State of Web Q3 2011


Published on

State of Web
Q3 2011

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

State of Web Q3 2011

  1. 1. State of The Web - Quarter 3, 2011State of the WebQuarter 3, 2011 Report© 2011 Zscaler. All Rights Reserved. Page 1
  2. 2. State of The Web - Quarter 3, 2011Introduction In This Issue:In this Q3 2011 edition of the State of the Web from Zscaler • Decline in FacebookThreatLabZ, we take a closer look at Enterprise web traffic,aggregated across over a hundred billion transactions and millions of • Mobile device usage in thebusiness users across the globe. workplaceThis quarter we continued to see the social elements of the web • Browser plug-ins/extensions remain out of date indominate advanced threats and attacks in Enterprise networks. enterpriseLeveraging sophisticated social engineering techniques to launch theirattacks, malicious groups and hactivists know that human interest,curiosity and oversight represent the weakest link in any enterprisesecurity chain. For that reason, ThreatLabZ wasn’t surprised to seepopular social networking applications leveraged as a top attackchannel and target.While these trusted social networks and applications continue todominate enterprise Internet use, employees often have a false senseof security – trusting their favorite tools and apps to provide them‘safe’ information. However, hackers this quarter continued to takeadvantage of this trust to exploit corporate victims through web apps,web searches and targeted email scams.Three major trends noticeable in this report include:• Facebook still dominates enterprise web application use - Facebook still remains the dominant web application in enterprise traffic – risking like-jacking, fake videos, and spear-phishing• Corporate mobile devices split between business and personal use - While social networking remains the dominant source of mobile device traffic, business-related traffic follows closely behind• Blended threats continue to target browser plug-ins - Browser plug-ins and extensions remain well out of date, providing a large target base for attacks.© 2011 Zscaler. All Rights Reserved. Page 2
  3. 3. State of The Web - Quarter 3, 2011ContentsA Look Beyond the Browser .................................................................................................4The Hidden Risks of Plug-ins and Extensions .......................................................................6Android Reclaims its Title in the Enterprise ...........................................................................8Mobility Meets Productivity ..................................................................................................10Facebook ‘Likes’ the Enterprise ............................................................................................12When Malware Strikes..........................................................................................................14A Safe and Productive Network ............................................................................................16Conclusion ............................................................................................................................17© 2011 Zscaler. All Rights Reserved. Page 3
  4. 4. State of The Web - Quarter 3, 2011Looking Beyond the BrowserEvery quarter, Zscaler ThreatLabZ tracks enterprise HTTP and HTTPStraffic—including the specific browsers in use. This allows us toshow trends in Web and browser use, as well as the vulnerabilitiesassociated with them.With the dominance of Microsoft end-user operating systems inthe enterprise, Internet Explorer (IE) maintained its position asthe most popular browser observed this quarter. Although Webbrowsers make up over 75% of HTTP and HTTPS traffic, the other,non-browser traffic is worth looking at. This is made up of browserplug-ins, add-ons and extensions – as well as HTTP and HTTPS trafficfrom native applications.In Q3, we continued to see a rise in non-browser web traffic – beingdriven by mobile and desktop applications that leverage HTTP(S) foroutbound communication. This is not entirely surprising, as mostenterprises have ‘firewalled’ off most ports beyond the ones neededfor web and email traffic. As a result, ports 80 and 443 represent aviable egress point for any application. “ Much of enterprise web traffic originates from native apps, and browser “ extensions - not just web browsing© 2011 Zscaler. All Rights Reserved. Page 4
  5. 5. State of The Web - Quarter 3, 2011Q3 Enterprise Browser TrafficDespite its dominance, the enterprise traffic share for Internet Explorerhas been dropping as Apple becomes a more accepted desktop and laptopsolution. This is fueling a growth in Safari, and enterprise employeescontinue to adopt other alternatives such as Firefox. We have yet tosee significant adoption of Chrome in the enterprise, despite increasingadoption in the consumer space. Below are the Q3 traffic shares bybrowser type: Q3 HTTP(S) Browser Traffic by Type Q3 HTTP(S) Browser Traffic by Type 0.17% 7.02% Opera Safari 23.04% Chrome 58.38% Non-Browser Firefox 10.64% Internet ExplorerFigure 1 “ Internet Explorer 9 – despite its additional security features and HTML5 compatibility – has yet to see significant “ adoption at the enterprise level© 2011 Zscaler. All Rights Reserved. Page 5
  6. 6. State of The Web - Quarter 3, 2011Internet Explorer Versions in UseAs outlined in the graph above, Internet Explorer commands just overhalf of the total web traffic in the enterprise. Internet Explorer 9 – despitehaving been released in March of this year with additional security featuresand HTML5 compatibility – has yet to see significant adoption at theenterprise level. Drilling deeper into the Internet Explorer usage data overeach month of the quarter, we see the following: Internet Explorer Traffic Share Internet Explorer Traffic Share Q3 2011 Q3 2011 June July August 30% 28.23% 25% 22.02% 20% 15% 10% 5% 4.21% 1.68% 0% IE 6.x IE 7.x IE 8.x IE 9.xFigure 2The Hidden Risks of Plug-ins and ExtensionsToday, plug-ins, add-ons or extensions combine with nearly every browserrunning in the enterprise. Similar to most any kind of software, olderversions of plug-ins typically have more security vulnerabilities.Zscaler offers a unique solution known as Secure Browsing. SecureBrowsing identies the type and version of web browser that is in use. Aswell – and even more importantly – it also identifies the browser plug-ins© 2011 Zscaler. All Rights Reserved. Page 6
  7. 7. State of The Web - Quarter 3, 2011that have been employed. As we can see in the chart below, enterprisebrowser plug-ins are dominated by Microsoft and Adobe, with Adobe Flashremaining the most popular overall browser plug-in in the enterprise. Most Common Web Browser Plugins Q3 2011 Most Common Web Browser Plugins Q3 2011 Quicktime 6.88 % Microsoft Office 6.96 % Java 8.62 % Adobe Shockwave 39.29 % SilverLight 46.44 % .NET 81.63 % Outlook 84.29 % Adobe Reader 84.76 %Windows Media Player 87.01 % Adobe Flash 94.41 % 0% 20%4 0% 60%8 0% 100%Figure 3Unfortunately, Secure Browsing reveals a highly concerning statistic.Beyond simply revealing which plug-ins are most popular, it also providesinsight into the plug-ins that are most commonly outdated. These statistics Why it Matters to Yourdo tend to fluctuate from quarter to quarter. This is due to typical quarterly Enterprise:patch release cycles, which tend to cause a spike in outdated versions for Browser plug-ins offer aspecific plug-ins as end-users fail to implement the updates. dangerous combination of characteristicsThis is an area where enterprises are currently struggling. As ThreatLabZcontinues to highlight, browser plug-ins are made up of a potentially • Readers and players are ubiquitous, across browsersdangerous combination of characteristics – all of which adds up to atempting target for hackers. • Most users aren’t aware of which plug-ins they haveLooking at the statistics below, it becomes clear that most companies have installedlittle control over the type of plug-ins that their employees are using, or the • Most enterprises have nospecific version of plug-ins in use. patch management deployed to keep plug-ins up to date© 2011 Zscaler. All Rights Reserved. Page 7
  8. 8. State of The Web - Quarter 3, 2011 Most Outdated Web Browser Plugins Q3 2011 Most Outdated Web Browser Plugins Q3 2011Windows Media Player 1.26 % SilverLight 1.81 % Adobe Flash 7.12 % RealPlayer 10.02% Outlook 19.81% QuickTime 42.45% Adobe Reader 65.84% Java 70.60% Adobe Shockwave 94.22%Figure 4 0% 20%4 0% 60%8 0% 100%Android Reclaims its Title in the Enterprise Android and BlackberryBoth mobile device usage and mobile device web transactions logged devices were used more thanthrough Zscaler’s global security cloud infrastructure continue to grow. The any other mobile devices onhighest percentage of Q3 mobile transactions through Zscaler’s cloud was corporate networks in Q3:from Android devices – followed by Blackberry, and Apple IOS devices. • Android: 40.36% • Blackberry: 37.26%As mobile transactions from our enterprise customers continue to • iOS: 22.38%grow, we notice that the Android platform accounts for the largest andgeographically dispersed user-population. As well, it represents the mobileplatform with the highest number of transactions through our cloud.The Apple IOS platform moved to third place this quarter, falling to 22.38%from 42.37% in Q2 2011. This is likely due to a growing sample size ofmobile use outside the US.© 2011 Zscaler. All Rights Reserved. Page 8
  9. 9. State of The Web - Quarter 3, 2011 Q3 Mobile Usage by Geography Q3 Mobile Usage by Geography 4.75% Q3 Mobile Device 1.09% 1.39% 1.07% US Usage/Transactions 2.11% France 2.57% Israel 3. 22.38% 61 3.9 % UK 7% Spain 37.26% Saudi Arabia Australia Singapore 40.36% 79.44% OtherFigure 6 Figure 5 IO ndroid BlackberryFigure 6 provides a geographic breakdown on web client transactions thatused standard Android, BlackBerry or Apple IOS user-agents. The UnitedStates made up about 80% of the mobile client transactions from Zscaler’senterprise customer base. Android Percent by Country Android Percent by Country 2.35% 1.13% 1.29% .94% US 1.53% Spain 2.76% Israel 9.17% Singapore UK 5.48% Netherlands India 75.34% Mexico OtherFigure 7© 2011 Zscaler. All Rights Reserved. Page 9
  10. 10. State of The Web - Quarter 3, 2011 Blackberry Percentby Country Blackberry Percent by Country 3.80% 1.25% .80% 2.10% US 3.48% France 7.78% UK Australia 5.48% Japan Mexico 80.78% OtherFigure 8Among our global enterprise customers, Android has the largest geographiccoverage. Whereas, among US-based customers, BlackBerry and IOSdevices represented more than 80% of the mobile usage. The followingcharts break out device usage by-country. (Note that IP addresses that didnot resolve to a particular country were excluded from the percentages.) IOS IOS Percent byCountry Percent by Country 1.95% 4.41% 4.12% 6.77% Why it Matters to Your Enterprise: US Saudi Arabia • Enterprise users continue to leverage a variety of Israel smartphones and tablets for UK both personal and business Other use 82.76% • Supporting and securing an increasing variety of mobil devices remains a significantFigure 9 challenge for enterprises© 2011 Zscaler. All Rights Reserved. Page 10
  11. 11. State of The Web - Quarter 3, 2011 Q3 Web Category by Mobile Platform Q3 Web Category by Mobil Platform iPad iPod iPhone 0.61% 1.62% 0.99% 5.72% 0.58% 0.51% 0.02% 0.40% 3.73% 0.67% 21.84% 10.91% 3.67% 6.44% 2.35% 5.18% 4.54% 28.86% 5.79% 7.12% 12.99% 7.20% 15.02% 8.36% 30.20% 3.77% 21.83% 2.28% Social Networking Android Blackberry 2.28% Professional Services 4.30% 1.60% 1.16% 2.15% Corporate Marketing 1.53% 4.69% Web Search 0.12% 6.14% 11.36% News & Media 5.82% 8.07% Digital Media Sports 7.50% 8.28% Entertainment 10.55% 7.82% Music/ Streaming Audio 16.95% 6.33% OtherFigure 10Mobility Meets ProductivityZscaler ThreatLabZ tracks the most prominent website categories viewedby enterprise mobile platforms. For Q3 2011, social networking toppedall others among website categories most viewed on enterprise mobiledevices. This differs, however, from overall enterprise web browsing—where corporate marketing, professional services, web search and news/media sites are more popularly visited than social networking.© 2011 Zscaler. All Rights Reserved. Page 11
  12. 12. State of The Web - Quarter 3, 2011 Q3 Website Categories Accessed by Mobile Devices 15 12% September 9% August July 6% 3% 0% s ng ce ia ts ch t a ki g vi en i in ed ed or or ar r et m Se Sp Se M M w ak et in l s& na l eb rta M ta N al io gi W e ew te ci ss at Di En N or So of e Figure 11 rp Pr CoWhen looking at various website categories browsed by specific mobiledevice platforms, few differences are noticed. However, Android and iPodhave a much higher percentage of social networking browsing than othermobile device platforms. As well, the iPhone is more popular for music,streaming audio and professional services than other platforms. In someusage areas, the Blackberry and Ipad platforms seem closely related – withboth being popularly used for news and media.Interesting to note is the mix of business and recreational traffic on alldevices – these are being used for some productive purposes, not justpersonal apps and browsing.Facebook ‘Likes’ the Enterprise “Maintaining the trend seen in Q2 2011, social networking was once againthe most dominant category of browsed web applications through the Shopping is more popularZscaler cloud in Q3. And, given its dominance in enterprise web application on desktop systems thanuse, Facebook once again lead the pack. Yet, for the first time, ThreatLabZ mobile platforms, whilesaw a slight month-to-month drop in enterprise client Facebook usage. sports is more popularlyMeanwhile, other popular web applications like Gmail, YouTube, Twitter andLinkedIn experienced a slight increase. “ viewed on mobile platforms than desktops© 2011 Zscaler. All Rights Reserved. Page 12
  13. 13. State of The Web - Quarter 3, 2011Similar to last quarter, social networking and webmail made up the majorityof the total web application transactions for the quarter – with web searchrepresenting a comparatively smaller percentage. The chart below providesa detailed drill-down of overall web usage (by site) throughout the quarter: Q3 Web Application Usage Drill-Down Q3 Web Application Usage Drill-Down Facebook Gmail 0.81 % YouTube 1.15 % 16.16% 1.39 % Twitter 2.35 % MSN IM 1.94 % Yahoo Mail 2.78 % 45.72% LinkedIn 3.00 % 6.51 % Hotmail 6.58 % Google Search 11.61% Blogger Pandora OtherFigure 12 Why it Matters to Your Enterprise: • Facebook remains the Top Q3 Web Application Usage by Month Top Q3 Web Application Usage by Month predominant web 2.0 app in the enterprise—making up50% nearly 50% of overall usage for the quarter40% • As Facebook, Twitter, LinkedIn30% September and YouTube continue20% August to dominate overall web July application use, enterprises10% are often allowing unrestricted 0% employee access to social Facebook Gmail YouTube Twitter MSN IM Yahoo Mail LinkedIn networking appsFigure 13 • Allowing, yet securing, social networking apps is a paradox for today’s IT teams© 2011 Zscaler. All Rights Reserved. Page 13
  14. 14. State of The Web - Quarter 3, 2011When Malware StrikesZscaler ThreatLabZ identifies and tracks malicious content in real time –across both HTTP and HTTPS. This gives Zscaler ThreatLabZ the informationneeded to identify the sources of malware, while tracking general trends inmalware threats.The top trend in malware continues to be the inclusion of IFrames withinmalicious content (often an exploit kit). In September 2011, greater than67% of the anti-virus signatures that triggered were on web pages that hadmalicious IFrame inclusions. We have continued to notice a steady increasein security blocks—over time and throughout Q3—that resulted frommalicious web responses. Below are the top 10 malware types for Q3. Q3 top 10 families of malware* 1 Malicious HTML IFrame 6 Malicious JS in PDF 2 Malicious JS Redirector 7 Malicious JS IFrame 3 Malicious binary, heuristic detection 8 Malware/Spyware Toolbar 4 Malicious SWF 9 Malicious W32 Trojan 5 OnlineGames Malware 10 JS ShellcodeFigure 14* based on A/V detection only for the most recent month of the quarter(September)© 2011 Zscaler. All Rights Reserved. Page 14
  15. 15. State of The Web - Quarter 3, 2011Blackhat Sites and Phishing SpikesBlackhat SEO continues to be a tactic used by cyber criminals to increaseweb traffic to their sites. Compared to last quarter, the number of searchresults leading to malware has decreased. However, the number of spamsites (fake stores, fake search engines, etc.) using hijacked sites hasincreased. University websites (.edu) are still the main source of hijackedsites. The following chart breaks out the types of sites being served inthese campaigns. Blackhat SEO Site Types Blackhat SEO Site Types 3.72% 2.01% Fake Store 5.44% Site Down Israel 5.73% UK Spain 7.45% 40.69% Saudi Arabia Australia 12.61% 22.35% Singapore OtherFigure 14© 2011 Zscaler. All Rights Reserved. Page 15
  16. 16. State of The Web - Quarter 3, 2011A Safe and Productive NetworkThroughout Q3, Zscaler noticed a monthly drop in web policy blocksin social networking, webmail, and malware transactions. Conversely,there was a monthly increase in botnet, instant messaging, and anti-virustransactions. Q3 Web Web Policy Blocks Q3 Policy Blocks30%25% September20% August15% July10% 5% 0% Malware SocNet Botnet IM Webmail Anti-VirusFigure 15Malicious web responses continue to be on the rise – with malicious IFrameor Javascript inclusions being the primary threat blocked. This maliciouscontent redirects browsers, often to an exploit site that attempts to exploitknown vulnerabilities within web browsers or browser plug-ins. The mostcommon plug-ins that our customers have installed and left unpatched/vulnernable are Adobe Shockwave, Java, and Adobe Reader. Each of these “ Malicious web responses continue to be on the riseplug-ins has more than 50% of its installs left out-of-date. This is a sharp – with malicious IFrame orincrease from the previous quarter. Javascript inclusions being “ the primary threat blocked© 2011 Zscaler. All Rights Reserved. Page 16
  17. 17. State of The Web - Quarter 3, 2011ConclusionEvery quarter Zscaler ThreatLabZ publishes our State of the Web reportto provide some high-level trends observed from the large number ofenterprise web transactions traversing the Zscaler security cloud. Given thescale of transactions we see (over a hundred billion across millions of globalusers), ThreatLabZ is able to provide interesting data-points on enterprisebrowser usage, browser plug-ins, mobile devices, website categories andvarious security trends we observe. Of the trends and data-points noticed this quarter, a few stand-out: • A month-to-month percentage decline in enterprise Facebook usage. • While Android mobile devices continue to be in the lead within our global user-base, we noticed Apple IOS devices representing the largest quarterly increase. • Malicious web-site responses – particularly those containing malicious IFrame or Javascript inclusions – appear to be on the rise. • At the same time, the number of clients with vulnerable versions of browser plug-ins also seem to be on the rise.© 2011 Zscaler. All Rights Reserved. Page 17
  18. 18. State of The Web - Quarter 3, 2011About the AuthorsThis report was written by Michael Sutton, Julien Sobrier, Mike Geide,Pradeep Kulkarni, and Umesh Wanve.About Zscaler: The Cloud Security Company™Zscaler enforces business policy, mitigates risk and provides twice thefunctionality at a fraction of the cost of current solutions, utilizing amulti-tenant, globally-deployed infrastructure. Zscaler’s integrated, cloud-delivered security services include Web Security, Mobile Security, EmailSecurity and DLP Zscaler services enable organizations to provide the .right access to the right users, from any place and on any device—all whileempowering the end-user with a rich Internet experience.About Zscaler ThreatLabZ™ThreatLabZ is the global security research team for Zscaler. Leveraging anaggregate view of billions of daily web transaction, from millions of usersacross the globe, ThreatLabZ identifies new and emerging threats as theyoccur, and deploys protections across the Zscaler Security Cloud in real timeto protect customers from advanced threats.For more information, visit© 2011 Zscaler. All Rights Reserved. Page 18