San Jose, California, April 30, 2012
Zscaler published a Q1 2012 report that provides insights into how users access the web, what they do on the web and details on enterprise policies and security threats. Some insights include how Facebook traffic continues to decline as a percent of total social transactions, while Twitter continues to increase; the most common reason for being exposed to malware is outdated software; and Zulu, a free service that provides real-time threat scoring of websites, finds malware in 9.55% of the sites submitted by users.
The report also covers the top three (non-work) sites users are probably browsing right now; mobile device browsing trends (and who is winning: iOS or Android); the nine most common browser plugins (and which are the most insecure); and the LizaMoon injection threat and how it increased by nearly 100%. The practical report also brings into focus why these trends should matter to the enterprise.
Zscaler’s State of the Web report is available for download.
To attend a live webcast on the State of the Webs, featuring Michael Sutton, VP of Security for Zscaler ThreatLabZ, and become part of the discussion in an interactive Q&A session, please sign up here.
1. It isn’t Social: Facebook vs. Twitter
While Facebook continues shows a continual decline in the percentage of transactions . Facebook application was 40.54% in March, down from 41.72% of overall traffic in January and down from over 52% in Q1-2011. LinkedIn also declined in the quarter (from 1.55% to 1.45%). However, Twitter transactions increased from 7.05% to 7.44%. A significant reason for the declines enterprises appear to have been increasingly limiting access to Facebook but have been less concerned about Twitter.
2. Zulu: See for Yourself
Zscaler ThreatLabZ released a free service during Q1 known as Zulu. The service allows anyone to submit a URL, and receive a risk score. A site is classified as benign, suspicious, or malicious based on scores generated from reviewing the web page’s content, hosting, DNS, and other information. The results from the Zulu service are as follows:
- Benign: 0-49 81% of sites tested
- Suspicious: 50-74 9.5% of sites tested
- Malicious: 75-100 9.5% of sites tested
For a complimentary risk assessment simply visit http://zulu.zscaler.com/
3. Most Frequently Visited Sites
Facebook still has a commanding lead and accounted for over 40% of web application transactions in the enterprise, followed by Gmail (18%), YouTube (8%) and Twitter (7%). The next most popular app (MSN Messenger) had less than 2.4% share.
4. Mobile Device Browsing Trends
Mobile browsing, while a smaller percentage of the overall enterprise traffic handled, continues to rise. Blackberry and Android traffic declined as a percent. Apple iOS had the highest usage and ended the quarter accounting for over 50% of the mobile browser traffic observed.
5. Outdated Plug-ins
A common threat on the web comes from a series of exploit attempts against known vulnerabilities in browsers and browser plugins. By far, Adobe Reader was the largest client-side vulnerable attack surface for enterprise customers for the quarter, with over 60% of Adobe Reader users running an outdated version. Outdated Adobe Shockwave plug-ins were running on about one-third of the users’ devices. All other plug-ins were less than 8%, including (in descending order) Microsoft Outlook, Java, Flash, SilverLight, QuickTime, Windows Media Player and Real Player. Zscaler provides the ability for enterprises to enforce policy on how the web is accessed, to include specifiying browser or software versions to prevent the exploit of vulnerable browser and/or browser plug-ins.
6. LizaMoon Rising
A mass SQL injection attack was first identified on March 29, 2011, referred to as LizaMoon, due to the domain name of one of the injected script tags. Script tags were injected into hundreds of thousands of vulnerable web pages. A year later activity picked up again in March 2012.
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications