Jay Klein CTO of Allot Communications in this in depth presentation drills down into different aspects of enterprise security including the threat of anonymizers, application visibility and control.

1. Securing the Enterprise
with Application-Aware
Acceptable Use Policy
Jay Klein – VP & CTO
June 2015
Presented at Gartner
Security Summit June
2015
For more info contact
sales@allot.com

2. Introducing Allot
CloudTrends Report, Key Findings
The Rising Threat of Anonymizers
Application Visibility and Control
Presentation Topics
2

3. Allot Communications
Leading global provider of intelligent broadband
solutions leveraging network intelligence to
analyze, protect and improve user experience

4. Network Intelligence – our Core Technology
4
usage by exact
application, end-user &
device
Determine
traffic based on information
layer 3 to 7 OSI model
Classify
permitted from forbidden use
of certain applications
• enabling policy
enforcement at application
and user layers
Distinguish
in detail into data contents
of packets being sent
through an inspection point
Look
security threats not visible
to most network elements
• spam, viruses, worms,
spyware
Identify

5. 5
Get the free
report here

6. Findings Support our Premise
6
Web security threats are indeed complex
Many Threats use a combination of back-door methods and
unwitting user assistance
Traditional AUP is not enough
Application-aware AUP is needed to complement perimeter and
threat security measures

7. of blocked web traffic
in large enterprises is due
to a well-defined
Acceptable Use Policy
92%
of malicious traffic
from the web is caused by malware. Spywa
constitutes about 8% and viruses about 1%
90%
Findings: Acceptable Use Policy
7
Spyware
Viruses
Hackers
Phishing
Malware
Blocked
(malicious) 8%
Blocked
(policy) 92%
AUP Blocking vs. Malicious
Blocking 112014-042015
Types of Malicious Traffic
112014-042015

8. Findings: IM & Social Networks
8
Facebook 54%
Twitter 25%
Google 8%
Others 6%
Soundcloud 4%
Pinterest 3%
Social network
blocked
112014-042015
On average, enterprise
users try more than 6X
per day to access social
networks, half of which
are going to Facebook
Traffic from Instant
Messaging application is
blocked 10X more often
than overall web traffic
due to malicious content

9. Findings: Anonymizers
9
“Anonymized”
web traffic, when
discoverable, is
likely to be
blocked 3 times
more often than
overall web
traffic due to
malicious
content
Top Anonymizers Blocked 112014-042015
1,000 2,000 3,000 4,000 5,000 6,000
ModVPN book.net
Zenm.com
HideMyAss
VPNunlimited.me
TOR.me
Anonymussurf.us
Hide-ip.us
Hideipproxy.com
Hidemyip.info
ipcloak.us
Ipmask.us
Maskip.info
Unblocker.me
Myipproxylist.com
Hiderealip.net
A1.webproxy.nic.tel
Anonfiles.comels
Psphone.com

10. What are Anonymizers?
10
Facilitate
incognito
Internet
access
User traffic is
encrypted
Related IP
address
cannot be
observed
Common
use cases:
Privacy
Bypassing
Enterprise/ISP
block policies
(Facebook)
Accessing
media which is
conditioned by
geography
(Netflix)

11. 11

12. An Anonymizer in Action (TOR)
12

13. Anonymizers – Threats & Challenges
13
Platform for
illegal activities
Exploited for
Cyber/Security
attacks
Bypassing
Corporate Policy
Anonymizer detection difficulties:
• Anonymizers aren’t just another
website to block
• Related traffic resembles harmless
web transactions

14. Analytics: Scary Anomalies in Anonymous TOR
14
Snowden leak
PirateBrowser release

15. Ineffective URL & Port based Policies
15
Real Time Behavioral Analysis
Questionable
candidate?
Possible
Candidate?
Classified activity
New activity

16. Application Awareness – Key to Efficient Security
16
Users continue to access internet applications
• Regardless of corporate AUPs or Anonymizer use
Application control is required for adequate real time response
Personal & business lifestyles mix up with BYOD
• Whenever content is accessed a vulnerability exists
Application visibility is crucial for identifying underlying threats
• Masqueraded as innocent traffic compliant with dictated AUPs

17. Report Findings – Online Storage & File Types
17
iCloud 71%
Dropbox 19%
4shared 7%
Others 3%
Top Online Storage
site Blocked
112014-042015
Online storage:
a major security hole?
30%
21%
12%
11%
7%
5%
2%
2%
1%
2%
2%
2%
2%
2%
Common File Types
used by malware
Images – more
than 20% of
Malware
js
aspx
php
jpg
png
gif
xml
ico
html
pdf
cgi
json
swf
css

18. Report Findings – Risky Services, Inappropriate Content
18
Even when Acceptable Use Policy is in place, there are numerous
attempts to access “risky” applications
Webmail and Instant Messaging Inappropriate Content
Employees on average made 5.5
attempts to access webmail and
Instant Messaging sites and were
blocked per the company’s AUP.
Popular sites include:
Employees at large enterprises
attempt to access inappropriate
content 1.5 times per day on
average. Types of inappropriate
content were varied:
• Bombs
• Dating Sites
• Drugs
• Glamour
• Hackers
• Models
• Pornography
• Weapons
• Violence
• whatsapp.com
• talk.google.com
• skype.com
• mail.google.com
• hotmail.com
• mail.live.com
• outlook.com
• mail.yahoo.com
• gmail.com

19. Conclusions
19
The enormous cost
of inaction isn’t
eliminated by
deficient measures
AUPs must be coupled
with real-time network
intelligence &
application-level controls
Organizations adopting
such practices would
benefit from a secure and
more productive work
environment
Enforceable AUPs are key
to safeguard enterprises
and SMBs but aren’t
sufficient to cope with
current threat realities

20. THANK
Jay Klein
CTO & VP
Allot Communications
Email: jklein@allot.com
U
www.allot.com
20