Feeds

Pah! Social, file-sharing apps are SAFE compared to biz apps

Malware threats not where corporates think they are

SANS - Survey on application security programs

Threats from social networking, video and filesharing pale in comparison to malicious content in business critical apps, according to a survey by network security firm Palo Alto Networks.

While 339 social networking, video, and file-sharing applications represent 20 per cent of network bandwidth use, they account for less than 1 per cent of threat logs.

Contrary to popular belief, exploits continue to target enterprises via commonly used business applications. Of the 1,395 applications studied, 10 were responsible for 97 per cent of all exploit logs observed and nine of them are business critical applications.

The top 10 applications by threat are: MS SQL; MS RPC; Web Browsing; Server Message Block; MS SQL Monitor; MS Office Communicator; SIP; Active Directory; Remote Procedure Call; and DNS.

The study, based on an analysis of network traffic of more than 3,000 organisations between May and December 2012, involved making sense of 12.6 petabytes of data, 5,307 unique threats and 264 million threat logs. Malware often hides inside custom applications, traffic analysis by Palo Alto suggests. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55 per cent of malware logs, but only consuming less than 2 per cent of network bandwidth.

SSL is used as both a security mechanism and a masking agent, with 356 applications that appeared in the study using SSL in one way or another. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs. HTTP proxy, used both as a security component and to evade controls, exhibited the seventh highest volume of malware logs.

"The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”

Correlating threats with specific applications allows security teams to get a better handle on risks in their networks, allowing them to adopt smarter security controls and procedures.

The latest Palo Alto Application Usage and Threat Report, the first version to correlate data on application usage and threat activity, can be downloaded here (registration required). A blog post summarising the main findings is here.

Data from the report can be explored using an interactive data visualisation tool, available here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.