- Category: June 2011
The network security company Palo Alto Networks enables with its next-generation firewalls policy control of applications and content - by user, not just IP address.Based on patent-pending App-ID™ technology, their firewalls accurately identify and control applications regardless of port, protocol, evasive tactic or SSL encryption and even extended recently their network security offers to remote users with the release of GlobalProtect™.
Even more interesting is Palo Alto Network’s new research that comments on the fact that roughly 36% of enterprise network traffic is comprised of hundreds of applications that can evade the controls of conventional security solutions by either using SSL or port-hopping capabilities. Contrary to conventional wisdom, the majority of this traffic however is not from browser-based applications using HTTP over SSL on port 443, which represents a significant blind spot that most IT organizations have not yet adequately addressed and one that is rarely discussed in the security industry.
The findings, besides many others, are specified in the 7th edition of its Application Usage and Risk Report, which provides a global view into application usage by assessing 28 exabytes of application traffic from 1,253 enterprises between October 2010 and April 2011.
The report focuses on three primary findings:
- Exposing the elephant in the room: more than 40% of the 1,042 applications that Palo Alto Networks identified on enterprise networks can now use SSL or hop ports to increase their availability within corporate networks. This segment of applications will continue to grow as more applications follow Twitter, Facebook, and Gmail, who all have enabled SSL either as a standard setting or as a user-selectable option in an effort to create the perception of improved security for its end-users.
- The workplace has become more social: contrary to popular opinion, social networking has not meant the death knell of webmail and instant messenger (IM). Compared with 12 months ago, IM traffic, as a percentage of overall traffic has more than doubled, while webmail and social networking increased nearly five times.
- File transfer technologies are evolving rapidly: as browser-based file sharing applications now use peer-based technology and add clients as a "premium", the question arises: will the business and security risks introduced by browser-based file sharing follow the same path as those that were introduced by P2P? The frequency of file transfer applications - 92% of FTP, 82% of P2P, and 91% browser-based file sharing - each provide business value, but represent security and business risks that may include exploits, malware vectors, and data loss.
"What we learned from analyzing this tremendous amount of enterprise application traffic, which is arguably the largest sample set ever published, is to never assume anything about end-user behavior," said Rene Bonvanie, vice-president of marketing at Palo Alto Networks. "This data should be a wake-up call for IT teams who assume encrypted traffic is mainly HTTPS or for those who still believe that social networking usage is not taking place on their corporate networks."
Information on the more than 1,200 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company's Application and Threat Research Center at http://www.paloaltonetworks.com/researchcenter/.
To download the Application Usage and Risk Report (Spring 2011), please visit: http://www.paloaltonetworks.com/aur
Source: Palo Alto Networks