A report has been released which claims that threats generated by established business-related software are significantly higher than any risks posed by the use of social networking or file-sharing applications. The finding from Palo Alto Networks indicate that whilst social networking, video and file-sharing applications typically represent 20 per cent of corporate network traffic, they account for less than 1 per cent of recorded network threats! The report is based on analysis of network activity of more than 3,000 organisations. It concludes that exploits target enterprises via commonly used business applications. Of the 1,395 applications studied, 9 business critical applications were responsible for 82 per cent of all recognised exploits. The report categorises applications into three categories: personal applications, business applications, and custom or unknown applications. Personal applications include social networking applications, file-sharing applications and video handling applications. Business applications include Microsoft SQL Server, Microsoft Active Directory, SMB, Microsoft RPC and other commonly used enterprise applications. Custom or unknown applications are defined as either TCP or UDP based applications that are internal to the business, unrecognised as commercially available, or a threat. Custom or unknown applications are the leading issue with regard to malware communications, accounting for 55 per cent of malware warning. However, these programs account for less than 2 per cent of network use. The report also highlights that whilst SSL is used as a security mechanism, it also operates as a masking agent. Over 350 applications use SSL in some way, and SSL by itself represented 5 per cent of all bandwidth, and was the 6th highest risk for malware logs.
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.