A detailed analysis of more than 700 corporate networks has revealed a pervasive use of Facebook and other social networking applications, and, with it, a growing threat of malware and data leakage.
The analysis was carried out by security vendor Palo Alto Networks Inc., which scanned the network traffic of 723 enterprises (275 of them based in Europe) between March and September 2010. The results are published in the 6th edition of its Application Usage and Risk Report.
Facebook was the most ubiquitous social networking application, present on 96% of networks, followed by Twitter (93%), LinkedIn (85%), Myspace (79%) and Facebook applications (76%). In the UK, Facebook was present in 100% of organisations, Hotmail was present in 95% and Meebo, a universal IM client, was present in 82%.
The report identified a total of 931 different social networking applications currently in use, of which 224 pose particular security problems, because they are user-driven, and are not generally well managed by traditional security mechanisms, such as firewalls. While acknowledging that these new applications can bring benefits to users and organisations, the report stresses that, among many social networking security risks, the sites can lay networks open to malware and act as a channel for data leakage. Social networking applications also accounted for nearly a quarter of all bandwidth.
For the purposes of analysis, the report splits these applications into three main categories: saying (webmail and instant messaging), socialising (social networking sites) and sharing (FTP, P2P and browser-based sharing programs).
Saying (webmail and IM)
These applications, says the report, are "used in a largely unmonitored and uncontrolled manner, which, in turn, introduces significant inbound and outbound risks." The main risk they bring is that they can be used to give out information unchecked and send out attachments. And, as most webmail programs use common Web traffic ports (TCP/80 or TCP/443) or hop between ports, they can be hard to monitor using a traditional firewall, which tends to keep those ports open.
Socialising (Facebook, Myspace)
Four Facebook social networking applications (Facebook, Facebook Posting, Facebook Apps and Facebook Social Plugins) consumed 78% of the total social networking bandwidth usage as observed in the study. Analysis of traffic patterns found that most users view pages rather than post: Only 1% of activity involved posting information. However, as the report says, the content of any posts is mainly unregulated, allowing for potential leakage of sensitive data. There is also the threat of users downloading malicious Facebook apps.
Browser-based file sharing The report makes the point that, while early means of file sharing -- such P2P and FTP -- required some level of technical knowledge to set up, browser-based applications such as Skydrive, DocStoc, MegaUpload and RapidShare are much more user-friendly and are therefore being used increasingly. While some are designed to be business-focused, others encourage (and reward) users to upload and share copyrighted material such as films and TV programmes. This means that users may be consuming corporate bandwidth to make money for themselves instead of doing their jobs, and may also implicate their employers in copyright theft. MegaUpload, MediaFire and RapidShare were the highest browser-based consumers of network bandwidth.
Nir Zuk, founder and CTO of Sunnyvale, Calif.-based Palo Alto, said the trends uncovered in the report underline the need to review network security. "Applications are leaving the network with the move to the cloud; users are leaving the network as they become more mobile, and even the infrastructure is leaving the network as companies use services such as Rackspace and Amazon Web Services," he said.
He claimed that only 10% of corporate applications globally now reside on corporate servers, with the rest either being in the cloud or on users' PCs. Even though Zuk was one of the developers of the first stateful inspection firewalls when he worked at Check Point Software Technologies in the 1990s, he declared that "the stateful firewall doesn't work anymore."
However, customers are unlikely to follow Zuk's advice to throw out all firewalls and replace them with Palo Alto's own 'next generation' firewall instead. One such customer is Sean Whetstone, head of IT services for Reed Specialist Recruitment Ltd., who manages a global network. He said the Palo Alto product provides a "useful second opinion" to his more traditional line-up of firewalls and intrusion prevention systems, but that he has no plans to remove those existing lines of defence.
He also suggested that client-based antimalware software has a big role to play in controlling what users do, and what content they download and send.