1 Chapter 9 Supporting Supporting Inter-Act, 13 th Edition Inter-Act, 13 th Edition.
Application Usage and Risk Report 7 th Edition, May 2011.
-
Upload
kianna-wesley -
Category
Documents
-
view
213 -
download
1
Transcript of Application Usage and Risk Report 7 th Edition, May 2011.
Application Usage and Risk Report
7th Edition, May 2011
About Palo Alto Networks
• Palo Alto Networks is the Network Security Company
• World-class team with strong security and networking experience - Founded in 2005, first customer July 2007
• Builds next-generation firewalls that identify / control 1250+ applications- Restores the firewall as the core of the enterprise network security infrastructure
- Innovations: App-ID™, User-ID™, Content-ID™
• Global footprint: 4,000+ customers in 70+ countries, 24/7 support
Applications Anytime, Anyplace!
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 3 |
Application Usage & Risk Report – May 2011
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 4 |
http://www.paloaltonetworks.com/literature/forms/aur-report.php
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 5 |
Methodology and Demographics
• Methodology- Analysis is based on live customer traffic – not a survey
- How are networks being used?
- What applications are running on enterprise networks?
- What are the risks associated with the existing application mix?
• Demographics - 1,253 organizations
worldwide, up from 723
- 1,042 applications found, up from 931
- 28 Exabytes of bandwidth
Key Findings
• Organizations are blind to hidden application traffic - More than 40% of the applications can use SSL or hop ports;
consumes roughly 36% of the overall bandwidth
• Work is more social- Social networking and webmail use shows 5X growth, IM use
doubled over the past 6 months
• File transfer applications: will history repeat itself?- Browser-based file-sharing adapting same characteristics as P2P
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 6 |
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 7 |
Hidden application traffic
• 41% of the applications (433) found can use SSL or hop ports
• Consuming roughly 36% of overall bandwidth
• Only 43% use the browser
Worldwide: Many Hidden Applications
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 8 |
Can use SSL on 443 or any other port…
• 215 applications, 8% of bandwidth consumed
• Heavy emphasis on consumer, end-user applications; highest amount of business and security risk
• Many collaborative applications both business and personal
• Many P2P Filesharing, proxy, and social networking also fall into this group
• Examples: Most Google apps, Facebook, Twitter, several SW update apps
Can use SSL on 443 Only…
• Small group of applications (29) – includes SSL proper
• Consumes 14% of bandwidth
• Business: Webex, NetSuite, a range of software updates
• Non-business: Tor, party-poker, google-location-service
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 9 |
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 10 |
Can use SSL on any port except 443…
• Small group of applications (18) and 1% of bandwidth
• Business applications include Cisco VPN and Microsoft Exchange
• Non-business applications include Gnutella and icq
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 11 |
Can Hop Ports…
• 171 applications; 14% of the bandwidth consumed
• Filesharing (30), photo-video (24) and VoIP (21) are most common in this group
• SharePoint, NetFlow and many storage applications also fit this definition
• The darker side: P2P, gaming, some encrypted tunnel (hotspot-shield, gbridge)
Filesharing: Will History Repeat Itself?
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 12 |
• Browser-based filesharing; increasingly popular; more than 60 variants
• New business and security risks introduced through differentiation
• “Premium service” via a persistent client
• Repurposed technology: peer-to-peer, RTMPT
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 13 |
Work Has Become More Social• Social Networking and webmail show
nearly 5X growth; IM use almost doubles
• Facebook, Linkedin, Twitter make up top 3
• Facebook extends dominance; usage remains “passive”
Consumerization is driving business
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 14 |
Business Use of Social Networking
Report : The state of corporate social media in 2011 from usefulsocialmedia.com.
• The majority of companies expect social media to become integrated into more than just marketing throughout 2011.
• 89% of the companies expect social media budgets to increase over 2011.
• The most common corporate social media use is for marketing (88%) and communications (93%).
• By the end of 2011, the biggest change in corporate use of social media will be the growth of companies using it for customer service (73%), employee engagement (59%) and product development (52%).
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 15 |
Summary
• Organizations are blind to SSL - and the amount of SSL in use is forecast to continue growing- Policy and controls must address this
• Social networking is making the workplace MORE social- Use continues to expand
- It isn't replacing other modes of interaction – in fact, it may be helping them
• Browser-based filesharing is rapidly evolving – many now have the same characteristics as P2P- Some introducing clients, connecting peers
- Will they introduce the same types of risks?
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 16 |
Applications Have Changed; Firewalls Have Not
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 17 |
Need to restore visibility and control in the firewall
BUT…applications have changed
• Ports ≠ Applications
• IP Addresses ≠ Users
• Packets ≠ Content
The gateway at the trustborder is the right place toenforce policy control
• Sees all traffic
• Defines trust boundary
Technology Sprawl & Creep Are Not The Answer
• “More stuff” doesn’t solve the problem
• Firewall “helpers” have limited view of traffic
• Complex and costly to buy and maintain
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 18 |
Internet
• Putting all of this in the same box is just slow
The Right Answer: Make the Firewall Do Its Job
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 19 |
New Requirements for the Firewall
1. Identify applications regardless of port, protocol, evasive tactic or SSL
2. Identify users regardless of IP address
3. Protect in real-time against threats embedded across applications
4. Fine-grained visibility and policy control over application access / functionality
5. Multi-gigabit, in-line deployment with no performance degradation
© 2010 Palo Alto Networks. Proprietary and Confidential.
Beware of Imitators………..
To Block or Not Block
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 21 |
http://www.paloaltonetworks.com/cam/enterprise20/blockornot/
Next Generation FW for Dummies at our Table
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 22 |
http://www.paloaltonetworks.com
Thanks!
Jeff Stiling
503-430-5272
© 2010 Palo Alto Networks. Proprietary and Confidential.Page 23 |
© 2011 Palo Alto Networks. Proprietary and Confidential.Page 24 |