Contenu connexe
Similaire à State of Web Q3 2011 (20)
State of Web Q3 2011
- 1. State of The Web - Quarter 3, 2011
State of the Web
Quarter 3, 2011 Report
© 2011 Zscaler. All Rights Reserved. Page 1
- 2. State of The Web - Quarter 3, 2011
Introduction In This Issue:
In this Q3 2011 edition of the State of the Web from Zscaler • Decline in Facebook
ThreatLabZ, we take a closer look at Enterprise web traffic,
aggregated across over a hundred billion transactions and millions of • Mobile device usage in the
business users across the globe. workplace
This quarter we continued to see the social elements of the web • Browser plug-ins/extensions
remain out of date in
dominate advanced threats and attacks in Enterprise networks.
enterprise
Leveraging sophisticated social engineering techniques to launch their
attacks, malicious groups and hactivists know that human interest,
curiosity and oversight represent the weakest link in any enterprise
security chain. For that reason, ThreatLabZ wasn’t surprised to see
popular social networking applications leveraged as a top attack
channel and target.
While these trusted social networks and applications continue to
dominate enterprise Internet use, employees often have a false sense
of security – trusting their favorite tools and apps to provide them
‘safe’ information. However, hackers this quarter continued to take
advantage of this trust to exploit corporate victims through web apps,
web searches and targeted email scams.
Three major trends noticeable in this report include:
• Facebook still dominates enterprise web application use
- Facebook still remains the dominant web application in
enterprise traffic – risking like-jacking, fake videos, and
spear-phishing
• Corporate mobile devices split between business and personal use
- While social networking remains the dominant source of mobile
device traffic, business-related traffic follows closely behind
• Blended threats continue to target browser plug-ins
- Browser plug-ins and extensions remain well out of date,
providing a large target base for attacks.
© 2011 Zscaler. All Rights Reserved. Page 2
- 3. State of The Web - Quarter 3, 2011
Contents
A Look Beyond the Browser .................................................................................................4
The Hidden Risks of Plug-ins and Extensions .......................................................................6
Android Reclaims its Title in the Enterprise ...........................................................................8
Mobility Meets Productivity ..................................................................................................10
Facebook ‘Likes’ the Enterprise ............................................................................................12
When Malware Strikes..........................................................................................................14
A Safe and Productive Network ............................................................................................16
Conclusion ............................................................................................................................17
© 2011 Zscaler. All Rights Reserved. Page 3
- 4. State of The Web - Quarter 3, 2011
Looking Beyond the Browser
Every quarter, Zscaler ThreatLabZ tracks enterprise HTTP and HTTPS
traffic—including the specific browsers in use. This allows us to
show trends in Web and browser use, as well as the vulnerabilities
associated with them.
With the dominance of Microsoft end-user operating systems in
the enterprise, Internet Explorer (IE) maintained its position as
the most popular browser observed this quarter. Although Web
browsers make up over 75% of HTTP and HTTPS traffic, the other,
non-browser traffic is worth looking at. This is made up of browser
plug-ins, add-ons and extensions – as well as HTTP and HTTPS traffic
from native applications.
In Q3, we continued to see a rise in non-browser web traffic – being
driven by mobile and desktop applications that leverage HTTP(S) for
outbound communication. This is not entirely surprising, as most
enterprises have ‘firewalled’ off most ports beyond the ones needed
for web and email traffic. As a result, ports 80 and 443 represent a
viable egress point for any application.
“ Much of enterprise web
traffic originates from
native apps, and browser
“
extensions - not just web
browsing
© 2011 Zscaler. All Rights Reserved. Page 4
- 5. State of The Web - Quarter 3, 2011
Q3 Enterprise Browser Traffic
Despite its dominance, the enterprise traffic share for Internet Explorer
has been dropping as Apple becomes a more accepted desktop and laptop
solution. This is fueling a growth in Safari, and enterprise employees
continue to adopt other alternatives such as Firefox. We have yet to
see significant adoption of Chrome in the enterprise, despite increasing
adoption in the consumer space. Below are the Q3 traffic shares by
browser type:
Q3 HTTP(S) Browser Traffic by Type
Q3 HTTP(S) Browser Traffic by Type
0.17%
7.02% Opera
Safari
23.04% Chrome
58.38% Non-Browser
Firefox
10.64%
Internet Explorer
Figure 1
“ Internet Explorer 9 –
despite its additional
security features and
HTML5 compatibility –
has yet to see significant
“
adoption at the enterprise
level
© 2011 Zscaler. All Rights Reserved. Page 5
- 6. State of The Web - Quarter 3, 2011
Internet Explorer Versions in Use
As outlined in the graph above, Internet Explorer commands just over
half of the total web traffic in the enterprise. Internet Explorer 9 – despite
having been released in March of this year with additional security features
and HTML5 compatibility – has yet to see significant adoption at the
enterprise level. Drilling deeper into the Internet Explorer usage data over
each month of the quarter, we see the following:
Internet Explorer Traffic Share
Internet Explorer Traffic Share Q3 2011
Q3 2011
June July August
30% 28.23%
25%
22.02%
20%
15%
10%
5% 4.21%
1.68%
0%
IE 6.x IE 7.x IE 8.x IE 9.x
Figure 2
The Hidden Risks of Plug-ins and Extensions
Today, plug-ins, add-ons or extensions combine with nearly every browser
running in the enterprise. Similar to most any kind of software, older
versions of plug-ins typically have more security vulnerabilities.
Zscaler offers a unique solution known as Secure Browsing. Secure
Browsing identies the type and version of web browser that is in use. As
well – and even more importantly – it also identifies the browser plug-ins
© 2011 Zscaler. All Rights Reserved. Page 6
- 7. State of The Web - Quarter 3, 2011
that have been employed. As we can see in the chart below, enterprise
browser plug-ins are dominated by Microsoft and Adobe, with Adobe Flash
remaining the most popular overall browser plug-in in the enterprise.
Most Common Web Browser Plugins Q3 2011
Most Common Web Browser Plugins Q3 2011
Quicktime 6.88 %
Microsoft Office 6.96 %
Java 8.62 %
Adobe Shockwave 39.29 %
SilverLight 46.44 %
.NET 81.63 %
Outlook 84.29 %
Adobe Reader 84.76 %
Windows Media Player 87.01 %
Adobe Flash 94.41 %
0% 20%4 0% 60%8 0% 100%
Figure 3
Unfortunately, Secure Browsing reveals a highly concerning statistic.
Beyond simply revealing which plug-ins are most popular, it also provides
insight into the plug-ins that are most commonly outdated. These statistics
Why it Matters to Your
do tend to fluctuate from quarter to quarter. This is due to typical quarterly Enterprise:
patch release cycles, which tend to cause a spike in outdated versions for
Browser plug-ins offer a
specific plug-ins as end-users fail to implement the updates. dangerous combination of
characteristics
This is an area where enterprises are currently struggling. As ThreatLabZ
continues to highlight, browser plug-ins are made up of a potentially • Readers and players are
ubiquitous, across browsers
dangerous combination of characteristics – all of which adds up to a
tempting target for hackers. • Most users aren’t aware of
which plug-ins they have
Looking at the statistics below, it becomes clear that most companies have installed
little control over the type of plug-ins that their employees are using, or the • Most enterprises have no
specific version of plug-ins in use. patch management deployed
to keep plug-ins up to date
© 2011 Zscaler. All Rights Reserved. Page 7
- 8. State of The Web - Quarter 3, 2011
Most Outdated Web Browser Plugins Q3 2011
Most Outdated Web Browser Plugins Q3 2011
Windows Media Player 1.26 %
SilverLight 1.81 %
Adobe Flash 7.12 %
RealPlayer 10.02%
Outlook 19.81%
QuickTime 42.45%
Adobe Reader 65.84%
Java 70.60%
Adobe Shockwave 94.22%
Figure 4
0% 20%4 0% 60%8 0% 100%
Android Reclaims its Title in the Enterprise
Android and Blackberry
Both mobile device usage and mobile device web transactions logged devices were used more than
through Zscaler’s global security cloud infrastructure continue to grow. The any other mobile devices on
highest percentage of Q3 mobile transactions through Zscaler’s cloud was corporate networks in Q3:
from Android devices – followed by Blackberry, and Apple IOS devices. • Android: 40.36%
• Blackberry: 37.26%
As mobile transactions from our enterprise customers continue to
• iOS: 22.38%
grow, we notice that the Android platform accounts for the largest and
geographically dispersed user-population. As well, it represents the mobile
platform with the highest number of transactions through our cloud.
The Apple IOS platform moved to third place this quarter, falling to 22.38%
from 42.37% in Q2 2011. This is likely due to a growing sample size of
mobile use outside the US.
© 2011 Zscaler. All Rights Reserved. Page 8
- 9. State of The Web - Quarter 3, 2011
Q3 Mobile Usage by Geography
Q3 Mobile Usage by Geography
4.75% Q3 Mobile Device
1.09%
1.39% 1.07% US Usage/Transactions
2.11% France
2.57%
Israel
3. 22.38%
61
3.9 % UK
7%
Spain 37.26%
Saudi Arabia
Australia
Singapore 40.36%
79.44%
Other
Figure 6 Figure 5
IO ndroid Blackberry
Figure 6 provides a geographic breakdown on web client transactions that
used standard Android, BlackBerry or Apple IOS user-agents. The United
States made up about 80% of the mobile client transactions from Zscaler’s
enterprise customer base.
Android Percent by Country
Android Percent by Country
2.35%
1.13%
1.29% .94% US
1.53% Spain
2.76%
Israel
9.17% Singapore
UK
5.48%
Netherlands
India
75.34% Mexico
Other
Figure 7
© 2011 Zscaler. All Rights Reserved. Page 9
- 10. State of The Web - Quarter 3, 2011
Blackberry Percentby Country
Blackberry Percent by Country
3.80%
1.25%
.80%
2.10%
US
3.48%
France
7.78% UK
Australia
5.48%
Japan
Mexico
80.78% Other
Figure 8
Among our global enterprise customers, Android has the largest geographic
coverage. Whereas, among US-based customers, BlackBerry and IOS
devices represented more than 80% of the mobile usage. The following
charts break out device usage by-country. (Note that IP addresses that did
not resolve to a particular country were excluded from the percentages.)
IOS IOS Percent byCountry
Percent by Country
1.95% 4.41%
4.12%
6.77% Why it Matters to Your
Enterprise:
US
Saudi Arabia • Enterprise users continue
to leverage a variety of
Israel
smartphones and tablets for
UK both personal and business
Other use
82.76%
• Supporting and securing an
increasing variety of mobil
devices remains a significant
Figure 9
challenge for enterprises
© 2011 Zscaler. All Rights Reserved. Page 10
- 11. State of The Web - Quarter 3, 2011
Q3 Web Category by Mobile Platform
Q3 Web Category by Mobil Platform
iPad iPod iPhone
0.61% 1.62%
0.99% 5.72% 0.58% 0.51%
0.02% 0.40%
3.73%
0.67% 21.84%
10.91% 3.67%
6.44% 2.35% 5.18% 4.54%
28.86%
5.79% 7.12%
12.99%
7.20%
15.02% 8.36% 30.20%
3.77% 21.83%
2.28%
Social Networking
Android Blackberry
2.28%
Professional Services 4.30% 1.60%
1.16% 2.15%
Corporate Marketing 1.53%
4.69%
Web Search 0.12%
6.14%
11.36%
News & Media
5.82%
8.07%
Digital Media
Sports 7.50% 8.28%
Entertainment
10.55% 7.82%
Music/ Streaming Audio
16.95% 6.33%
Other
Figure 10
Mobility Meets Productivity
Zscaler ThreatLabZ tracks the most prominent website categories viewed
by enterprise mobile platforms. For Q3 2011, social networking topped
all others among website categories most viewed on enterprise mobile
devices. This differs, however, from overall enterprise web browsing—
where corporate marketing, professional services, web search and news/
media sites are more popularly visited than social networking.
© 2011 Zscaler. All Rights Reserved. Page 11
- 12. State of The Web - Quarter 3, 2011
Q3 Website Categories Accessed
by Mobile Devices
15
12% September
9% August
July
6%
3%
0%
s
ng ce
ia
ts
ch
t
a
ki
g
vi
en
i
in
ed
ed
or
or
ar
r
et
m
Se
Sp
Se
M
M
w
ak
et
in
l
s&
na l
eb
rta
M
ta
N
al io
gi
W
e
ew
te
ci ss
at
Di
En
N
or
So of
e Figure 11
rp
Pr
Co
When looking at various website categories browsed by specific mobile
device platforms, few differences are noticed. However, Android and iPod
have a much higher percentage of social networking browsing than other
mobile device platforms. As well, the iPhone is more popular for music,
streaming audio and professional services than other platforms. In some
usage areas, the Blackberry and Ipad platforms seem closely related – with
both being popularly used for news and media.
Interesting to note is the mix of business and recreational traffic on all
devices – these are being used for some productive purposes, not just
personal apps and browsing.
Facebook ‘Likes’ the Enterprise
“
Maintaining the trend seen in Q2 2011, social networking was once again
the most dominant category of browsed web applications through the Shopping is more popular
Zscaler cloud in Q3. And, given its dominance in enterprise web application on desktop systems than
use, Facebook once again lead the pack. Yet, for the first time, ThreatLabZ mobile platforms, while
saw a slight month-to-month drop in enterprise client Facebook usage.
sports is more popularly
Meanwhile, other popular web applications like Gmail, YouTube, Twitter and
LinkedIn experienced a slight increase.
“
viewed on mobile platforms
than desktops
© 2011 Zscaler. All Rights Reserved. Page 12
- 13. State of The Web - Quarter 3, 2011
Similar to last quarter, social networking and webmail made up the majority
of the total web application transactions for the quarter – with web search
representing a comparatively smaller percentage. The chart below provides
a detailed drill-down of overall web usage (by site) throughout the quarter:
Q3 Web Application Usage Drill-Down
Q3 Web Application Usage Drill-Down
Facebook
Gmail
0.81 % YouTube
1.15 % 16.16%
1.39 % Twitter
2.35 % MSN IM
1.94 %
Yahoo Mail
2.78 % 45.72%
LinkedIn
3.00 %
6.51 % Hotmail
6.58 % Google Search
11.61% Blogger
Pandora
Other
Figure 12
Why it Matters to Your
Enterprise:
• Facebook remains the
Top Q3 Web Application Usage by Month
Top Q3 Web Application Usage by Month predominant web 2.0 app in
the enterprise—making up
50% nearly 50% of overall usage
for the quarter
40%
• As Facebook, Twitter, LinkedIn
30% September
and YouTube continue
20% August to dominate overall web
July application use, enterprises
10%
are often allowing unrestricted
0% employee access to social
Facebook Gmail YouTube Twitter MSN IM Yahoo Mail LinkedIn
networking apps
Figure 13
• Allowing, yet securing, social
networking apps is a paradox
for today’s IT teams
© 2011 Zscaler. All Rights Reserved. Page 13
- 14. State of The Web - Quarter 3, 2011
When Malware Strikes
Zscaler ThreatLabZ identifies and tracks malicious content in real time –
across both HTTP and HTTPS. This gives Zscaler ThreatLabZ the information
needed to identify the sources of malware, while tracking general trends in
malware threats.
The top trend in malware continues to be the inclusion of IFrames within
malicious content (often an exploit kit). In September 2011, greater than
67% of the anti-virus signatures that triggered were on web pages that had
malicious IFrame inclusions. We have continued to notice a steady increase
in security blocks—over time and throughout Q3—that resulted from
malicious web responses. Below are the top 10 malware types for Q3.
Q3 top 10 families of malware*
1 Malicious HTML IFrame 6 Malicious JS in PDF
2 Malicious JS Redirector 7 Malicious JS IFrame
3 Malicious binary, heuristic detection 8 Malware/Spyware Toolbar
4 Malicious SWF 9 Malicious W32 Trojan
5 OnlineGames Malware 10 JS Shellcode
Figure 14
* based on A/V detection only for the most recent month of the quarter
(September)
© 2011 Zscaler. All Rights Reserved. Page 14
- 15. State of The Web - Quarter 3, 2011
Blackhat Sites and Phishing Spikes
Blackhat SEO continues to be a tactic used by cyber criminals to increase
web traffic to their sites. Compared to last quarter, the number of search
results leading to malware has decreased. However, the number of spam
sites (fake stores, fake search engines, etc.) using hijacked sites has
increased. University websites (.edu) are still the main source of hijacked
sites. The following chart breaks out the types of sites being served in
these campaigns.
Blackhat SEO Site Types
Blackhat SEO Site Types
3.72%
2.01%
Fake Store
5.44%
Site Down
Israel
5.73% UK
Spain
7.45% 40.69%
Saudi Arabia
Australia
12.61%
22.35% Singapore
Other
Figure 14
© 2011 Zscaler. All Rights Reserved. Page 15
- 16. State of The Web - Quarter 3, 2011
A Safe and Productive Network
Throughout Q3, Zscaler noticed a monthly drop in web policy blocks
in social networking, webmail, and malware transactions. Conversely,
there was a monthly increase in botnet, instant messaging, and anti-virus
transactions.
Q3 Web Web Policy Blocks
Q3 Policy Blocks
30%
25%
September
20%
August
15%
July
10%
5%
0%
Malware SocNet Botnet IM Webmail Anti-Virus
Figure 15
Malicious web responses continue to be on the rise – with malicious IFrame
or Javascript inclusions being the primary threat blocked. This malicious
content redirects browsers, often to an exploit site that attempts to exploit
known vulnerabilities within web browsers or browser plug-ins. The most
common plug-ins that our customers have installed and left unpatched/
vulnernable are Adobe Shockwave, Java, and Adobe Reader. Each of these
“ Malicious web responses
continue to be on the rise
plug-ins has more than 50% of its installs left out-of-date. This is a sharp – with malicious IFrame or
increase from the previous quarter. Javascript inclusions being
“
the primary threat
blocked
© 2011 Zscaler. All Rights Reserved. Page 16
- 17. State of The Web - Quarter 3, 2011
Conclusion
Every quarter Zscaler ThreatLabZ publishes our State of the Web report
to provide some high-level trends observed from the large number of
enterprise web transactions traversing the Zscaler security cloud. Given the
scale of transactions we see (over a hundred billion across millions of global
users), ThreatLabZ is able to provide interesting data-points on enterprise
browser usage, browser plug-ins, mobile devices, website categories and
various security trends we observe.
Of the trends and data-points noticed this quarter, a few stand-out:
• A month-to-month percentage decline in enterprise Facebook usage.
• While Android mobile devices continue to be in the lead within our
global user-base, we noticed Apple IOS devices representing the
largest quarterly increase.
• Malicious web-site responses – particularly those containing malicious
IFrame or Javascript inclusions – appear to be on the rise.
• At the same time, the number of clients with vulnerable versions of
browser plug-ins also seem to be on the rise.
© 2011 Zscaler. All Rights Reserved. Page 17
- 18. State of The Web - Quarter 3, 2011
About the Authors
This report was written by Michael Sutton, Julien Sobrier, Mike Geide,
Pradeep Kulkarni, and Umesh Wanve.
About Zscaler: The Cloud Security Company™
Zscaler enforces business policy, mitigates risk and provides twice the
functionality at a fraction of the cost of current solutions, utilizing a
multi-tenant, globally-deployed infrastructure. Zscaler’s integrated, cloud-
delivered security services include Web Security, Mobile Security, Email
Security and DLP Zscaler services enable organizations to provide the
.
right access to the right users, from any place and on any device—all while
empowering the end-user with a rich Internet experience.
About Zscaler ThreatLabZ™
ThreatLabZ is the global security research team for Zscaler. Leveraging an
aggregate view of billions of daily web transaction, from millions of users
across the globe, ThreatLabZ identifies new and emerging threats as they
occur, and deploys protections across the Zscaler Security Cloud in real time
to protect customers from advanced threats.
For more information, visit www.zscaler.com.
© 2011 Zscaler. All Rights Reserved. Page 18