Application Usage and Risk Report

7th Edition, May 2011

About Palo Alto Networks

• Palo Alto Networks is the Network Security Company

• World-class team with strong security and networking experience - Founded in 2005, first customer July 2007

• Builds next-generation firewalls that identify / control 1250+ applications- Restores the firewall as the core of the enterprise network security infrastructure

- Innovations: App-ID™, User-ID™, Content-ID™

• Global footprint: 4,000+ customers in 70+ countries, 24/7 support

Applications Anytime, Anyplace!

© 2010 Palo Alto Networks. Proprietary and Confidential.Page 3 |

Application Usage & Risk Report – May 2011

© 2010 Palo Alto Networks. Proprietary and Confidential.Page 4 |

http://www.paloaltonetworks.com/literature/forms/aur-report.php

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 5 |

Methodology and Demographics

• Methodology- Analysis is based on live customer traffic – not a survey

- How are networks being used?

- What applications are running on enterprise networks?

- What are the risks associated with the existing application mix?

• Demographics - 1,253 organizations

worldwide, up from 723

- 1,042 applications found, up from 931

- 28 Exabytes of bandwidth

Key Findings

• Organizations are blind to hidden application traffic - More than 40% of the applications can use SSL or hop ports;

consumes roughly 36% of the overall bandwidth

• Work is more social- Social networking and webmail use shows 5X growth, IM use

doubled over the past 6 months

• File transfer applications: will history repeat itself?- Browser-based file-sharing adapting same characteristics as P2P

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 6 |

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 7 |

Hidden application traffic

• 41% of the applications (433) found can use SSL or hop ports

• Consuming roughly 36% of overall bandwidth

• Only 43% use the browser

Worldwide: Many Hidden Applications

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 8 |

Can use SSL on 443 or any other port…

• 215 applications, 8% of bandwidth consumed

• Heavy emphasis on consumer, end-user applications; highest amount of business and security risk

• Many collaborative applications both business and personal

• Many P2P Filesharing, proxy, and social networking also fall into this group

• Examples: Most Google apps, Facebook, Twitter, several SW update apps

Can use SSL on 443 Only…

• Small group of applications (29) – includes SSL proper

• Consumes 14% of bandwidth

• Business: Webex, NetSuite, a range of software updates

• Non-business: Tor, party-poker, google-location-service

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 9 |

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 10 |

Can use SSL on any port except 443…

• Small group of applications (18) and 1% of bandwidth

• Business applications include Cisco VPN and Microsoft Exchange

• Non-business applications include Gnutella and icq

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 11 |

Can Hop Ports…

• 171 applications; 14% of the bandwidth consumed

• Filesharing (30), photo-video (24) and VoIP (21) are most common in this group

• SharePoint, NetFlow and many storage applications also fit this definition

• The darker side: P2P, gaming, some encrypted tunnel (hotspot-shield, gbridge)

Filesharing: Will History Repeat Itself?

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 12 |

• Browser-based filesharing; increasingly popular; more than 60 variants

• New business and security risks introduced through differentiation

• “Premium service” via a persistent client

• Repurposed technology: peer-to-peer, RTMPT

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 13 |

Work Has Become More Social• Social Networking and webmail show

nearly 5X growth; IM use almost doubles

• Facebook, Linkedin, Twitter make up top 3

• Facebook extends dominance; usage remains “passive”

Consumerization is driving business

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 14 |

Business Use of Social Networking

Report : The state of corporate social media in 2011 from usefulsocialmedia.com.

• The majority of companies expect social media to become integrated into more than just marketing throughout 2011.

• 89% of the companies expect social media budgets to increase over 2011.

• The most common corporate social media use is for marketing (88%) and communications (93%).

• By the end of 2011, the biggest change in corporate use of social media will be the growth of companies using it for customer service (73%), employee engagement (59%) and product development (52%).

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 15 |

Summary

• Organizations are blind to SSL - and the amount of SSL in use is forecast to continue growing- Policy and controls must address this

• Social networking is making the workplace MORE social- Use continues to expand

- It isn't replacing other modes of interaction – in fact, it may be helping them

• Browser-based filesharing is rapidly evolving – many now have the same characteristics as P2P- Some introducing clients, connecting peers

- Will they introduce the same types of risks?

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 16 |

Applications Have Changed; Firewalls Have Not

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 17 |

Need to restore visibility and control in the firewall

BUT…applications have changed

• Ports ≠ Applications

• IP Addresses ≠ Users

• Packets ≠ Content

The gateway at the trustborder is the right place toenforce policy control

• Sees all traffic

• Defines trust boundary

Technology Sprawl & Creep Are Not The Answer

• “More stuff” doesn’t solve the problem

• Firewall “helpers” have limited view of traffic

• Complex and costly to buy and maintain

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 18 |

Internet

• Putting all of this in the same box is just slow

The Right Answer: Make the Firewall Do Its Job

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 19 |

New Requirements for the Firewall

1. Identify applications regardless of port, protocol, evasive tactic or SSL

2. Identify users regardless of IP address

3. Protect in real-time against threats embedded across applications

4. Fine-grained visibility and policy control over application access / functionality

5. Multi-gigabit, in-line deployment with no performance degradation

© 2010 Palo Alto Networks. Proprietary and Confidential.

Beware of Imitators………..

To Block or Not Block

© 2010 Palo Alto Networks. Proprietary and Confidential.Page 21 |

http://www.paloaltonetworks.com/cam/enterprise20/blockornot/

Next Generation FW for Dummies at our Table

© 2010 Palo Alto Networks. Proprietary and Confidential.Page 22 |

http://www.paloaltonetworks.com

Thanks!

Jeff Stiling

503-430-5272

jstiling@paloaltonetworks.com

© 2010 Palo Alto Networks. Proprietary and Confidential.Page 23 |

© 2011 Palo Alto Networks. Proprietary and Confidential.Page 24 |