It’s a fact of life that every MSP has learned to accept: Your clients are going to be spending lots time on the web, whether in the course of conducting actual business or just for personal browsing. Proactive MSPs provide educational materials and training sessions to help their clients’ end users recognize suspicious websites and URLs, but it’s an uphill struggle as today’s cybercriminals become increasingly sophisticated in their tactics.
Simply put, defeating an enemy that’s constantly morphing requires a dynamic, up-to-the-minute approach to intelligence gathering and evaluation, and that’s precisely what Webroot employs.
Webroot continually monitors URLs, and has analyzed over 27 billion URLs to date. This analysis includes labeling each URL with a risk category—High Risk, Suspicious, Moderate Risk, Low Risk or Trustworthy—based on numerous factors, such as the website’s history, age, rank, location, networks, links, real-time performance and behavioral information.
What’s more, each URL is assigned to one of 82 primary content categories as defined by Webroot. These risk and content categories enable MSPs to easily create web usage policies that can determine which URLs may or may not be accessed by their clients.
Figure 1 below shows the distribution of risk categories assigned by the Webroot Threat Intelligence Platform to URLs during 2016. URLs falling in High Risk, Moderate Risk and Suspicious categories pose a great deal of risk to your clients, and represent nearly 70% of the URL distribution.
Figure 1: Distribution of URL risk categories during 2016
It is important to also consider other URL content categories besides those falling solely within High Risk. Webroot has analyzed the data from these other content categories and identified the top three that are more likely to be High Risk or Suspicious compared to average:
- Content Delivery Networks (11.6 times as likely)
- News and Media (7.6 times as likely)
- Web Advertisements (4.1 times as likely)
The key takeaway for MSPs? These content categories indicate that the use of malicious ads for attack delivery has significantly increased.
While a URL category may generally be considered reputable, that does not mean its URLs are also reputable. Ultimately, MSPs should set their policies for their clients based on reliable risk classifications for each individual URL.
Download your free copy of the Webroot 2017 Threat Report here.
Guest blogs such as this one are published monthly and are part of The VAR Guy's annual platinum sponsorship.