Palo Alto Networks’ new research has revealed how attackers exploit commonly-used business applications to bypass security control. The research also provides insight into how business leaders and security practitioners need to reassess and strengthen their security posture.
“Our research shows an inextricable link between commonly-used enterprise applications and cyber threats. Most significant network breaches start with an application such as e-mail delivering an exploit. Then, once on the network, attackers use other applications or services to continue their malicious activity,” says Anil Bhasin, Managing Director, India and SAARC, Palo Alto Networks
The findings are based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month span and are revealed in the 2014edition of the Palo Alto Networks Application Usage and Threat Report.
Key takeaways from the research are:
Common sharing applications such as e-mail, social media, and video remain favoured vehicles for delivering attacks but are often the start of multi-phased attacks rather than the focus of threat activity.
99% of all malware logs were generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.
34% of applications observed can use SSL encryption; many network administrators are unaware of what applications on their networks use un-patched versions of Open SSL, which can leave them exposed to vulnerabilities such as Heartbleed.
In addition to the findings, the report includes actionable intelligence that security teams can use to protect their networks, such as deploying a balanced safe enablement policy for common sharing applications, effectively controlling unknown traffic and determining and selectively decrypting applications that use SSL.