After almost two decades of popular adoption, organizations and users of the world-wide web are still being victimized by web-based threats. In spite of the billions of dollars invested in security, web-borne threats are still on the rise. They are more sophisticated and targeted, and with the rise of mobility in the workplace, even more difficult to control. The web's standards-based interface and incredible number of applications have made it the medium of choice for hackers and thieves looking for new ways to disrupt services, steal information and perform malicious activities for financial gain.Here enterprises face a dilemma; employees need web access in order to do their jobs effectively, while management seeks to minimize risk to the corporation. In order to achieve an acceptable balance, management must decide who needs web access, when, how much, and from where. And most importantly, to stay ahead of new threats, enterprises need a security system that can enforce granular web access policies on all devices used to access the web - from inside and outside of the network perimeter.This white paper details the damage that web-based attacks, including new blended threats, can cause, and suggests steps that should taken when developing a comprehensive defense plan. In addition, a layered defense solution employing multiple security technologies is presented.