Most Enterprise Application Traffic Bypasses Port 80 Security Measures
Contrary to conventional wisdom, a significant number of applications running on enterprise networks do not pass through port 80, so securing just that port does not protect the network, according to a recent report.
Application traffic analyzed by Palo Alto Networks in its semiannual Application Usage and Risk Report found that 35 percent of the applications on enterprise networks never use port 80 when communicating with the outside world, Matt Kiel, senior research analyst at Palo Alto Networks, told eWEEK.
Applications that use only port 80 and no other port represented just 25 percent of the application traffic within the enterprise, according to the report, released Jan. 17.
Historically, most network traffic passed through port 80, so it made sense for IT administrators to concentrate their efforts on securing that port, Kiel said. However, many popular applications, such as audio streaming, games, instant messengers and Webmail, use port 443 or switch between available ports. The amount of non-Web-based traffic and applications used within the enterprise is much more significant and widespread than most people realize, according to Kiel.
It was an "eye-opening finding" that there is that much traffic potentially being missed, Kiel said.
The latest report makes it clear that security teams that focus too much time and effort examining traffic passing through port 80 are missing a significant chunk of bandwidth and may not notice threats elsewhere in the network, according to Kiel. The applications not using port 80 accounted for about 51 percent of network bandwidth, according to the report.
Browser-based file sharing applications such as Box.net and Dropbox are increasingly more popular. The report found that 92 percent of organizations have employees using these services. The report identified 65 file sharing services and found that an average organization uses 13 different sites.
Social networking site activity also grew in the enterprises, the report found. Even a year ago, a bulk of social network behavior was "passive," with users just looking at their newsfeeds on Facebook or viewing posts on Twitter, according to Kiel. This version of the report found a dramatic shift to "active" behavior, such as playing games on Facebook, uploading content and increasingly using plug-ins to access content online.
In addition, more organizations are using social networking techniques to engage with their customers. Twitter usage alone increased 700 percent, from a mere 3 percent of bandwidth consumed in October 2010 to 21 percent in December 2011, according to the report. Kiel clarified that this was just activity on Twitter alone, and not using third-party tools such as TweetDeck or other applications that interact with Twitter.
The "active" engagement occurred right about the time various demonstrations, such as the Occupy protests, were grabbing people's attentions. Kiel said he is interested to see whether social networking usage on Twitter and other sites continue in six months, when the next report will be generated.
The Application Usage report is generated from raw data collected by Palo Alto Networks from potential customers who deploy evaluation units of the company's Next Generation Firewalls and represents a real-world sampling of what kind of applications are running on enterprise networks. This edition of the report is based on data aggregated from more than 1,600 enterprises between April 2011 and November 2011.