Improve security by monitoring traffic


  • TECH
  • Tuesday, 21 May 2013

ALTHOUGH social media often gets the spotlight when it comes to the matter of enterprise security, the reality is that it may not be as big a threat as many assume it to be.

Instead, Palo Alto Networks says that it is still business applications, which form the backbone of most organisations' IT systems, that pose the highest security threats.

According to Kelly Brazil, director of systems engineering, Asia Pacific at Palo Alto Networks, business applications such as Microsoft SQL Server, Sybase, and Siebel,remain a favourite target for hackers, with nine out of 1,244 applications being responsible for 98% of the exploit logs observed.

These numbers are from the Palo Alto's tenth Application Usage and Threat Report, which studied the network traffic of 3,056 companies across the globe,

"This shows us that there is a need for internal segmentation to isolate your user population from your critical applications. You also need to bring threat prevention (tools) inside the network and not just (deploy them) at the perimeter," Brazil says.

Furthermore, he adds that organisations often underestimate the importance of monitoring network traffic closely.

Brazil points out that there is usually a certain amount of network traffic that originates from custom applications which a company has developed internally.

In addition to this, he says that other kinds of dubious traffic from unknown applications may also exist on the network and some of this may turn out to be malicious.

He adds that it is especially hard to distinguish between what is safe and what is harmful whenever SSL (secure sockets layer) is involved, since the data would be encrypted, thus masking its actual contents.

To make matters worse, Brazil says some applications may be using non-standard SSL ports. Typically, network security tools would only screen SSL defined ports, so a lot of activity from such applications could easily go undetected over the corporate network.

"Try to understand as much of the traffic (on the network) as possible so that there's the least amount of unknown TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) traffic," he advises.

Due to the evasive nature of security threats nowadays, Brazil feels that network security is best managed through an application ID approach.

"You really need to understand applications because that's where the new threat vector is," he says.

"Instead of just trying to block applications here and there, try to understand what applications are running on the network."

Consequently, Brazil says network traffic should be classified according to application IDs rather than merely being tied to which port or protocol was being used. This, he says, was one of the features of Palo Alto Networks' next generation firewall product.

On the whole, he shares that the trends that were observed in Asia Pacific were quite similar to what was occurring in the other regions that were covered in the report.

"The data was pretty consistent between Asia Pacific and the rest of the world. There weren't a whole lot of outliers. The only difference was the way that peer-to-peer traffic was being used in Asia Pacific. It's a bit more popular here," Brazil says.

Social guard

The study also showed that social media such as Facebook, Twitter, and Google+ normally took up only 27% of network bandwidth while accounting for only 1% of the threat logs that were generated.

Though small, Brazil advises companies that it is always better to keep their guards up.

"It's not that there isn't any risk, but it's just that the risk may have been overblown," he said.

He says that third party Facebook applications were usually the main culprits for security breaches and recommends blocking them as a means of reducing such threats.

The report showed that 83% of social media traffic in Asia Pacific had come from Facebook.

However, Brazil acknowledges that there are many ways in which Facebook can benefit a business especially for in marketing campaigns or recruitment drives.

Thus, he advises organisations to develop well defined policies on Facebook restrictions rather than enforcing a blanket ban on all things Facebook.

For example, allowing users to view Facebook content but disabling their ability to comment on posts so they don't waste too much time on it and get distracted.

The findings of the Application Usage and Threat Report were obtained between May and December 2012 by deploying Palo Alto Network's next-generation firewall on a participating company's corporate network for a period of up to seven days in order to collect data about network traffic.

In Asia Pacific alone, the data that was accumulated spanned 774 organisations across 16 countries, capturing data from 1,244 applications and generating 1,700 unique threats and 44 million threat logs.


Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 7
Cxense type: free
User access status: 3
   

Across The Star Online