A method of managing access to a network destination. The method includes establishing a first network zone for a user, the first network zone including a plurality of network destinations. The first network zone is monitored and one or more changes in the first network zone are determined. A first network destination in the first network zone is analyzed responsive to determining the one or more changes in the first network zone to determine a first threat. An attempt by the user to access the first network destination is detected, and access by the user to the first network destination is restricted based on the determining the first threat.