Menlo Security Finds High Risk in Trusted Websites

State of the Web 2015: Vulnerability Report identifies one in three top Alexa websites as risky

March 26, 2015

2 Min Read


Menlo Park, CA - March 24, 2014 - Stealth cybersecurity company, Menlo Security, today released its "State of the Web 2015: Vulnerability Report." Based on a direct interrogation and analysis of the Alexa top one million sites, Menlo Security found that more than one in three of the top domains are risky - meaning the sites are either already compromised or running vulnerable software - increasing exposure to attack for anyone visiting those sites.

In 2014, businesses lost nearly $400 billion as a result of cyber crime. As attacks become increasingly sophisticated, even browsing trusted websites and clicking on links in emails have the potential to cause significant damage and compromise devices. With more than one billion websites on the Internet and over 100,000 websites created daily, the risk from vulnerable sites is multiplying.

In total, Menlo Security scanned more than 1.75 million URLs representing over 750,000 unique domains. Key findings include:

·         More than one in 20 sites (6 percent) were identified by third-party domain classification services as serving malware, spam or botnets.

·         Over one in five (21 percent) sites were running software with known vulnerabilities.

·         Sites in categories that are typically "trusted" - including Computers and Technology, Business, and Shopping - were the top three sources of vulnerable sites.

·         Of the 2.5 percent of sites that were "uncategorized," a significant proportion (16 percent) was running vulnerable software.

"Respected and trusted websites like and have been used to deliver zero-day malware to unsuspecting visitors. These kinds of attacks are happening with increasing frequency because so many sites are running vulnerable software but are routinely classified as 'safe,'" said Kowsik Guruswamy, CTO of Menlo Security. "The current generation of security tools is falling behind in the race to stop attacks. Today's security challenges call for an entirely new approach to preventing malware from infecting user's systems."

To read Menlo Security's State of the Web 2015: Vulnerability Report visit:

Additional Resources:

·         Follow Menlo Security on Twitter

·         Follow Menlo Security on LinkedIn

·         Learn more about Menlo Security's beta program here

About Menlo Security
Menlo Security, a stealth cyber security startup, is eliminating the threat of advanced malware by introducing a new security model. The company's solution is currently used by some of the world's largest enterprises. Menlo Security was founded by experienced security executives from Check Point Software and Juniper Networks, in collaboration with renowned academics from the University of California, Berkeley. Backed by General Catalyst Partners and Osage University Partners, Menlo Security is headquartered in Menlo Park, California. Visit

Media Contact
Michelle Dailey
LEWIS PR for Menlo Security
[email protected]


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights