* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Application usage \& risk report](https://www2.paloaltonetworks.com/blog/category/application-usage-risk-report/)
* Applications are like dog...

# Applications are like dogs

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F06%2Fapplications-are-like-dogs%2F)  
[](https://twitter.com/share?text=Applications+are+like+dogs&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F06%2Fapplications-are-like-dogs%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2009%2F06%2Fapplications-are-like-dogs%2F&title=Applications+are+like+dogs&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2009/06/applications-are-like-dogs/&ts=markdown)  
\[\](mailto:?subject=Applications are like dogs)  
Link copied  
By [Matt Keil](https://www.paloaltonetworks.com/blog/author/matt/?ts=markdown "Posts by Matt Keil")  
Jun 16, 2009  
5 minutes  
[Application usage \& risk report](https://www.paloaltonetworks.com/blog/category/application-usage-risk-report/?ts=markdown)  
[Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)  
[application control](https://www.paloaltonetworks.com/blog/tag/application-control/?ts=markdown)  
[Firewall](https://www.paloaltonetworks.com/blog/tag/firewall/?ts=markdown)

A recent survey [assembled by RSA and IDG on the "hyper-extended enterprise" highlighted the challenges enterprises face as they move at light speed into the new applications landscape and two points stuck out. The first point was that enterprises need to rework their acceptable use policies and the second is that users need to be educated on that policy](http://www.rsa.com/innovation/docs/IDGResearchWhitePaper_Final_060409.pdf). This got me to thinking (dangerous, I know) that applications are like dogs. Here is how I came to this analogy.

I like dogs. Preferably big, active, smart dogs. So it stands to reason that I would like the American Staffordshire Terrier, a recognized member of the Terrier Group according to the [American Kennel Club (AKC)](www.akc.org/). Never heard of this breed? Maybe you've heard of a Pit Bull -- a breed that can strike fear into many people because of the highly visible nature of their attacks. Ask any dog trainer or avid dog lover and they will tell you that there are no bad dogs -- merely bad dog owners. Bad dog owners who mistreat the dogs, train them to fit, follow improper breeding practices and so on. Sure, this is open to debate and this is not the forum for such a debate.

Let's look at a couple of examples of how applications are like dogs.

**P2P:** The underlying technology was developed back in the early days of networking as a means of moving large files by harnessing unused computing resources. The premise still works today in commercially available applications like BitTorrent, Gnutella and many others. Everyone know that the rap against P2P that they are used to illegally share files. Worse yet, many of the largest data breaches were the result of improperly configured P2P applications. Yet properly configured and used by say, IT, P2P is a very powerful tool. See the relationship here? Employee records do not naturally migrate to a P2P network. MarineOne blueprints are not stored on a P2P network. Users are the ones who are sharing the files. Users are the ones who failed to properly configure the application.

**TOR (The Onion Router):** Developed by the US military to encrypt spy and covert operation communications and is now in the public domain. Not only is the message encrypted, it uses other TOR nodes to send the data, finally being assembled by the intended recipient. The advantage here is that no one node has all the data so intercepting it is of little use. In an oppressive regime, TOR is an invaluable tool and it is recommended by several human rights organizations as a tool to communication with the outside world. In the hands of an employee or student, TOR is a black hole that acts as an avenue for threats (inbound) and data leakage (outbound). Again, the application is not acting on its own. It is acting on the commands of the user.

Ok, P2P and TOR may be extreme cases (and easy pickings). Let's see how social networking applications like **FaceBook and MySpace**hold up to the analogy. Both applications are designed to keep friends, colleagues and family updated on what's happening. An admirable goal to be sure. Yet social networking has been invaded by malware writers who prey on users who do not think before they click. Case in point, a friend received a FaceBook update from someone they thought was a friend -- the update had a URL in it. So you guessed it, they clicked it. Bad user! The PC is infected with malware.

I challenge you to take any application and put it to this test. My guess is that more often than not, you will come to the same conclusion. There are several points to my ramblings.

**Applications are not threats.** The threats are from what the users do with them and the content that is transferred. If enterprises treat applications as threats, several things may occur:

1) The CEO may be the one using the application which may result in a quick termination.
2) The application in use may be benefiting the bottom line, so why stop it.
3) Today's employees expect to be able to use many of these types of applications, so blocking them may reduce the ability to attract new employees. (No bad dogs, remember).

**IT must become business enablers.** The application landscape is moving more rapidly than ever before and it is an understandable challenge for IT to keep up. But somehow they need to determine what applications are on their network and then analyze the risk and weigh it with the business benefit. If the trade-offs are positive, then the use should be documented as part of the appropriate application usage policy. (IT needs to train the users dog owners).

**Educate users on the appropriate application usage policy.** When we ask companies (IT guys) what their appropriate application usage policy is, they tend to laugh, or ask "what policy" or worse yet, say we do not have one. Many of our customers are using our solution to achieve the two previous points and in so do, make their application usage policy a living, breathing document that is reviewed on a regular basis, as users try new applications. Just like dogs will continually learn what the master allows and press for more, so to will users.

Thanks for putting up with me.

*** ** * ** ***

## Related Blogs

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### PAN-OS 8.1: SSL Decryption Broker for Federal Government](https://www2.paloaltonetworks.com/blog/2018/03/gov-pan-os-8-1-ssl-decryption-broker-federal-government/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)

[#### Modernizing Security on AWS: From Firewall Ops to Security Intent](https://www2.paloaltonetworks.com/blog/network-security/modernizing-security-on-aws-from-firewall-ops-to-security-intent/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Powering the AI Enterprise with New Software Firewall Capabilities](https://www2.paloaltonetworks.com/blog/network-security/powering-the-ai-enterprise-with-new-software-firewall-capabilities/)

### [AI Application Security](https://www.paloaltonetworks.com/blog/network-security/category/ai-application-security/?ts=markdown), [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory](https://www2.paloaltonetworks.com/blog/2026/01/support-nvidia-enterprise-ai-factory/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)

[#### Protecting the Utility Grid's Digital Ecosystem, from Core to Edge to AI](https://www2.paloaltonetworks.com/blog/network-security/protecting-the-utility-grid-digital-ecosystem-from-core-to-edge-to-ai/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?ts=markdown)

[#### See How We're Fortifying Cloud and AI at AWS re:Inforce 2025](https://www2.paloaltonetworks.com/blog/2025/06/fortifying-cloud-ai-aws-reinforce/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language