Outdated Software Remains the Most Common Threat Vector
Zscaler published a Q1 2012 report that provides insights into how users access the web, what they do on the web and details on enterprise policies and security threats. Some insights include how Facebook traffic continues to decline as a percent of total social transactions, while Twitter continues to increase; the most common reason for being exposed to malware is outdated software; and Zulu, a free service that provides real-time threat scoring of websites, finds malware in 9.55% of the sites submitted by users.
The report also covers the top three (non-work) sites users are probably browsing right now; mobile device browsing trends (and who is winning: iOS or Android); the nine most common browser plugins (and which are the most insecure); and the LizaMoon injection threat and how it increased by nearly 100%. The practical report also brings into focus why these trends should matter to the enterprise.
Zscaler’s State of the Web report is available for download.
To attend a live webcast on the State of the Webs, featuring Michael Sutton, VP of Security for Zscaler ThreatLabZ, and become part of the discussion in an interactive Q&A session, please sign up here. [Click to tweet this webcast]
1. It isn’t Social: Facebook vs. Twitter
While Facebook continues shows a continual decline in the percentage of transactions . Facebook application was 40.54% in March, down from 41.72% of overall traffic in January and down from over 52% in Q1-2011. LinkedIn also declined in the quarter (from 1.55% to 1.45%). However, Twitter transactions increased from 7.05% to 7.44%. A significant reason for the declines enterprises appear to have been increasingly limiting access to Facebook but have been less concerned about Twitter.
2. Zulu: See for Yourself
Zscaler ThreatLabZ released a free service during Q1 known as Zulu. The service allows anyone to submit a URL, and receive a risk score. A site is classified as benign, suspicious, or malicious based on scores generated from reviewing the web page’s content, hosting, DNS, and other information. The results from the Zulu service are as follows:
For a complimentary risk assessment simply visit http://zulu.zscaler.com/
3. Most Frequently Visited Sites
Facebook still has a commanding lead and accounted for over 40% of web application transactions in the enterprise, followed by Gmail (18%), YouTube (8%) and Twitter (7%). The next most popular app (MSN Messenger) had less than 2.4% share.
4. Mobile Device Browsing Trends
Mobile browsing, while a smaller percentage of the overall enterprise traffic handled, continues to rise. Blackberry and Android traffic declined as a percent. Apple iOS had the highest usage and ended the quarter accounting for over 50% of the mobile browser traffic observed.
5. Outdated Plug-ins
A common threat on the web comes from a series of exploit attempts against known vulnerabilities in browsers and browser plugins. By far, Adobe Reader was the largest client-side vulnerable attack surface for enterprise customers for the quarter, with over 60% of Adobe Reader users running an outdated version. Outdated Adobe Shockwave plug-ins were running on about one-third of the users’ devices. All other plug-ins were less than 8%, including (in descending order) Microsoft Outlook, Java, Flash, SilverLight, QuickTime, Windows Media Player and Real Player. Zscaler provides the ability for enterprises to enforce policy on how the web is accessed, to include specifiying browser or software versions to prevent the exploit of vulnerable browser and/or browser plug-ins.
6. LizaMoon Rising
A mass SQL injection attack was first identified on March 29, 2011, referred to as LizaMoon, due to the domain name of one of the injected script tags. Script tags were injected into hundreds of thousands of vulnerable web pages. A year later activity picked up again in March 2012.
Zscaler enforces business policy, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions, utilizing a multi-tenant, globally-deployed infrastructure. Zscaler’s integrated, cloud-delivered security services include Web Security, Mobile Security, Email Security and DLP. Zscaler services enable organizations to provide the right access to the right users, from any place and on any device—all while empowering the end-user with a rich Internet experience. For more information, visit www.zscaler.com.