The Register® — Biting the hand that feeds IT

Feeds

Pah! Social, file-sharing apps are SAFE compared to biz apps

Malware threats not where corporates think they are

By John Leyden, 22nd February 2013
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Threats from social networking, video and filesharing pale in comparison to malicious content in business critical apps, according to a survey by network security firm Palo Alto Networks.

While 339 social networking, video, and file-sharing applications represent 20 per cent of network bandwidth use, they account for less than 1 per cent of threat logs.

Contrary to popular belief, exploits continue to target enterprises via commonly used business applications. Of the 1,395 applications studied, 10 were responsible for 97 per cent of all exploit logs observed and nine of them are business critical applications.

The top 10 applications by threat are: MS SQL; MS RPC; Web Browsing; Server Message Block; MS SQL Monitor; MS Office Communicator; SIP; Active Directory; Remote Procedure Call; and DNS.

The study, based on an analysis of network traffic of more than 3,000 organisations between May and December 2012, involved making sense of 12.6 petabytes of data, 5,307 unique threats and 264 million threat logs. Malware often hides inside custom applications, traffic analysis by Palo Alto suggests. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55 per cent of malware logs, but only consuming less than 2 per cent of network bandwidth.

SSL is used as both a security mechanism and a masking agent, with 356 applications that appeared in the study using SSL in one way or another. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs. HTTP proxy, used both as a security component and to evade controls, exhibited the seventh highest volume of malware logs.

"The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”

Correlating threats with specific applications allows security teams to get a better handle on risks in their networks, allowing them to adopt smarter security controls and procedures.

The latest Palo Alto Application Usage and Threat Report, the first version to correlate data on application usage and threat activity, can be downloaded here (registration required). A blog post summarising the main findings is here.

Data from the report can be explored using an interactive data visualisation tool, available here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (9)
Highly Rated
Khaptain

Apples and Pears

This article is comparing front end applications to back end services, strange logic indeed.

Who the hell wants to hack streams of social networking chatter?

Obviously the SQL Servers and Server protocols are going to get attacked, this is after-all where the really interesting data lies.

<--- Fail, because this article did.

3
0
Shippwreck1

" ... While 339 social networking, video, and file-sharing applications represent 20 per cent of network bandwidth use, they account for less than 1 per cent of threat logs ... "

" ... The top 10 applications by threat are: MS SQL; MS RPC; Web Browsing; Server Message Block; MS SQL Monitor; MS Office Communicator; SIP; Active Directory; Remote Procedure Call; and DNS ..."

erm... isn't "Web Browsing" a fairly broad business application, that is likely to incorporate most of the threat logs associated with users surfing to social networking sites and the 1% referred to is the tiny amount where a user has actually admitted to using a social networking site at work...

2
0
graeme leggett

One way of looking at data

Filesharing and youtube are high volume data but each file or video is only one interaction that could pull in a threat. The other apps are many small bursts of data each associated with a threat possibilty.

so network bandwidth is not really a relevant comparator.

Their interactive report thingy didn't work for me, so I'm working theoretically here.

2
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19