Most security threats in just 10 apps, says Palo Alto

Some 97% of all security threats sent across business networks are found within just 10 applications, says Palo Alto Networks

Some 97% of all security threats sent across business networks are found within just 10 applications, some of them using the SSL security mechanism to hide their activities, says Palo Alto Networks.

Social networking and file sharing threat activity pales in comparison with business critical apps, according to the networking security firm’s latest threat report.

The six-month review of over 3,000 enterprise networks worldwide reveals that the average network contains 339 “social” apps that consume an average 20% of bandwidth, but the combined threat traffic found on these applications is less than 1%.


However, 90% most at-risk applications were found to be internal business applications, including Microsoft SQL, Server Message Block (SMB) and Remote Procedure Call (RPC).

Of the nearly 1,400 applications studied, nine business critical applications were responsible for 82% of all exploit logs.

Researchers found that custom or unknown applications are the leading type of traffic associated with malware communications, accounting for 55% of malware logs.

The study revealed that SSL was the second-largest source of malware traffic in company networks, showing that malware creators are actually able to use SSL as an invisibility cloak to hide their attacks.

Such findings support Gartner’s call for more context-aware security in the workplace and underline the need for businesses to isolate and inspect business applications as well as internal web traffic to determine whether they have already been compromised, the security firm said.

Top 10 applications by threat:

  • MS SQL
  • MS RPC
  • Web Browsers
  • Server Message Block (SMB)
  • MS SQL Monitor
  • MS Office Communicator
  • SIP (Session Initiation Protocol, in Voice Over IP telephony)
  • Active Directory
  • Remote Procedure Call; DNS

"The volume of exploits targeting business critical applications was stunning and serves as a datacentre security wake-up call,” said Matt Keil, senior research analyst at Palo Alto Networks.

"These threats will continue to afflict organisations until they isolate and protect their business applications by bringing threat prevention deeper into the network,” he said.

Read more on Application security and coding requirements