Global Secure Systems - Staff actively seek enterprise security loopholes

Home

Affiliated Sites and Services

• Team Mermaid
• GSS Ireland

• 2009
• 2008 Archive
• 2007 Archive
• 2006 Archive
• 2005 Archive
• 2004 Archive
• 2003 Archive
• 2002 Archive

• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December

About RSS feeds

Staff actively seek enterprise security loopholes

Enterprise users are "actively and intentionally" evading IT security controls and ignoring acceptable use policies, according to Palo Alto Networks' first annual "Application Usage and Risk Report."

The recent survey results from Palo Alto, a firewall vendor, are based on traffic from 350,000 users in 20 organisations that span the financial services, manufacturing, healthcare, state/local government and healthcare industries.

The report highlights applications (not generally supported by enterprise IT) that employees are actively using, as well as the major risks associated with their use.

Among the findings:

• External proxies that IT does not support, such as CGIProxy and KProxy, were present in 80 percent of the customer networks.
• Web-based file transfer and storage applications such as YouSendIt and MediaMax were detected in 30 percent of sites.
• Over 50 percent of applications using port 80 (the default port number for a web server) were not business related.
• Google applications were found in 60 percent of the sites using port 80.
• Web video and streaming audio consumed significant bandwidth on 100 percent and 95 percent of the sites sampled, respectively.
• Peer-to-Peer file sharing applications were found on 90 percent of the sites.

Associated risks include:

• Data loss through unmonitored and/or unauthorised file transfers.
• Compliance violations, both with internal policies and external regulations.
• Business exposure from malware propagation or application vulnerability exploits.
• Operational cost increases due to higher bandwidth consumption and added IT expense.
• Lost productivity from excessive use of personal applications.

Permalink Bookmark Digg this story

  |  About RSS feeds