Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/6/2009
10:44 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Purewire Survey Reveals Gaps In Web Security

IT pros rank Web-based malware attacks as leading concern yet many aren't using comprehensive Web security tools

ATLANTA—Jan. 5, 2009—Purewire, Inc., a Web security software-as-a-service (SaaS) vendor that secures business and social interactions on the Web, today announced end-user survey results illustrating severe vulnerabilities to corporate networks due to malware-infected Web applications, remote workers and shrinking IT budgets. The full results of the survey are available from Purewire at http://www.purewire.com/lp/osterman.

The survey, prepared by Osterman Research, includes key findings such as:

* IT security professionals rate the Web as the number one entry point for malware into their networks. * Even so, nearly 40 percent of companies cannot successfully prevent users from installing Web applications, leaving them vulnerable to all sorts of attacks. * Web attacks are a clear and present danger: 20 percent of survey respondents work remotely at least part of the time. Of those remote workers infected with malware, nearly half of the infections came from the Web. * A user visiting infected Web sites is the most significant single threat vector. * More than 90 percent of those surveyed report that they will not see a budget increase for 2009, despite the increase in threats and vulnerabilities. * More than 70 percent of survey respondents use SaaS-based solutions for anti-virus and anti-spam, and 25 percent have implemented Web security as a service, indicating a clear shift toward SaaS-based security solutions.

"Current economic conditions underscore the need for organizations to reallocate budgets in a way to save money and still ensure their assets are safe," said Mike Van Bruinisse, co-founder, president and chief operating officer at Purewire. "This survey shows significant gaps in overall network security, yet an overwhelming majority of IT security professionals report that they will not see a budget increase for 2009. We believe SaaS offerings address this concern by keeping threats out of the network; providing instant access to security updates; having low maintenance requirements; and offering predictable pricing with cost savings of up to 40 percent. That is important for businesses in today's economy."

Osterman Research conducted the survey of Web and messaging security professionals, eliciting 139 responses. The sample represents a strong cross-section of companies ranging in sizes and vertical markets, with an average of more than 15,000 employees accessing the Internet.

"URL filtering is an important component of any Web security platform, but with a new domain name created every second, IT security professionals should look beyond traditional filters," said Mike Osterman, president of Osterman Research. "Malware-infected Web applications pose a serious threat to the corporate network since streaming applications bypass anti-virus engines and URL filters cannot scan and classify browser-based objects. Additionally, SaaS-based Web security solutions offer double the benefits of being highly effective against the latest generation of Web threats, while offering low up-front costs and predictable pricing."

The Purewire Web Security Service is deployed as a security SaaS. Purewire inspects outbound Web traffic for safety and compliance, and analyzes Web site response traffic for malicious programs and untrustworthy users, offering unmatched protection against malicious people, places and things on the Web. The Purewire Web Security Service provides high performance processing of Web traffic to protect users browsing the Web regardless of location or device, including laptops and mobile devices.

About Osterman Research Osterman Research was founded by Michael Osterman in 2001. Since that time, the company has become one of the leading analyst firms in the messaging and collaboration space, providing research, analysis, white papers and other services to companies like Microsoft, IBM, Google, Yahoo!, Novell, Quest Software, Hewlett Packard, Dell MessageOne, Proofpoint and many others. The core of Osterman Research's capabilities is its market research panel of IT professionals and end users that are regularly surveyed on a variety of topics related to email, instant messaging, spam, collaboration, security, storage, archiving, data retention, compliance and other areas. This continually updated knowledge base of information from decision makers and influencers helps Osterman Research to understand developments and gain insight into the trends that affect its clients.

About Purewire, Inc. Headquartered in Atlanta, Purewire secures business and social interactions on the Web. Founded by veteran security industry entrepreneurs, the company offers Web security-as-a-service to increase ROI and lower the total cost of security for businesses. Purewire is the only vendor that addresses the complete Web security threat landscape, providing unique algorithms and scalable services to protect users from malicious people, places and things on the Web. For additional information, please visit www.purewire.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28973
PUBLISHED: 2021-04-13
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2021-29997
PUBLISHED: 2021-04-13
XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2021-29998
PUBLISHED: 2021-04-13
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
CVE-2021-29999
PUBLISHED: 2021-04-13
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
CVE-2021-21729
PUBLISHED: 2021-04-13
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1