Thursday, May 9, 2013

Palo Alto Networks Reveals – for the First Time – Data on Applications that Attackers Most Commonly Target

Data Shows Social Networking and Filesharing Threat Activity Pales in Comparison to the Business Critical Apps Threat Activity.

Asia Pacific, May 9, 2013 – Palo Alto Networks (NYSE: PANW), a network security company, released its Application Usage and Threat Report.  This 10th edition of the report is the first version to compile and correlate data on application usage and threat activity. Based on analysis of network traffic of close to 800 organizations across Asia Pacific between May and December 2012, the report is the network security industry’s most comprehensive examination of application usage and threats.

The report’s findings include:
Social, video, and filesharing are not the top threat sources.  While 299 social networking, video, and filesharing applications represent 27 percent of network bandwidth use, they account only for 1 percent of threat logs. ( Facebook apps were the most significant threat log contributor).

Exploits continue to target enterprises’ most valued assets via commonly used business applications. Of the 1,244 applications studied, 7 business critical applications were responsible for 86 percent of all exploit logsS

Malware hides inside custom applications. Custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 71 percent of malware logs, yet they are consuming less than 4 percent of network bandwidth.

SSL is used as both a security mechanism and a masking agent. 317 applications use SSL in some way.

“Correlating threats with specific applications allows security teams to directly see and control risks in their networks,” said René Bonvanie, chief marketing officer at Palo Alto Networks. “We are empowering our customers with the knowledge they need to implement comprehensive security policies and practices to better secure their networks with minimal impact on day-to-day operations.”

"The volume of exploits targeting business critical applications was stunning and serves as a data center security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks and author of the report. "These threats will continue to afflict organizations until they isolate and protect their business applications by bringing threat prevention deeper into the network.”

The report categorizes applications into 3 categories: personal applications, business applications, and custom or unknown applications.

Personal applications include social networking applications (Facebook, Pintrest, Tumblr, and Twitter), filesharing (BitTorrent, Box, Dropbox, Putlocker, Skydrive, and YouSendit), and video (YouTube, Netflix, and Hulu Networks).
Business applications include Microsoft SQL Server, Microsoft Active Directory, SMB, Microsoft RPC, and other commonly used enterprise applications.
Custom or unknown applications are defined as either TCP or UDP based applications that are custom (internal to the organization), unrecognized commercially available, or a threat.

Application and Threat Information
Information on the nearly 1,600 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company's Application and Threat Research Center. Visit the online resource to find the latest news, commentary, and discoveries on applications and threats at

To download the Application Usage and Threat Report (February 2013), please visit:

To explore the data from this report using our interactive data visualization tool, please visit:

No comments: