A report has been released which claims that threats generated by established business-related software are significantly higher than any risks posed by the use of social networking or file-sharing applications. The finding from Palo Alto Networks indicate that whilst social networking, video and file-sharing applications typically represent 20 per cent of corporate network traffic, they account for less than 1 per cent of recorded network threats! The report is based on analysis of network activity of more than 3,000 organisations. It concludes that exploits target enterprises via commonly used business applications. Of the 1,395 applications studied, 9 business critical applications were responsible for 82 per cent of all recognised exploits. The report categorises applications into three categories: personal applications, business applications, and custom or unknown applications. Personal applications include social networking applications, file-sharing applications and video handling applications. Business applications include Microsoft SQL Server, Microsoft Active Directory, SMB, Microsoft RPC and other commonly used enterprise applications. Custom or unknown applications are defined as either TCP or UDP based applications that are internal to the business, unrecognised as commercially available, or a threat. Custom or unknown applications are the leading issue with regard to malware communications, accounting for 55 per cent of malware warning. However, these programs account for less than 2 per cent of network use. The report also highlights that whilst SSL is used as a security mechanism, it also operates as a masking agent. Over 350 applications use SSL in some way, and SSL by itself represented 5 per cent of all bandwidth, and was the 6th highest risk for malware logs.