Security ComplianceInfrastructure

Nearly one-third of every dollar that an enterprise spent on bandwidth is supporting either streaming media or file-sharing applications, according to the latest semi-annual Palo Alto Networks Application Usage and Risk Report. The bulk of the nearly 250 applications in these two categories are dedicated to personal use.

In the study, Palo Alto Networks assessed raw application traffic from 2,036 organizations worldwide between November 2011 and May 2012 and found 700% and 300% growth in bandwidth consumption by peer-to-peer (P2P) file-sharing and video streaming applications, respectively, compared to its previous study from April to November 2011.

More worrying for enterprises is that "40% of applications on enterprise networks are evasive," said Wade Williamson, security analyst at Palo Alto Networks. "Half of the enterprise applications can transfer files. So, not only do we have to worry about not being able to see them on the firewall, they can bring data out of the environment and they can bring some malware in."

Streaming video, on one hand, poses an indirect security risk, taking advantage of the trust relationships in social networks.  A video might be a bait to entice an unsuspecting user to click on it and unknowingly download malware. On the other hand, a virus might be embedded in the downloadable media players, or in video file itself.

Copyright infringement and data mishandling are common P2P file sharing risks. But it is the distributed nature of P2P that makes it so risky. Files can be easily uploaded to a P2P network and distributed to a tracker anonymously. P2P also allows a botnet to survive even if its command and control servers are taken down or compromised, a fact that has drawn cybercriminals to use it for botnet command and control.

To combat these modern threats, Williamson suggests three key measures -- Regain control and visibility of all network traffic; control the attack surface, including the mobile users and the cloud beyond the firewall perimeter; and find and stop the threats, including the unknown ones.

Visibility is the key to managing threats, especially with applications that can easily bypass a port-based firewall. These applications hop ports, use standard protocols like Secure Socket Layer (SSL) and Secure Shell (SSH), sneak across port 80, or use non-standard ports.

In its latest Application Usage and Risk report, Palo Alto Networks found that only 23% of all applications observed use port 80 and these account for only 35% of bandwidth consumed. So, focusing only on port 80 is akin to effectively protecting the front door, while leaving the side and back door unlocked.