Risk
10/21/2010
12:21 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Employees' Use Of Webmail, File-Sharing Services Riskier Than Their Facebook Activity

New data from Palo Alto Networks' application-layer firewall customers shows employees circumventing security controls via Webmail, file sharing

Facebook usage by employees gets a bad rap, but it turns out workers are doing more surfing on the social network than potentially giving away company secrets: New data from some 700 of Palo Alto Networks' application-layer firewall customers shows Webmail use poses a much bigger problem.

"There's a false sense of security that email is dead, or that email is taken care of with your security infrastructure," says Chris King, director of product marketing for Palo Alto Networks, which published its newest "Application Usage and Risk Report" today for enterprise application usage between March and September 2010. "The risks are a bit overblown with Facebook versus Webmail. With Facebook, people are mostly reading other people's stuff: It's reality TV on in the background while you're working."

According to Palo Alto Networks, personal Webmail (such as Gmail, Hotmail, and Yahoo Mail), instant messaging, and peer-to-peer and browser-based file-sharing apps were used in 96 percent of the enterprises, and those apps made up nearly one-fourth of all bandwidth. The bad news is that most of these apps are unmonitored and not controlled by the enterprise, which leaves the organization open to attack or data leakage, the report says.

Workers' Facebook activity is more voyeuristic, with 69 percent of Facebook traffic on these organizations being used for viewing Facebook pages, while Facebook apps make up about 4 percent of traffic and posts, only about 1 percent of traffic.

"Email and IM appear to be the primary vectors for inbound threats, such as Conficker," says Matt Keil, product marketing manager at Palo Alto Networks.

There were 114,000 log instances of Conficker infections among Palo Alto customers, he says. "A log instance is when Conficker is actively going through and trying to propagate itself or phone home or send information out of the network," he says.

The average duration for his log count was three to five business days, which means the 114,000 number is "significant," King says.

Meanwhile, the heavy use of Webmail at work, as well as Web-based file-sharing apps, basically circumvent most organizations' email and other security, according to Palo Alto. "These Webmail apps are using SSL, mostly Port 80, and you may have this incredible infrastructure to protect the email threat vector, with your mail server, cloud services, anti-spam, and anti-malware, and the Webmail users are going around this completely," King says. "In most cases, it's an unscanned vector."

Web- or browser-based file-sharing now constitutes 96 percent of file sharing, according to the data, with apps including Skydrive, USendIt, RapidShare, and DocsStock. BitTorrent remains the most popular peer-to-peer file-sharing program in use in companies. "Most of these are completely unmanaged in enterprises," King says, leaving organizations open for copyright violations, data exposure, and infection from rigged files.

There were a total of 92 enterprise-class cloud apps found in about 97 percent of the enterprises--applications that include backup, storage, ERP, database, collaboration, and conferencing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web