Understanding Global Application Usage and Threats to Enterprises

“A single arrow is easily broken, but not ten in a bundle.” – Japanese proverb

Is prevention of cyber attacks impossible? Is trying to prevent attacks a waste of time? Should we spend all our time focused on incident response?

These are constant questions in cybersecurity, and while the truth is that we can’t prevent everything, prevention of a significant majority of attacks is indeed possible. With the implementation of strong security policies, regular analysis of trends and tactics, and, most importantly, shared, actionable threat intelligence to feed into our defenses, this can be a reality.

Today we’re releasing our 2015 Application Usage and Threat Report (AUTR) for which the Palo Alto Networks threat intelligence team, Unit 42, examined application usage activity across over 7,000 organizations. What’s more, for this year’s edition, data was also examined from Palo Alto Networks WildFire for an even stronger understanding of the adversaries we all face and their common behavioral trends. Unit 42 strongly believes in, and remains committed to, sharing this type of data for the global community to better secure and defend itself against attacks.

Through Unit 42’s analysis of both application activity and WildFire data over a 12-month period, we now understand the following about global application usage and threats to enterprises:

• The number of SaaS-based applications observed on enterprise networks has grown 46% from 2012 to 2015.
• 79 unique remote access applications were found in use worldwide, with more than 4,400 organizations using five or more different remote access applications.
• Over 40% of all email attachments examined by WildFire were found to be malicious.
• Nearly 50% of all portable executables analyzed by WildFire were found to be malicious.
• Over 10% of all malware activity as observed in WildFire was found to be related to macro-based malware.
• The average time to weaponization of a world event – meaning the creation of cyber threats exploiting things everyone is talking about – was 6 hours.

In addition to these findings, this year’s AUTR includes dossiers on well-known adversaries, with breakdowns of their aliases, targeted industries and regions, specific tactics and tools used, and other details that may help organizations better understand attackers, in order to better secure themselves. Finally, Unit 42 has provided base recommendations on how to minimize the risk and attack surface associated with each finding.

To effectively defend against the adversaries who roam across our individual networks, we must come together and freely share the data and behaviors we are observing. We must defend ourselves not as individuals, but as a community.

Get your copy of the 2015 Application Usage and Threat Report here.

Bryan Lee

[Palo Alto Networks Blog]