Social media apps carry less than 1% of threat traffic
News Summary:
97% of all security threats sent across business networks are found within just ten applications, some of them using SSL to hide their activities. However, it’s not social media that is the concern.
A six-month review of over 3,000 enterprise networks worldwide by Palo Alto Networks reveals:
- The average network contains 30 video, 19 filesharing and 17 social networking applications, consuming an average 20% of bandwidth. There were 339 ‘social’ applications found in total
- But the combined threat traffic found by Palo Alto Networks on these applications is less than 1%.
- Facebook accounts for 99% of social networking exploits
- Nine out of the ten most at-risk applications were found to be internal business applications, including Microsoft SQL, Server Message Block and Remote Procedure Call
Palo Alto Networks also found that SSL was the second largest source of malware traffic in company networks, showing that malware creators are actually able to use SSL as an invisibility cloak to hide their attacks.
Such findings support Gartner’s call for more context-aware security in the workplace; Palo Alto Networks is calling for businesses to isolate and inspect business applications, as well as internal web traffic, in order to determine whether they have already been compromised.
Top ten applications by threat: MS SQL; MS RPC; Web Browsing; Server Message Block; MS SQL Monitor; MS Office Communicator; SIP; Active Directory; Remote Procedure Call; DNS
Data shows social networking and filesharing threat activity pales in comparison to business critical apps
Palo Alto Networks_Infographic_Application Usage and Threat Report
London: Palo Alto Networks, the network security company, has released its Application Usage and Threat Report. This 10th edition of the report is the first version to compile and correlate data on application usage and threat activity. Based on analysis of network traffic of more than 3,000 organisations between May and December 2012, the report is the network security industry’s most comprehensive examination of application usage and threats. The report’s findings include:
- Social, video, and filesharing are not the top threat sources. While 339 social networking, video, and filesharing applications represent 20 percent of network bandwidth use, they account for less than 1 percent of threat logs.
- Exploits continue to target enterprises’ most valued assets via commonly used business applications. Of the1,395 applications studied, 9 business critical applications were responsible for 82 percent of all exploit logs.
- Malware hides inside custom applications. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55 percent of malware logs, yet they are consuming less than 2 percent of network bandwidth.
- SSL is used as both a security mechanism and a masking agent. 356 applications use SSL in some way. SSL by itself represented 5 percent of all bandwidth and the 6th highest volume of malware logs. HTTP proxy, used both as a security component and to evade controls, exhibited the 7th highest volume of malware logs.
“Correlating threats with specific applications allows security teams to directly see and control risks in their networks,” said René Bonvanie, chief marketing officer at Palo Alto Networks. “We are empowering our customers with the knowledge they need to implement comprehensive security policies and practices to better secure their networks with minimal impact on day-to-day operation.”
"The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”
The report categorises applications into 3 categories: personal applications, business applications, and custom or unknown applications.
- Personal applications include social networking applications (Facebook, Pintrest, Tumblr, and Twitter), filesharing (BitTorrent, Box, Dropbox, Putlocker, Skydrive, and YouSendit), and video (YouTube, Netflix, and Hulu Networks).
- Business applications include Microsoft SQL Server, Microsoft Active Directory, SMB, Microsoft RPC, and other commonly used enterprise applications.
- Custom or unknown applications are defined as either TCP or UDP based applications that are custom (internal to the organization), unrecognised commercially available, or a threat.