Spring 2009 Edition - Executive Summary
The Application Usage and Risk Report (Spring Edition, 2009), from Palo Alto Networks provides a view into enterprise application usage by summarizing application traffic assessments from more than 60 large organizations across financial services, manufacturing, healthcare, government, retail and education. The assessments were conducted between August 2008 and December 2008, representing the behavior of nearly 900,000 users. The report supports the position that application controls within enterprises are failing. Applications have standard features to evade controls automatically, employees use applications to evade control mechanisms purposefully, and most current control mechanisms are ill-equipped to regain visibility and control.
- Applications are designed for accessibility.
More than half (57%) of the 494 applications found can bypass security infrastructure – hopping from port to port, using port 80 or port 443. Some examples of these applications include Microsoft SharePoint, Microsoft Groove and a host of software update services (Microsoft Update, Apple Update, Adobe Update), along with end-user applications such as Pandora and Yoics! - Applications that enable users to circumvent security controls
are common.
Proxies that are typically not endorsed by corporate IT (CGIProxy, PHProxy, Hopster) and remote desktop access applications (LogMeIn!, RDP, PCAnywhere) were found 81% and 95% of time, respectively. Encrypted tunnel applications such as SSH, TOR, GPass, Gbridge, and SwIPe were also found. - File sharing usage is rampant.
P2P was found 92% of the time, with BitTorrent and Gnutella as the most common of 21 variants found. Browser-based file sharing was found 76% of the time with YouSendit! and MediaFire among the most common of the 22 variants. - Applications continue to consume bandwidth at a voracious rate.
More than half (51%) of the bandwidth is being consumed by a little more than a quarter (28%) of the applications, most of which are consumer-oriented (media, social networking, P2P and browser-based file sharing, web-browsing and toolbars). - Enterprises are spending heavily to protect their networks – yet
they cannot control the applications on the network.
Collectively, enterprises spend more than $6 billion annually on firewall, IPS, proxy and URL filtering products. All of these products claim to perform some level of application control. The analysis showed that 100% of the organizations had firewalls and 87% also had one or more of these firewall helpers (a proxy, an IPS, URL filtering) – yet they were unable to exercise control over the application traffic traversing the network.
The data included in this analysis was generated from Palo Alto Networks next-generation firewalls that were deployed in the line of traffic for as long as a week, providing visibility into an average of 156 applications traversing each of the organization networks, with the highest number of applications detected at 305. The traditional tools that IT managers have at their disposal cannot see the applications traversing the network, or can see only a fraction of these applications. Applications themselves are designed to bypass the infrastructure tools, or employees actively bypass them using a range of applications. While blindly blocking all the applications is an unreasonable response, the risks that many of these applications represent are too significant to ignore.
