With one new infected webpage discovered every 4.5 seconds, there is no longer any such thing as a "trusted website". As the internet becomes an increasingly mission-critical tool, new media such as blogs and social networking sites are a necessary part of business. This paper describes today's new web threats, highlights the need for a positive security model to replace yesterday's access-blocking approach, and describes the three pillars of protection organizations need to safeguard their systems and resources.