Healthcare, financial firms no strangers to P2P

Application use skyrocketing, including P2P transfers, report indicates

A sampling of traffic at 347 global organizations shows a total of 741 applications in use, with healthcare and financial services firms as likely as any other industry to have users engaged in dangerous peer-to-peer file transfers, according to a six-month study released Tuesday.

"The Application Usage and Risk Report," published by Palo Alto Networks, is an evaluation of the application usage data that's generated on the first three days when new customers install Palo Alto's security gear to review traffic and decide which applications to monitor and block. These customers, located in North America, Europe and Asia/Pacific, represent seven industries plus government and education. The report found "webmail, instant messaging, social networking and file sharing all being used with equal consistency."

The number of applications in use increased to 741 from about 550 applications counted six months prior. Among the applications detected in the bi-annual study, 65% were designed for accessibility and port-hopping to jump through Port 80, Port 443 or other ports to get around a traditional firewall.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A sampling of traffic at 347 global organizations shows a total of 741 applications in use, with healthcare and financial services firms as likely as any other industry to have users engaged in dangerous peer-to-peer file transfers, according to a six-month study released Tuesday.

"The Application Usage and Risk Report," published by Palo Alto Networks, is an evaluation of the application usage data that's generated on the first three days when new customers install Palo Alto's security gear to review traffic and decide which applications to monitor and block. These customers, located in North America, Europe and Asia/Pacific, represent seven industries plus government and education. The report found "webmail, instant messaging, social networking and file sharing all being used with equal consistency."

The number of applications in use increased to 741 from about 550 applications counted six months prior. Among the applications detected in the bi-annual study, 65% were designed for accessibility and port-hopping to jump through Port 80, Port 443 or other ports to get around a traditional firewall.

In addition, risky P2P file-sharing, which can result in a data breach, was in use at 77% of all the organizations. Twenty-four variants were observed, including Bittorrent, Emule, Ares, Gnutella and Azureus, consuming 46TB of bandwidth across all the organizations during the timeframe.

In addition, less risky browser-based file sharing has become popular, especially in financial services and healthcare, where MegaUpload, DocStoc and SkyDrive are very popular. Facebook was the most popular social networking application among 35 detected.

This is the first time that Palo Alto Networks broke out its six-month customer traffic evaluation into industry segments, says Chris King, director of product marketing. The findings, he says, tend to dispel the notion that application usage in healthcare and financial services is far more restricted due to ideas about data sensitivity.

One of the more curious aspects of this six-month study relates to the 40 university networks whose traffic was examined.

University networks, the study points out, are "often viewed as 'open,' indirectly encouraging the use of any application. So it wasn't surprising that file sharing, media and social networking application usage was higher than the average." What was a surprise, though, was the higher-than-average (80% vs. 56%) use of external proxies not supported or endorsed by the IT department, which indicates "students and employees are taking an extra step to hide their web surfing activity."

They did this via CGIProxy, PPHProxy, CoralCDN and Freegate, among other software, plus encrypted tunneling to maintain anonymity, including TOR, Hamachi and Gbridge.

"When these two groups of applications are viewed collectively, they pose a question as to why the students (and university employees) might feel compelled to take the somewhat extraordinary steps to mask their activity and/or maintain anonymity," the report notes. While offering no definite answer, the report suggests it's either to bypass security controls and policies in place to control applications such as P2P, or extreme concern about personal privacy.