Majority of traffic is not from browser-based applications using HTTP over SSL on port 443
Thirty-six percent of enterprise network traffic comprising hundreds of apps, can evade the controls of conventional security offerings by either using SSL or port-hopping capabilities, according to a new research published by Palo Alto Networks.
The research highlighted that the majority of this traffic is not from browser-based applications using HTTP over SSL on port 443.
The network security firm said there is a significant blind spot that most IT organisations have not yet adequately addressed, and one that is rarely discussed in the security industry.
The report which assessed 28 exabytes of application traffic from 1,253 enterprises between October 2010 and April 2011 revealed that more than 40% of the 1,042 applications that Palo Alto Networks identified on enterprise networks can now use SSL or hop ports to increase their availability within corporate networks.
In addition, this segment of apps will continue to grow as more applications follow Twitter, Facebook and Gmail, said the report.
Palo Alto Networks marketing vice-president Rene Bonvanie said the data should be a wake-up call for IT teams who assume encrypted traffic is mainly HTTPS or for those who still believe that social networking usage is not taking place on their corporate networks.