ScanSafe offers what it calls “Web Security-as-a-Service” by providing a managed service (meaning there’s nothing for customers to install or maintain on-premise) that routes its clients’ Web traffic through secure proxies to scan content in real-time, protecting them from malware as well as providing a way for them to enforce acceptable Web usage policies.

Recently, ScanSafe released its 25-page “Annual Global Threat Report: Trends for January 2007-December 2007,” which is available with a non-intrusive registration from its Web site. The report was written by Senior Security Researcher Mary Landesman, who is a frequent contributor to the about.com series of articles on fighting viruses.

Here are some of the highlights of the report:

* The company’s services include sophisticated heuristic scanners as part of the “Outbreak Intelligence threat detection technology.”
* It scanned “more than 80 billion Web requests and blocked more than 800 million Web threats in 2007 on behalf of corporate customers in over 50 countries.”
* Sites hosting malicious code increased their uptime (Time to Live or TTL) over the course of 2007, with TTL around 18 days in the first half of the year but around 29 days in the second half of the year.
* About 21% of the threats detected by the company’s systems were zero-day exploits (that is, new attacks without signatures that could be used by signature-based scanners).
* Ten malware families accounted for 97% of all the observed events.
* The most frequent type of attack in the blocked events was password-stealing malware (about 37% of total attacks).
* Executables and scripts (including PHP, EXE, JS, and DLL and other code-containing files) constituted about 71% of the threats that were blocked.
* Bogus “malware scanners” post flash popups that claim to scan user computers to “discover” extensive infection – and magically remove the non-existent infections for a modest fee.
* Macro viruses and e-mail worms now constitute “less than 0.1% of all blocks.”

The last section, “2008 Security threat predictions,” has interesting suggestions that are discussed in detail. Quoting exactly from the section’s introduction:

* Cyber criminals follow the money: Web 2.0 will continue to fuel high profile attacks
* Remote and roaming security becomes a mounting pain point for businesses
* Continued pressure to end public disclosure of “Whois” Information
* Growing underground market for warehousing and selling of stolen database information
* Storm worm hangover continues well into 2008.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.