Hiding in Plain Sight: 41% of the Applications; 36% of the Bandwidth

Matt Keil

Category: Uncategorized

The 7th Edition of the Palo Alto Networks Application Usage and Risk Report provides insight into application activity that is based on 1,253 application assessments that show what is really happening on the network.

Each of the previous six reports have uncovered interesting data points and this version is no different. The most interesting data point we came upon was the [high] number of applications that can use SSL and port hopping as a means of hiding in plain sight. An early mention by Andy Greenberg in Forbes indicates he too found this data point interesting.

Specifically, we found that more than 40% of the applications can use SSL or hop ports; consuming roughly 36% of the overall bandwidth observed. One interesting element is that the underlying technology shows heavy use of client server and P2P – normally the assumption would be that the browser would be used most heavily. Most any normal IT person will be surprised with this observation and most any should be worried because the amount will only continue to grow – and their existing security is powerless in trying to control it.

Additionally, we found that the work place has indeed become more social, but not in the manner you would think. Facebook is indeed dominant (87% of ALL Social networking bandwidth), but contrary to popular belief, it is not killing webmail (personal use email) or IM. One might say as users become accustomed to sharing, they continue to do so via IM and webmail with those who have not been assimilated or they are doing so as a means of getting their job done. The use however is more passive than last report based on %. Facebook Posting is flat at 1% while Facebook Apps is down from 5% to 1%. So the big bulk of the Facebook use (80%) is just like IM, where you open it, and work while watching periodically.  So the argument that time is being wasted is refuted. And most would agree that a non-productive worker is not made more so by controlling Facebook.

Finally, we see a strong possibility that history will repeat itself relative to file transfer applications. Browser-based filesharing is a godsend to most non-tech marketing types. A few clicks and a massive datasheet file is on its way. Now, as the 60 or so different offerings battle for market share, they are adding “clients” and other premium offerings. In doing so, they show all the signs of following the same risk reward projectile that P2P did. Recall P2P tech was used in the early days for moving large files. It was publicized and vilified by bad implementations and illicit uses. You can already find movies on many browser-based sites (rapidshare, megaupload, mediafire), so is it only a matter of time before we see inadvertent sharing of customer data via browser-based filesharing?

Get the report.

Watch the summary (25 minutes).

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42