruses. Webpages are so interactive, your users demand real-time response when requesting information.

As an IT administrator, you need to make sure you're protecting your organization from web based threats, but at the same time, you need to make sure your solution doesn't add any unnecessary latency, or you'll find yourself subject to more helpdesk calls. In previous articles we've talked about ICAP as a protocol to offload anti-malware and anti-virus scanning to separate processor boxes to keep the latency created by scanning down to a minimum.