Palo Alto Networks has released its Application Usage and Threat Report. This 10th edition of the report is the first version to compile and correlate data on application usage and threat activity. Based on analysis of network traffic of more than 3,000 organisations between May and December 2012, the report is the network security industry’s most comprehensive examination of application usage and threats. The report’s findings include:
* Social, video, and filesharing are not the top threat sources. While 339 social networking, video, and filesharing applications represent 20 percent of network bandwidth use, they account for less than 1 percent of threat logs.
* Exploits continue to target enterprises’ most valued assets via commonly used business applications. Of the 1,395 applications studied, 9 business critical applications were responsible for 82 percent of all exploit logs.
* Malware hides inside custom applications. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55 percent of malware logs, yet they are consuming less than 2 percent of network bandwidth.
* SSL is used as both a security mechanism and a masking agent. 356 applications use SSL in some way. SSL by itself represented 5 percent of all bandwidth and the 6th highest volume of malware logs. HTTP proxy, used both as a security component and to evade controls, exhibited the 7th highest volume of malware logs.
“Correlating threats with specific applications allows security teams to directly see and control risks in their networks,” said René Bonvanie, chief marketing officer at Palo Alto Networks. “We are empowering our customers with the knowledge they need to implement comprehensive security policies and practices to better secure their networks with minimal impact on day-to-day operation.”
"The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”
The report categorises applications into 3 categories: personal applications, business applications, and custom or unknown applications.
* Personal applications include social networking applications (Facebook, Pintrest, Tumblr, and Twitter), filesharing (BitTorrent, Box, Dropbox, Putlocker, Skydrive, and YouSendit), and video (YouTube, Netflix, and Hulu Networks).
* Business applications include Microsoft SQL Server, Microsoft Active Directory, SMB, Microsoft RPC, and other commonly used enterprise applications.
* Custom or unknown applications are defined as either TCP or UDP based applications that are custom (internal to the organization), unrecognised commercially available, or a threat.