Research Highlights Changing Threat Landscape And Increased Risk To The Web 2.0 Enabled Enterprise

WatchGuard Technologies, a provider of secure appliances and unified threat management (UTM) solutions, warns that the changing nature and scale of security threats will pose more strenuous challenges for security administrators as they embrace the Web 2.0 world.

Research over the last three years by WatchGuard's Rapid Response team has tracked attack patterns and identified five key threats: DNS system attacks, virus and malware, buggy web applications, hacking for profit, and the end users themselves.

"The increase in the range and sophistication of threats, combined with more complex architectures and the move to Web 2.0, will make the job of securing enterprise networks more difficult than ever before," says Steve Fallin, director of WatchGuard's Rapid Response team. "Other factors putting organizations at more risk include increased levels of remote access, continued poor user behaviour and the shift from hobby hackers to organized crime."

According to WatchGuard's survey, many of today's attacks are targeted and done for profit, such as the sale of personal information or blackmail. The focus of web based attacks has also shifted to applications running on the web server and the data systems that back them up by exploiting flaws in website design.

On the desktop, relatively harmless virus infections have now morphed into a devil's brew of sophisticated viruses, spyware, root kits and botnets. At the same time, attacks such as phishing and drive-by downloads target the most vulnerable portion of the network infrastructure - its users - with surprising levels of success.

"The last few years have seen a considerable change in the nature of security challenges faced by the internet enabled enterprise," says Fallin. "As we are now on the verge of widespread adoption of Web 2.0, with its promise of the collaborative enterprise, it is vital to adapt enterprise security to address the threats posed by a Web 2.0 world."

Ian Kilpatrick, chairman of Wick Hill Group, WatchGuard's largest worldwide distributor, commented: "WatchGuard has been in the frontline of threat defence for over ten years. Its LiveSecurity service has ensured that customers have not only been protected at the gateway from hidden vulnerabilities in their internal systems, but have also been informed of how to fix them. WatchGuard's UTM solutions are a further step forward in defending against today's increased threat levels, as highlighted by this research."

WatchGuard's Rapid Response team is responsible for monitoring threats on the Internet, assessing the nature and severity of the threat and rapidly delivering threat defences to all WatchGuard UTM appliances on a

24x7 basis.

Notes for editors: the need for a more comprehensive security solution:

Increasingly complex architectures

As we expect our networks to do more for us than ever, they are growing more complex and becoming an increasing management burden. This is reflected by the growing number of network 'discovery' tools. The security impact of this trend is straightforward - what is not seen is not managed and what is not managed can't be kept secure and operational over time.

Excessive User rights

Most administrators give end users local administrator rights on their machines to cut down on support calls. But it also means that an attacker may inherit administrator rights and gain a more useful platform to launch further attacks against other network resources.

Administrators should weigh carefully whether this risk is worth the inconvenience of the added support burden.

Phishing Attacks

More sophisticated forms of this type of attack are targeting organizations or individuals with schemes that seek network access credentials and confidential corporate communications. All users must be reminded that if it sounds too good to be true, it probably is - so don't click on it.


Targeted at end users and typically exploiting unpatched software such as browsers or email clients, malware is the new 'virus' threat. Today's malware uses the web to lay traps and email to draw victims to the site where they are susceptible to all manner of dangerous code. The secure network must manage these threats in a holistic manner, including user education and perimeter security to protect the end users from themselves.


With most end users having excessive permissions on their computers they are prime targets. For them, security as an impediment to getting their jobs done and they are seldom as knowledgeable as they need to be when it comes to being safe on the internet. These factors create a major risk and organizations must reach out to educate their end users in critical network security skills.

Ubiquity of AV/ file decompression software For the past two years, a dedicated group of researchers has released a steady stream of security advisories pointing to specific flaws in how popular anti-virus software handles compressed data. With over 90% of organizations running AV software with a high level of security permissions, any vulnerability leads to attackers with administrator access. Perimeter security solutions must provide defence in depth to counter this threat, protecting the AV systems from harmful file types.

New application servers

New application servers such as those supporting VoIP and collaboration applications are now found in data centres which, in most cases, have been optimized for mature, stable applications such as web and email servers. This means that future security solutions must support these business requirements and shelter the servers from abuse.

New web applications

While web servers in general are quite stable and secure, the web sites that run on them are another matter. If not designed properly and securely, the web site can be used as a platform to attack the data behind it leading to information disclosure and online fraud.

Attacks against DNS servers

The global DNS system is the 'phone book' that makes the internet possible, translating names into numbers. With DNS, we trust that when we type the address of a web site into a browser, that we will end up at that right web site. But attackers are increasingly probing this system for weakness and attack techniques such as fast flux and pharming exploit this trust placed in the DNS system to deliver malware or harvest personal information from trusting users.