Attackers are moving away from large, multipurpose attacks on network perimeters towards smaller, more targeted attacks directed at web and client-side applications.