Risk
10/21/2010
12:21 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Employees' Use Of Webmail, File-Sharing Services Riskier Than Their Facebook Activity

New data from Palo Alto Networks' application-layer firewall customers shows employees circumventing security controls via Webmail, file sharing

Facebook usage by employees gets a bad rap, but it turns out workers are doing more surfing on the social network than potentially giving away company secrets: New data from some 700 of Palo Alto Networks' application-layer firewall customers shows Webmail use poses a much bigger problem.

"There's a false sense of security that email is dead, or that email is taken care of with your security infrastructure," says Chris King, director of product marketing for Palo Alto Networks, which published its newest "Application Usage and Risk Report" today for enterprise application usage between March and September 2010. "The risks are a bit overblown with Facebook versus Webmail. With Facebook, people are mostly reading other people's stuff: It's reality TV on in the background while you're working."

According to Palo Alto Networks, personal Webmail (such as Gmail, Hotmail, and Yahoo Mail), instant messaging, and peer-to-peer and browser-based file-sharing apps were used in 96 percent of the enterprises, and those apps made up nearly one-fourth of all bandwidth. The bad news is that most of these apps are unmonitored and not controlled by the enterprise, which leaves the organization open to attack or data leakage, the report says.

Workers' Facebook activity is more voyeuristic, with 69 percent of Facebook traffic on these organizations being used for viewing Facebook pages, while Facebook apps make up about 4 percent of traffic and posts, only about 1 percent of traffic.

"Email and IM appear to be the primary vectors for inbound threats, such as Conficker," says Matt Keil, product marketing manager at Palo Alto Networks.

There were 114,000 log instances of Conficker infections among Palo Alto customers, he says. "A log instance is when Conficker is actively going through and trying to propagate itself or phone home or send information out of the network," he says.

The average duration for his log count was three to five business days, which means the 114,000 number is "significant," King says.

Meanwhile, the heavy use of Webmail at work, as well as Web-based file-sharing apps, basically circumvent most organizations' email and other security, according to Palo Alto. "These Webmail apps are using SSL, mostly Port 80, and you may have this incredible infrastructure to protect the email threat vector, with your mail server, cloud services, anti-spam, and anti-malware, and the Webmail users are going around this completely," King says. "In most cases, it's an unscanned vector."

Web- or browser-based file-sharing now constitutes 96 percent of file sharing, according to the data, with apps including Skydrive, USendIt, RapidShare, and DocsStock. BitTorrent remains the most popular peer-to-peer file-sharing program in use in companies. "Most of these are completely unmanaged in enterprises," King says, leaving organizations open for copyright violations, data exposure, and infection from rigged files.

There were a total of 92 enterprise-class cloud apps found in about 97 percent of the enterprises--applications that include backup, storage, ERP, database, collaboration, and conferencing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web