News

Most security threats in just 10 apps, says Palo Alto

Warwick Ashford

Some 97% of all security threats sent across business networks are found within just 10 applications, some of them using the SSL security mechanism to hide their activities, says Palo Alto Networks.

Social networking and file sharing threat activity pales in comparison with business critical apps, according to the networking security firm’s latest threat report.

The six-month review of over 3,000 enterprise networks worldwide reveals that the average network contains 339 “social” apps that consume an average 20% of bandwidth, but the combined threat traffic found on these applications is less than 1%.

However, 90% most at-risk applications were found to be internal business applications, including Microsoft SQL, Server Message Block (SMB) and Remote Procedure Call (RPC).

Of the nearly 1,400 applications studied, nine business critical applications were responsible for 82% of all exploit logs.

Researchers found that custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55% of malware logs.

The study revealed that SSL was the second-largest source of malware traffic in company networks, showing that malware creators are actually able to use SSL as an invisibility cloak to hide their attacks.

Such findings support Gartner’s call for more context-aware security in the workplace and underline the need for businesses to isolate and inspect business applications as well as internal web traffic to determine whether they have already been compromised, the security firm said.

Top 10 applications by threat:

  • MS SQL
  • MS RPC
  • Web Browsers
  • Server Message Block (SMB)
  • MS SQL Monitor
  • MS Office Communicator
  • SIP (Session Initiation Protocol, in Voice Over IP telephony)
  • Active Directory
  • Remote Procedure Call; DNS

"The volume of exploits targeting business critical applications was stunning and serves as a datacentre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks.

"These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network,” he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy