Unauthorized Apps Often Go Unseen And Unchecked, Study Says

Despite policies, most corporate networks remain rife with P2P, Google tools, and other unsanctioned apps, study says

Dark Reading Staff, Dark Reading

April 17, 2009

2 Min Read

Despite a wide range of access controls and company policies, most organizations still aren't controlling the use of unauthorized applications on their networks, according to a forthcoming study.

Next-generation firewall maker Palo Alto Networks on Monday will release the latest version of its Application Usage and Risk Report, a live study of more than 60 large organizations and nearly 900,000 users. The study confirms what many IT managers already know: that end users continue to download and use a wide variety of applications that aren't sanctioned by corporate IT security policies.

Peer-to-peer applications -- generally outlawed in most organizations because of the risk of open connections and copyright infringement penalties -- were found in 92 percent of the networks in the study, Palo Alto Networks says. Brower-based file-sharing applications, such as YouSendit! and MediaFire, were found in 76 percent of the organizations. The study also found widespread use of Google applications, as well as a variety of streaming video and instant messaging applications that generally are not sanctioned for use inside the corporate network.

To compound the problem, the study found that more than half of the 494 applications discovered are capable of bypassing the current security infrastructure. Some applications are capable of hopping from port to port on a router or firewall, while others "hide" via proxies, encrypted tunneling, or simple SSL encryption. The traffic created by these applications generally cannot be monitored or blocked, even when it is known to be a danger to corporate data, Palo Alto Networks notes.

"The traditional tools that IT managers have at their disposal cannot see the applications traversing the network; [they] can see only a fraction of the applications," said Nir Zuk, CTO and founder of Palo Alto Networks, in a webinar Wednesday.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

CrowdStrike logo on a phone screen
Threat Intelligence
CrowdStrike 'Updates' Deliver Malware & More as Attacks SnowballCrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
byNate Nelson, Contributing Writer
Jul 25, 2024
3 Min Read
Hands of a person in a suit jacket holding a screen pointing to an image of a padlock and the words "insider threat"
Vulnerabilities & Threats
Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4
byElizabeth Montalbano, Contributing Writer
Jul 25, 2024
4 Min Read
A laptop showing the Microsoft WIndows 11 logo
Endpoint Security
Goodbye? Attackers Can Bypass 'Windows Hello' Strong AuthenticationGoodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication
byJeffrey Schwartz, Contributing Writer
Jul 23, 2024
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events