Original URL: http://www.theregister.co.uk/2013/02/22/app_threat_analysis/

Pah! Social, file-sharing apps are SAFE compared to biz apps

Malware threats not where corporates think they are

By John Leyden

Posted in Security, 22nd February 2013 14:36 GMT

Threats from social networking, video and filesharing pale in comparison to malicious content in business critical apps, according to a survey by network security firm Palo Alto Networks.

While 339 social networking, video, and file-sharing applications represent 20 per cent of network bandwidth use, they account for less than 1 per cent of threat logs.

Contrary to popular belief, exploits continue to target enterprises via commonly used business applications. Of the 1,395 applications studied, 10 were responsible for 97 per cent of all exploit logs observed and nine of them are business critical applications.

The top 10 applications by threat are: MS SQL; MS RPC; Web Browsing; Server Message Block; MS SQL Monitor; MS Office Communicator; SIP; Active Directory; Remote Procedure Call; and DNS.

The study, based on an analysis of network traffic of more than 3,000 organisations between May and December 2012, involved making sense of 12.6 petabytes of data, 5,307 unique threats and 264 million threat logs. Malware often hides inside custom applications, traffic analysis by Palo Alto suggests. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55 per cent of malware logs, but only consuming less than 2 per cent of network bandwidth.

SSL is used as both a security mechanism and a masking agent, with 356 applications that appeared in the study using SSL in one way or another. SSL by itself represented 5 per cent of all bandwidth and the sixth highest volume of malware logs. HTTP proxy, used both as a security component and to evade controls, exhibited the seventh highest volume of malware logs.

"The volume of exploits targeting business critical applications was stunning and serves as a data centre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”

Correlating threats with specific applications allows security teams to get a better handle on risks in their networks, allowing them to adopt smarter security controls and procedures.

The latest Palo Alto Application Usage and Threat Report, the first version to correlate data on application usage and threat activity, can be downloaded here (registration required). A blog post summarising the main findings is here.

Data from the report can be explored using an interactive data visualisation tool, available here. ®