San Jose, California, April 30, 2012
Zscaler published a Q1 2012 report that provides insights into how users access the web, what they do on the web and details on enterprise policies and security threats. Some insights include how Facebook traffic continues to decline as a percent of total social transactions, while Twitter continues to increase; the most common reason for being exposed to malware is outdated software; and Zulu, a free service that provides real-time threat scoring of websites, finds malware in 9.55% of the sites submitted by users.
The report also covers the top three (non-work) sites users are probably browsing right now; mobile device browsing trends (and who is winning: iOS or Android); the nine most common browser plugins (and which are the most insecure); and the LizaMoon injection threat and how it increased by nearly 100%. The practical report also brings into focus why these trends should matter to the enterprise.
Zscaler’s State of the Web report is available for download.
To attend a live webcast on the State of the Webs, featuring Michael Sutton, VP of Security for Zscaler ThreatLabZ, and become part of the discussion in an interactive Q&A session, please sign up here.
While Facebook continues shows a continual decline in the percentage of transactions . Facebook application was 40.54% in March, down from 41.72% of overall traffic in January and down from over 52% in Q1-2011. LinkedIn also declined in the quarter (from 1.55% to 1.45%). However, Twitter transactions increased from 7.05% to 7.44%. A significant reason for the declines enterprises appear to have been increasingly limiting access to Facebook but have been less concerned about Twitter.
Zscaler ThreatLabZ released a free service during Q1 known as Zulu. The service allows anyone to submit a URL, and receive a risk score. A site is classified as benign, suspicious, or malicious based on scores generated from reviewing the web page’s content, hosting, DNS, and other information. The results from the Zulu service are as follows:
For a complimentary risk assessment simply visit http://zulu.zscaler.com/
Facebook still has a commanding lead and accounted for over 40% of web application transactions in the enterprise, followed by Gmail (18%), YouTube (8%) and Twitter (7%). The next most popular app (MSN Messenger) had less than 2.4% share.
Mobile browsing, while a smaller percentage of the overall enterprise traffic handled, continues to rise. Blackberry and Android traffic declined as a percent. Apple iOS had the highest usage and ended the quarter accounting for over 50% of the mobile browser traffic observed.
A common threat on the web comes from a series of exploit attempts against known vulnerabilities in browsers and browser plugins. By far, Adobe Reader was the largest client-side vulnerable attack surface for enterprise customers for the quarter, with over 60% of Adobe Reader users running an outdated version. Outdated Adobe Shockwave plug-ins were running on about one-third of the users’ devices. All other plug-ins were less than 8%, including (in descending order) Microsoft Outlook, Java, Flash, SilverLight, QuickTime, Windows Media Player and Real Player. Zscaler provides the ability for enterprises to enforce policy on how the web is accessed, to include specifiying browser or software versions to prevent the exploit of vulnerable browser and/or browser plug-ins.
A mass SQL injection attack was first identified on March 29, 2011, referred to as LizaMoon, due to the domain name of one of the injected script tags. Script tags were injected into hundreds of thousands of vulnerable web pages. A year later activity picked up again in March 2012.
Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates a massive, global cloud security platform that protects thousands of enterprises and government agencies from cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.
Zscaler ™, SHIFT™, ZIA™, ZPA™, Direct-to-cloud™ and The internet is the New Corporate Network™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.
Whitney Glockner Black
Director of Communications