This disclosure relates to identifying risks associated with a web request and handling the web request according to the identified risks.
The prevalence and accessibility of computer networks requires security measures to protect valuable information. An enterprise, for example, can implement such security measures by use of a layered security system. Such a layered security system can be implemented at the network edge of the enterprise, e.g., firewalls, gateway security agents, etc. Additionally, a layered security system can also include security processes and agents that are implemented throughout the enterprises, e.g., malware detection software on each computer device within the enterprise, content filtering software, content monitoring software, etc.
Layered security systems are prone to processing inefficiencies and can require many resources within the enterprise to maintain the systems. For example, a company may have a multi-layered security system deployed within its network. A file received on company computers may be processed by a content filtering system, an intrusion detection system and pass through the company's firewall to each computer that receives the file. Furthermore, each computer may include malware scanning software that may scan the file when it is received.
Protecting against threats on the Internet is particularly difficult. Malware detection software must be updated periodically on user's computing devices and gateway security systems. As new malware is found, new signatures and/or logic must be added. Distribution of changes in such software programs is expensive and time consuming. Another issue is that for small/mobile computing devices such as phones, PDAs, and Laptops, malware detection programs consume considerable space and require considerable processing time. Yet another problem is the number of devices on which malware detection programs must typically be updated. Typically, organizations have several thousand computing systems, several operating systems, and hardware platforms and malware products from different vendors.