If the 2014 Application Usage and Threat Report confirms one thing above all, it’s that attackers are hiding in plain sight, using existing applications on your network and traditional exploit techniques in innovative ways to mask dangerous threat activity.
Our data shows many examples of cyberthreats using applications as their infiltration vectors, exhibiting application-like evasion tactics, and using common network applications such as UDP, FTP, RDP, SSL and NetBIOS for lateral communications and exfiltration of data as cyber criminals work to exploit our networks .
Some of this is old news. But like your dad used to tell you: work smarter, not harder. Attackers know that the use of any application at any time in the enterprise is pervasive and they know that an unprecedented level of trust has been established by common sharing applications. These elements mean that bad guys can more easily achieve their malicious goals.
Today’s release is our eleventh AUTR, and what’s important to remember is that this report – unlike many others you receive – looks at live application traffic from thousands of organizations worldwide; it is not a survey.
In addition, the AUTR correlates threats seen on enterprise networks to the applications in use on those networks. Most reports you see will discuss the threat itself or the application itself, but not the intersection of the two. To us, that intersection is the most interesting discussion to have, and also the one that can help business leaders make better-informed decisions about how to secure their networks.
You can download the 2014 Application Usage and Threat Report here and interactively browse data using the visualization tool here. And please check back here over the next few weeks as we discuss some of the key findings as well as provide advice for executives and security practitioners concerned about cyberthreats. You might be surprised at how much you really know about what’s happening on your network.