Palo Alto Networks found most traffic on enterprise networks don't use port 80, where many corporate IT departments concentrate their security measures. Enterprises are also using more social networking and file sharing services sites.
to conventional wisdom, a significant number of applications running on
enterprise networks do not pass through port 80, so securing just that port
does not protect the network, according to a recent report.
traffic analyzed by Palo Alto Networks in its semiannual Application Usage and
Risk Report found that 35 percent of the applications on
enterprise networks never use port 80 when communicating with the outside
world, Matt Kiel, senior research analyst at Palo Alto Networks, told eWEEK.
that use only port 80 and no other port represented just 25 percent of the
application traffic within the enterprise, according to the report, released
most network traffic passed through port 80, so it made sense for IT
administrators to concentrate their efforts on securing that port, Kiel said.
However, many popular applications, such as audio streaming, games, instant
messengers and Webmail, use port 443 or switch between available ports. The
amount of non-Web-based traffic and applications used within the enterprise is
much more significant and widespread than most people realize, according to
was an "eye-opening finding" that there is that much traffic
potentially being missed, Kiel said.
latest report makes it clear that security teams that focus too much time and
effort examining traffic passing through port 80 are missing a significant
chunk of bandwidth and may not notice threats elsewhere in the network,
according to Kiel. The applications not using port 80 accounted for about 51
percent of network bandwidth, according to the report.
file sharing applications such as Box.net and Dropbox are increasingly more
popular. The report found that 92 percent of organizations have employees using
these services. The report identified 65 file sharing services and found that
an average organization uses 13 different sites.
networking site activity also grew in the enterprises, the report found. Even a
year ago, a bulk of social network behavior was "passive," with users
just looking at their newsfeeds on Facebook or viewing posts on Twitter,
according to Kiel. This version of the report found a dramatic shift to
"active" behavior, such as playing games on Facebook, uploading
content and increasingly using plug-ins to access content online.
addition, more organizations are using social networking techniques to engage
with their customers. Twitter usage alone increased 700 percent, from a mere 3
percent of bandwidth consumed in October 2010 to 21 percent in December 2011,
according to the report. Kiel clarified that this was just activity on Twitter
alone, and not using third-party tools such as TweetDeck or other applications
that interact with Twitter.
"active" engagement occurred right about the time various
demonstrations, such as the Occupy protests, were grabbing people's attentions.
Kiel said he is interested to see whether social networking usage on Twitter
and other sites continue in six months, when the next report will be generated.
Application Usage report is generated from raw data collected by Palo Alto
Networks from potential customers who deploy evaluation units of the company's
Next Generation Firewalls and represents a real-world sampling of what kind of
applications are running on enterprise networks. This edition of the report is
based on data aggregated from more than 1,600 enterprises between April 2011
and November 2011.