Enterprises Struggling With SSL Apps That Evade Traditional Controls
More than a third of enterprise traffic is comprised of apps that use encryption or port-hopping, annual Palo Alto Networks study says By Tim WilsonPalo Alto Networks' "2011 Application Usage and Risk Report" (AUR), an annual study of actual enterprise application usage patterns, says that 36 percent of traffic is now driven by programs such as Facebook, Twitter, and Gmail, which can be hidden via SSL encryption or port hopping.
"This represents a significant blind spot that most IT organizations have not yet adequately addressed, and one that is rarely discussed in the security industry," the report states.
The workplace also has become more social, according to the report. "Contrary to popular opinion, social networking has not meant the death knell of webmail and instant messaging [IM]," it says. IM traffic, as a percentage of overall traffic, has more than doubled in the past year, while webmail and social networking has increased nearly five times.
The report also shows fast evolution of file transfer technologies. Browser-based file sharing applications now use peer-based technology and add clients as a premium, which raises security questions similar to those that were raised with peer-to-peer technologies, Palo Alto Networks observes.
"Never assume anything about end-user behavior," said Rene Bonvanie, vice president of marketing at Palo Alto Networks, in a statement. "This data should be a wake-up call for IT teams who assume encrypted traffic is mainly HTTPS, or for those who still believe that social networking usage is not taking place on their corporate networks."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSInsider Threat Reports
How to Prevent an Illicit Data Dump
There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump. Here are some tips and tricks to help protect your organization's most sensitive information.
Email and Data Loss
Email encryption, rights management, email gateways, and full-on data loss prevention systems can keep corporate data secure. Here's a look at the pros and cons of each, to help you determine what?s best for your business.
An Insider Threat Reality check
Heightened concern that users could inadvertently expose or leak -- or purposely steal -- an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. In this special retrospective of recent news coverage, Dark Reading takes a look at how organizations are handling the threat -- and what users are really up to.
Other reports from the Insider Threat Tech Center:
Related Content
| Sponsored by: |  |
Protection from Insider Threats
Preventing data misuse by trusted users is the most difficult information protection challenge. Insiders already have full authorization to the data, making traditional IT secure methods in effective. Learn about a more powerful security approach and proven strategies to prevent insider misuse.
Strategies for Protecting Intellectual Property
A company's intellectual property (IP) represents a significant portion of assets and a critical component of competitive differentiation, but the potential value of any IP is directly linked to its limit of acceptable use. Learn how you can put your IP to work within collaborative environments without undue risk and maximize competitive advantages.
Protecting Against WikiLeaks Type Events and the Insider Threat
The sensitive information supplied to WikiLeaks and other social justice websites comes from trusted insiders. Get the answers to the open gaps left in the WikiLeaks story and learn how you can prevent insider threats that are just as detrimental in your organization.
Insider Threat: An Inside Look at a Fortune 100 Company's Prevention Program
The ways and means by which a privileged user can successfully steal proprietary data today is staggering. One venerable company that suffered a devastating incident decided to do something about it. Find out how it built one of the most productive insider threat prevention programs in the Fortune 100.
Protection of Intellectual Property and Trade Secrets across a Global Enterprise
As a designer and manufacturer of industrial technology, this Fortune 50 company knew that securing their intellectual property (IP) and trade secret data was essential. It created a program to identify risks to their IP and trade secrets and soon caught a privileged user attempting to compromise IP. Download this case study to see a real example of intellectual property protection at work.
Insider Threat Newsfeed
- Trend Micro Pioneers Integration Of Data-Loss Prevention (DLP) Across The Enterprise
- User-Generated Content Singled Out In Military Dating Hack
- ICSA Labs Launches First Testing Program Of VPN Security For Mobile Device
- NetIQ Minimizes Risk Of Unauthorized Access And Entitlement Creep
- Shape Security Closes $6 Million Series A Funding Round
- European Online Fraud Increases 60%
MORE NEWSFEED >>>
- Entering the Scrum: Taking the First Steps on Your Agile Journey
- Big Data at High Speed: Complex Event Processing at 10x
- Securing the Cloud: Extend the Benefits of Traditional IT Environments to Cloud
- Protecting End Users Against Emerging Threats
- Collaborative DevOps: Bridging the gap between development and operations with automation
