Unauthorized Apps Often Go Unseen And Unchecked, Study SaysUnauthorized Apps Often Go Unseen And Unchecked, Study Says
Despite policies, most corporate networks remain rife with P2P, Google tools, and other unsanctioned apps, study says
April 17, 2009
Despite a wide range of access controls and company policies, most organizations still aren't controlling the use of unauthorized applications on their networks, according to a forthcoming study.
Next-generation firewall maker Palo Alto Networks on Monday will release the latest version of its Application Usage and Risk Report, a live study of more than 60 large organizations and nearly 900,000 users. The study confirms what many IT managers already know: that end users continue to download and use a wide variety of applications that aren't sanctioned by corporate IT security policies.
Peer-to-peer applications -- generally outlawed in most organizations because of the risk of open connections and copyright infringement penalties -- were found in 92 percent of the networks in the study, Palo Alto Networks says. Brower-based file-sharing applications, such as YouSendit! and MediaFire, were found in 76 percent of the organizations. The study also found widespread use of Google applications, as well as a variety of streaming video and instant messaging applications that generally are not sanctioned for use inside the corporate network.
To compound the problem, the study found that more than half of the 494 applications discovered are capable of bypassing the current security infrastructure. Some applications are capable of hopping from port to port on a router or firewall, while others "hide" via proxies, encrypted tunneling, or simple SSL encryption. The traffic created by these applications generally cannot be monitored or blocked, even when it is known to be a danger to corporate data, Palo Alto Networks notes.
"The traditional tools that IT managers have at their disposal cannot see the applications traversing the network; [they] can see only a fraction of the applications," said Nir Zuk, CTO and founder of Palo Alto Networks, in a webinar Wednesday.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023