{"id":3237,"date":"2013-02-21T05:12:55","date_gmt":"2013-02-21T13:12:55","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=3237"},"modified":"2013-02-28T13:37:18","modified_gmt":"2013-02-28T21:37:18","slug":"applications-and-threats-analyzed-together","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2013\/02\/applications-and-threats-analyzed-together\/","title":{"rendered":"Applications and Threats - Analyzed Together for the First Time."},"content":{"rendered":"<p>This edition of the <i>Application Usage and Threat Report <\/i>marks an evolution and an associated name change. For the first time, the report maps application usage and threat activity as seen on enterprise networks between May and December 2012. This report summarizes network traffic assessments performed on more than 3,000 networks, encompassing 1,395 applications, 12.6 petabytes of bandwidth, 5,307 unique threats and 264 million threat logs.<\/p>\n<p><!--more--><\/p>\n<p>The findings around the volume of threat logs seen in common sharing applications was not what was expected while the threat activity observed, specifically exploits, in datacenter and infrastructure applications validated that high value assets are a target. The analysis of malware logs highlighted how adept cybercriminals are at hiding their actions within traffic that may not normally be blocked, specifically SSL, UDP and DNS.<\/p>\n<figure id=\"attachment_3244\" aria-describedby=\"caption-attachment-3244\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/app-usage-risk-report-visualization\/#sthash.waETjBnD.dpbs\" target=\"_blank\"><div style=\"max-width:100%\" data-width=\"500\"><span class=\"ar-custom\" style=\"padding-bottom:65%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"size-full wp-image-3244 lozad\" alt=\"Browse the data and download the report.\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/vis-tool-halfsize.jpg\" width=\"500\" height=\"325\" srcset=\"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/vis-tool-halfsize.jpg 500w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/vis-tool-halfsize-230x149.jpg 230w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/vis-tool-halfsize-461x300.jpg 461w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/vis-tool-halfsize-61x40.jpg 61w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/span><\/div><\/a><figcaption id=\"caption-attachment-3244\" class=\"wp-caption-text\">Browse the data and download the report.<\/figcaption><\/figure>\n<p><b>Specific findings include:\u00a0 <\/b><\/p>\n<ul>\n<li><b>High profile sharing applications represent lower than expected threat volume. <\/b>Social networking, video, and file sharing applications represent 25% of the applications, 20% of the bandwidth but only 0.4% of the threat logs, primarily exploits. This is not to say these applications are low risk \u2013 but the volume is low when compared to the volume and frequency of use, and the threats found in the other applications.<\/li>\n<\/ul>\n<ul>\n<li><b>Exploits target high value, business applications and assets.<\/b>The data indicates that exploits are bypassing the \u201ccrunchy\u201d perimeter security and targeting enterprises\u2019 most valued assets \u2013 their \u201ctender\u201d business applications. The data confirms the \u201c<i>crunchy on the outside, tender on the inside\u201d<\/i> position;out of 1,395 applications found, 10 were responsible for 97% of all exploit logs observed and 9 of them are business critical applications.<\/li>\n<\/ul>\n<ul>\n<li><b>Custom\/unknown applications and malware \u2013 low volume but high risk. <\/b>While small in volume, unknown\/custom traffic is high in risk, exemplifying the 80%-20%. The highest volume of malware logs (55%) were found in custom or unknown udp \u2013 yet it represented only 2% of all bandwidth.<\/li>\n<\/ul>\n<p>The report highlights the balancing act that security teams face. Too much focus on the high profile, high risk sharing applications may leave other applications vulnerable. Yet, clearly the data shows that the high value assets are in need of added levels of security. The best approach is a systematic and comprehensive one. Identify the applications and their business use case to determine appropriate safe enablement and network segmentation policies.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_3249\" aria-describedby=\"caption-attachment-3249\" style=\"width: 512px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/media.paloaltonetworks.com\/images\/autr-info.jpg\"><div style=\"max-width:100%\" data-width=\"512\"><span class=\"ar-custom\" style=\"padding-bottom:75%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"size-full wp-image-3249 lozad\" alt=\"Click to enlarge. \"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog.jpg\" width=\"512\" height=\"384\" srcset=\"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog.jpg 512w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog-230x172.jpg 230w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog-500x375.jpg 500w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog-400x300.jpg 400w, https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2013\/02\/infographic-blog-53x40.jpg 53w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/span><\/div><\/a><figcaption id=\"caption-attachment-3249\" class=\"wp-caption-text\">Click to enlarge.<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>This edition of the Application Usage and Threat Report marks an evolution and an associated name change. For the first time, the report maps application usage and threat activity as seen on &hellip;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[127,124,126,125,25,38,51],"coauthors":[],"class_list":["post-3237","post","type-post","status-publish","format-standard","hentry","category-application-usage-risk-report","tag-application-usage","tag-application-usage-threat-report","tag-network-bandwidth","tag-network-traffic","tag-social-networking","tag-streaming-media","tag-threats"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=3237"}],"version-history":[{"count":18,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3237\/revisions"}],"predecessor-version":[{"id":3286,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/3237\/revisions\/3286"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=3237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=3237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=3237"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=3237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}