With the Internet now hosting and welcoming user-created content on a wealth of well known sites, we find ourselves navigating dangerous waters—never being quite sure if it's okay to trust sites that we'd always assumed were safe in the past. According to a recent report from Websense Security Labs, we find that malware is most likely to visit user-generated sites like message boards, forums, and search engines. Likewise, converged email and Web threats, fueled by Web 2.0 applications, pose unique challenges to all organizations, from securing productivity to safeguarding employees and their essential information from inbound threats and outbound data loss.

While the Web continues to be the primary host to malicious malware and spyware sites, email remains plagued as well, with the latest studies indicating that 87 percent of all email traffic is, in fact, spam. The lines between Web and email attacks continue to be blurred with more than 76 percent of unwanted email messages containing malicious URLs—a significant 18 percent increase since December of 2007.

The Storm Worm's spam campaign is a classic example of a blended threat that uses email as a means to deliver exploits to the unsuspecting victim. The latest attack offers fake news about WWIII, baiting the victim with scary news to click on a video link, which connects back to the worm host site to deliver the attack payload.

Examples of converged Web and email threats are becoming commonplace, so it's critical that businesses unify their Web and email security for best results. For email security, businesses have had two choices: hosted protection at the Internet level, and server-based software protection that resides on premise. Both options have their merits depending on an organization's environment and deployment preferences, but many companies are finding the best of both worlds with the deployment of a hybrid of the two.

• Hosted services—Is ideal for large organizations with distributed networks, smaller organizations with no email administrative resources, or those that want to filter email before it reaches their gateway. Hosted protection stops spam in the cloud, before it ever reaches the network, obviating the need to sort and store undesired email.
  
  
• On-premise software—Server-based gateway email protection that resides on the organization's network is best for organizations with on-site email administrative staff and those that want granular policy control and reporting capabilities.
  
  
• Hybrid email security—A combination of both hosted and on-premise software. Many any organizations are adopting this comprehensive email security, which provides layered protection with bulk inbound email filtering in the cloud and granular outbound email security with on-premise gateway solutions. Deploying messaging security in layers helps realize even greater efficiency and protection, and maximizes network resource investments.

Just as important as selecting the best deployment model is choosing a solution from a vendor who integrates both Web and email threat research and protection into their solutions. With the Internet evolution and the growth of Web 2.0, it's important that your vendor is focused on the big picture of Internet security to ensure your protection from sophisticated, blended threats.