The Web Is Packed with High-Risk URLs

It’s increasingly difficult for MSPs to safeguard their clients and users against website threats—the speed of exploitation means that a website or web page that is benign one minute may be malicious the next. Thwarting these threats requires endpoint security solutions that can acquire the latest reputation data for URLs.

April 19, 2017

2 Min Read

It’s a fact of life that every MSP has learned to accept: Your clients are going to be spending lots time on the web, whether in the course of conducting actual business or just for personal browsing. Proactive MSPs provide educational materials and training sessions to help their clients’ end users recognize suspicious websites and URLs, but it’s an uphill struggle as today’s cybercriminals become increasingly sophisticated in their tactics.

Simply put, defeating an enemy that’s constantly morphing requires a dynamic, up-to-the-minute approach to intelligence gathering and evaluation, and that’s precisely what Webroot employs.

Webroot continually monitors URLs, and has analyzed over 27 billion URLs to date. This analysis includes labeling each URL with a risk category—High Risk, Suspicious, Moderate Risk, Low Risk or Trustworthy—based on numerous factors, such as the website’s history, age, rank, location, networks, links, real-time performance and behavioral information.

What’s more, each URL is assigned to one of 82 primary content categories as defined by Webroot. These risk and content categories enable MSPs to easily create web usage policies that can determine which URLs may or may not be accessed by their clients.

Figure 1 below shows the distribution of risk categories assigned by the Webroot Threat Intelligence Platform to URLs during 2016. URLs falling in High Risk, Moderate Risk and Suspicious categories pose a great deal of risk to your clients, and represent nearly 70% of the URL distribution.


Figure 1: Distribution of URL risk categories during 2016

It is important to also consider other URL content categories besides those falling solely within High Risk. Webroot has analyzed the data from these other content categories and identified the top three that are more likely to be High Risk or Suspicious compared to average:

  • Content Delivery Networks (11.6 times as likely)

  • News and Media (7.6 times as likely)

  • Web Advertisements (4.1 times as likely)

The key takeaway for MSPs? These content categories indicate that the use of malicious ads for attack delivery has significantly increased.


While a URL category may generally be considered reputable, that does not mean its URLs are also reputable. Ultimately, MSPs should set their policies for their clients based on reliable risk classifications for each individual URL.

Download your free copy of the Webroot 2017 Threat Report here.

This guest blog is part of a Channel Futures sponsorship.


Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like