3 steps to stop malware as cloud expands attack surface
By Khoo Boo Leong 18-Jul-2012
In the study, Palo Alto Networks assessed raw application traffic from 2,036 organizations worldwide between November 2011 and May 2012 and found 700% and 300% growth in bandwidth consumption by peer-to-peer (P2P) file-sharing and video streaming applications, respectively, compared to its previous study from April to November 2011.
More worrying for enterprises is that "40% of applications on enterprise networks are evasive," said Wade Williamson, security analyst at Palo Alto Networks. "Half of the enterprise applications can transfer files. So, not only do we have to worry about not being able to see them on the firewall, they can bring data out of the environment and they can bring some malware in."
"Forty percent of applications on enterprise networks are evasive. Half of the enterprise applications can transfer files. So, not only do we have to worry about not being able to see them on the firewall, they can bring data out of the environment and they can bring some malware in."
- Wade Williamson, Palo Alto Networks
Streaming video, on one hand, poses an indirect security risk, taking advantage of the trust relationships in social networks. A video might be a bait to entice an unsuspecting user to click on it and unknowingly download malware. On the other hand, a virus might be embedded in the downloadable media players, or in video file itself.
Copyright infringement and data mishandling are common P2P file sharing risks. But it is the distributed nature of P2P that makes it so risky. Files can be easily uploaded to a P2P network and distributed to a tracker anonymously. P2P also allows a botnet to survive even if its command and control servers are taken down or compromised, a fact that has drawn cybercriminals to use it for botnet command and control.
To combat these modern threats, Williamson suggests three key measures -- Regain control and visibility of all network traffic; control the attack surface, including the mobile users and the cloud beyond the firewall perimeter; and find and stop the threats, including the unknown ones.
1. Regain control and visibility
In its latest Application Usage and Risk report, Palo Alto Networks found that only 23% of all applications observed use port 80 and these account for only 35% of bandwidth consumed. So, focusing only on port 80 is akin to effectively protecting the front door, while leaving the side and back door unlocked.