Web Browsers: An Emerging Platform Under Attack
The first layer of malware defense should be placed at the network perimeter and be managed centrally. This helps the IT person in charge sleep better. This layer alone can't replace proper patch management and rollouts, but it keeps desktop computers with outdated or misconfigured local security software protected while they surf the Internet, and it can identify and isolate desktop computers that are infected - preventing the leakage of sensitive data and credentials. And because scarce false-positives are less problematic at the gateway level, more aggressive heuristics are possible that permit the highest proactive detection rates.