Enviar pesquisa
Carregar
State of Web Q3 2011
•
1 gostou
•
574 visualizações
Kim Jensen
Seguir
State of Web Zscaler Q3 2011
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 18
Baixar agora
Baixar para ler offline
Recomendados
App Deep Linking Guide
App Deep Linking Guide
Appindex
Phishing on android
Phishing on android
GenaroSantiago3
2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk Wwiscop
Juan Carlos Carrillo
Rich Internet Applications (RIA)
Rich Internet Applications (RIA)
guest3214e8
RIA
RIA
lakshmi_vallabhajoshyula
Progressive Web Apps
Progressive Web Apps
Florian Wessels
Evaluation Test On Power Meeting
Evaluation Test On Power Meeting
Vishal Dixit
webinos whitepaper
webinos whitepaper
webinos project
Recomendados
App Deep Linking Guide
App Deep Linking Guide
Appindex
Phishing on android
Phishing on android
GenaroSantiago3
2009 X Force Treath And Risk Wwiscop
2009 X Force Treath And Risk Wwiscop
Juan Carlos Carrillo
Rich Internet Applications (RIA)
Rich Internet Applications (RIA)
guest3214e8
RIA
RIA
lakshmi_vallabhajoshyula
Progressive Web Apps
Progressive Web Apps
Florian Wessels
Evaluation Test On Power Meeting
Evaluation Test On Power Meeting
Vishal Dixit
webinos whitepaper
webinos whitepaper
webinos project
Php Leads Web2 0
Php Leads Web2 0
guestf34485
progressive web app
progressive web app
RAGINI .
Firefox OS - Evolving the brand role
Firefox OS - Evolving the brand role
Riccardo Ribas Leumann
Why stop Open Source in the Enterprise?
Why stop Open Source in the Enterprise?
John Newton
Rich Internet Applications
Rich Internet Applications
Dr. V Vorvoreanu
Cleon Acts Fusion Portal
Cleon Acts Fusion Portal
Tolu Romio
WEB 2.0 For Interns(Surya)
WEB 2.0 For Interns(Surya)
guest71e24d
RIA
RIA
Mahesh Panchal
Application Security framework for Mobile App Development in Enterprise Setup
Application Security framework for Mobile App Development in Enterprise Setup
Eswar Publications
Content - A Fairytale Wedding of Social and Enterprise
Content - A Fairytale Wedding of Social and Enterprise
John Newton
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
Luis Benitez
Adobe
Adobe
Liu Xing
IRJET- Secured Authentication using Image Shield Protection and Database ...
IRJET- Secured Authentication using Image Shield Protection and Database ...
IRJET Journal
Nwtl2017 extending and customizing ibm connections cloud
Nwtl2017 extending and customizing ibm connections cloud
André Luís Cardoso
S01 gae and_hybrid_app_v1.0
S01 gae and_hybrid_app_v1.0
Sun-Jin Jang
What is web2.0
What is web2.0
flyingsheep
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Editor IJCATR
Information Technology for Facilities Management
Information Technology for Facilities Management
Omer Dawelbeit
Pkewebrtc
Pkewebrtc
Sandra Kuzkhan
Cloud web applications: the new perspective of sproutcore
Cloud web applications: the new perspective of sproutcore
David Saitta
Os in-a-browser
Os in-a-browser
Farrukh Naeem
Web Application Vulnerabilities
Web Application Vulnerabilities
Pamela Wright
Mais conteúdo relacionado
Mais procurados
Php Leads Web2 0
Php Leads Web2 0
guestf34485
progressive web app
progressive web app
RAGINI .
Firefox OS - Evolving the brand role
Firefox OS - Evolving the brand role
Riccardo Ribas Leumann
Why stop Open Source in the Enterprise?
Why stop Open Source in the Enterprise?
John Newton
Rich Internet Applications
Rich Internet Applications
Dr. V Vorvoreanu
Cleon Acts Fusion Portal
Cleon Acts Fusion Portal
Tolu Romio
WEB 2.0 For Interns(Surya)
WEB 2.0 For Interns(Surya)
guest71e24d
RIA
RIA
Mahesh Panchal
Application Security framework for Mobile App Development in Enterprise Setup
Application Security framework for Mobile App Development in Enterprise Setup
Eswar Publications
Content - A Fairytale Wedding of Social and Enterprise
Content - A Fairytale Wedding of Social and Enterprise
John Newton
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
Luis Benitez
Adobe
Adobe
Liu Xing
IRJET- Secured Authentication using Image Shield Protection and Database ...
IRJET- Secured Authentication using Image Shield Protection and Database ...
IRJET Journal
Nwtl2017 extending and customizing ibm connections cloud
Nwtl2017 extending and customizing ibm connections cloud
André Luís Cardoso
Mais procurados
(14)
Php Leads Web2 0
Php Leads Web2 0
progressive web app
progressive web app
Firefox OS - Evolving the brand role
Firefox OS - Evolving the brand role
Why stop Open Source in the Enterprise?
Why stop Open Source in the Enterprise?
Rich Internet Applications
Rich Internet Applications
Cleon Acts Fusion Portal
Cleon Acts Fusion Portal
WEB 2.0 For Interns(Surya)
WEB 2.0 For Interns(Surya)
RIA
RIA
Application Security framework for Mobile App Development in Enterprise Setup
Application Security framework for Mobile App Development in Enterprise Setup
Content - A Fairytale Wedding of Social and Enterprise
Content - A Fairytale Wedding of Social and Enterprise
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
Adobe
Adobe
IRJET- Secured Authentication using Image Shield Protection and Database ...
IRJET- Secured Authentication using Image Shield Protection and Database ...
Nwtl2017 extending and customizing ibm connections cloud
Nwtl2017 extending and customizing ibm connections cloud
Semelhante a State of Web Q3 2011
S01 gae and_hybrid_app_v1.0
S01 gae and_hybrid_app_v1.0
Sun-Jin Jang
What is web2.0
What is web2.0
flyingsheep
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Editor IJCATR
Information Technology for Facilities Management
Information Technology for Facilities Management
Omer Dawelbeit
Pkewebrtc
Pkewebrtc
Sandra Kuzkhan
Cloud web applications: the new perspective of sproutcore
Cloud web applications: the new perspective of sproutcore
David Saitta
Os in-a-browser
Os in-a-browser
Farrukh Naeem
Web Application Vulnerabilities
Web Application Vulnerabilities
Pamela Wright
The challenges of building mobile HTML5 applications - FEEC Brazil 2012 - Recife
The challenges of building mobile HTML5 applications - FEEC Brazil 2012 - Recife
Caridy Patino
HTML5 Handling Security Issues, Security Threats for HTML5, HTML5 Application...
HTML5 Handling Security Issues, Security Threats for HTML5, HTML5 Application...
Idexcel Technologies
Web2.0-IFF
Web2.0-IFF
nidhi murarka
Web2.0-IFF
Web2.0-IFF
guest5991b
Webinos Project
Webinos Project
Georgios Gionis, PhD
Mobile Analytics
Mobile Analytics
tchenard
IRJET-Garbage Monitoring and Management using Internet of things
IRJET-Garbage Monitoring and Management using Internet of things
IRJET Journal
What Are Progressive Web Application Development
What Are Progressive Web Application Development
App Verticals
IRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless Payment
IRJET Journal
SEMINAR (pwa).pptx
SEMINAR (pwa).pptx
BasitMir10
Web 2.0 Standard For End User
Web 2.0 Standard For End User
yanvns
Bridge-Stage Framework for the Smartphone Application Development using HTML5
Bridge-Stage Framework for the Smartphone Application Development using HTML5
ijsrd.com
Semelhante a State of Web Q3 2011
(20)
S01 gae and_hybrid_app_v1.0
S01 gae and_hybrid_app_v1.0
What is web2.0
What is web2.0
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Techniques to Control Memory Hogging by Web Browsers: An in-Depth Review
Information Technology for Facilities Management
Information Technology for Facilities Management
Pkewebrtc
Pkewebrtc
Cloud web applications: the new perspective of sproutcore
Cloud web applications: the new perspective of sproutcore
Os in-a-browser
Os in-a-browser
Web Application Vulnerabilities
Web Application Vulnerabilities
The challenges of building mobile HTML5 applications - FEEC Brazil 2012 - Recife
The challenges of building mobile HTML5 applications - FEEC Brazil 2012 - Recife
HTML5 Handling Security Issues, Security Threats for HTML5, HTML5 Application...
HTML5 Handling Security Issues, Security Threats for HTML5, HTML5 Application...
Web2.0-IFF
Web2.0-IFF
Web2.0-IFF
Web2.0-IFF
Webinos Project
Webinos Project
Mobile Analytics
Mobile Analytics
IRJET-Garbage Monitoring and Management using Internet of things
IRJET-Garbage Monitoring and Management using Internet of things
What Are Progressive Web Application Development
What Are Progressive Web Application Development
IRJET- IoT based Vending Machine with Cashless Payment
IRJET- IoT based Vending Machine with Cashless Payment
SEMINAR (pwa).pptx
SEMINAR (pwa).pptx
Web 2.0 Standard For End User
Web 2.0 Standard For End User
Bridge-Stage Framework for the Smartphone Application Development using HTML5
Bridge-Stage Framework for the Smartphone Application Development using HTML5
Mais de Kim Jensen
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
OpenDNS presenter pack
OpenDNS presenter pack
Kim Jensen
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
Kim Jensen
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
Kim Jensen
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
Kim Jensen
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
Kim Jensen
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
Kim Jensen
Websense 2013 Threat Report
Websense 2013 Threat Report
Kim Jensen
Security Survey 2013 UK
Security Survey 2013 UK
Kim Jensen
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
Kim Jensen
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
Kim Jensen
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
Kim Jensen
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
Kim Jensen
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
Kim Jensen
Corporate Web Security
Corporate Web Security
Kim Jensen
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
Kim Jensen
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
Kim Jensen
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Kim Jensen
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
Kim Jensen
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)
Kim Jensen
Mais de Kim Jensen
(20)
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
OpenDNS presenter pack
OpenDNS presenter pack
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
Websense 2013 Threat Report
Websense 2013 Threat Report
Security Survey 2013 UK
Security Survey 2013 UK
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
Corporate Web Security
Corporate Web Security
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)
Último
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Último
(20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
State of Web Q3 2011
1.
State of The
Web - Quarter 3, 2011 State of the Web Quarter 3, 2011 Report © 2011 Zscaler. All Rights Reserved. Page 1
2.
State of The
Web - Quarter 3, 2011 Introduction In This Issue: In this Q3 2011 edition of the State of the Web from Zscaler • Decline in Facebook ThreatLabZ, we take a closer look at Enterprise web traffic, aggregated across over a hundred billion transactions and millions of • Mobile device usage in the business users across the globe. workplace This quarter we continued to see the social elements of the web • Browser plug-ins/extensions remain out of date in dominate advanced threats and attacks in Enterprise networks. enterprise Leveraging sophisticated social engineering techniques to launch their attacks, malicious groups and hactivists know that human interest, curiosity and oversight represent the weakest link in any enterprise security chain. For that reason, ThreatLabZ wasn’t surprised to see popular social networking applications leveraged as a top attack channel and target. While these trusted social networks and applications continue to dominate enterprise Internet use, employees often have a false sense of security – trusting their favorite tools and apps to provide them ‘safe’ information. However, hackers this quarter continued to take advantage of this trust to exploit corporate victims through web apps, web searches and targeted email scams. Three major trends noticeable in this report include: • Facebook still dominates enterprise web application use - Facebook still remains the dominant web application in enterprise traffic – risking like-jacking, fake videos, and spear-phishing • Corporate mobile devices split between business and personal use - While social networking remains the dominant source of mobile device traffic, business-related traffic follows closely behind • Blended threats continue to target browser plug-ins - Browser plug-ins and extensions remain well out of date, providing a large target base for attacks. © 2011 Zscaler. All Rights Reserved. Page 2
3.
State of The
Web - Quarter 3, 2011 Contents A Look Beyond the Browser .................................................................................................4 The Hidden Risks of Plug-ins and Extensions .......................................................................6 Android Reclaims its Title in the Enterprise ...........................................................................8 Mobility Meets Productivity ..................................................................................................10 Facebook ‘Likes’ the Enterprise ............................................................................................12 When Malware Strikes..........................................................................................................14 A Safe and Productive Network ............................................................................................16 Conclusion ............................................................................................................................17 © 2011 Zscaler. All Rights Reserved. Page 3
4.
State of The
Web - Quarter 3, 2011 Looking Beyond the Browser Every quarter, Zscaler ThreatLabZ tracks enterprise HTTP and HTTPS traffic—including the specific browsers in use. This allows us to show trends in Web and browser use, as well as the vulnerabilities associated with them. With the dominance of Microsoft end-user operating systems in the enterprise, Internet Explorer (IE) maintained its position as the most popular browser observed this quarter. Although Web browsers make up over 75% of HTTP and HTTPS traffic, the other, non-browser traffic is worth looking at. This is made up of browser plug-ins, add-ons and extensions – as well as HTTP and HTTPS traffic from native applications. In Q3, we continued to see a rise in non-browser web traffic – being driven by mobile and desktop applications that leverage HTTP(S) for outbound communication. This is not entirely surprising, as most enterprises have ‘firewalled’ off most ports beyond the ones needed for web and email traffic. As a result, ports 80 and 443 represent a viable egress point for any application. “ Much of enterprise web traffic originates from native apps, and browser “ extensions - not just web browsing © 2011 Zscaler. All Rights Reserved. Page 4
5.
State of The
Web - Quarter 3, 2011 Q3 Enterprise Browser Traffic Despite its dominance, the enterprise traffic share for Internet Explorer has been dropping as Apple becomes a more accepted desktop and laptop solution. This is fueling a growth in Safari, and enterprise employees continue to adopt other alternatives such as Firefox. We have yet to see significant adoption of Chrome in the enterprise, despite increasing adoption in the consumer space. Below are the Q3 traffic shares by browser type: Q3 HTTP(S) Browser Traffic by Type Q3 HTTP(S) Browser Traffic by Type 0.17% 7.02% Opera Safari 23.04% Chrome 58.38% Non-Browser Firefox 10.64% Internet Explorer Figure 1 “ Internet Explorer 9 – despite its additional security features and HTML5 compatibility – has yet to see significant “ adoption at the enterprise level © 2011 Zscaler. All Rights Reserved. Page 5
6.
State of The
Web - Quarter 3, 2011 Internet Explorer Versions in Use As outlined in the graph above, Internet Explorer commands just over half of the total web traffic in the enterprise. Internet Explorer 9 – despite having been released in March of this year with additional security features and HTML5 compatibility – has yet to see significant adoption at the enterprise level. Drilling deeper into the Internet Explorer usage data over each month of the quarter, we see the following: Internet Explorer Traffic Share Internet Explorer Traffic Share Q3 2011 Q3 2011 June July August 30% 28.23% 25% 22.02% 20% 15% 10% 5% 4.21% 1.68% 0% IE 6.x IE 7.x IE 8.x IE 9.x Figure 2 The Hidden Risks of Plug-ins and Extensions Today, plug-ins, add-ons or extensions combine with nearly every browser running in the enterprise. Similar to most any kind of software, older versions of plug-ins typically have more security vulnerabilities. Zscaler offers a unique solution known as Secure Browsing. Secure Browsing identies the type and version of web browser that is in use. As well – and even more importantly – it also identifies the browser plug-ins © 2011 Zscaler. All Rights Reserved. Page 6
7.
State of The
Web - Quarter 3, 2011 that have been employed. As we can see in the chart below, enterprise browser plug-ins are dominated by Microsoft and Adobe, with Adobe Flash remaining the most popular overall browser plug-in in the enterprise. Most Common Web Browser Plugins Q3 2011 Most Common Web Browser Plugins Q3 2011 Quicktime 6.88 % Microsoft Office 6.96 % Java 8.62 % Adobe Shockwave 39.29 % SilverLight 46.44 % .NET 81.63 % Outlook 84.29 % Adobe Reader 84.76 % Windows Media Player 87.01 % Adobe Flash 94.41 % 0% 20%4 0% 60%8 0% 100% Figure 3 Unfortunately, Secure Browsing reveals a highly concerning statistic. Beyond simply revealing which plug-ins are most popular, it also provides insight into the plug-ins that are most commonly outdated. These statistics Why it Matters to Your do tend to fluctuate from quarter to quarter. This is due to typical quarterly Enterprise: patch release cycles, which tend to cause a spike in outdated versions for Browser plug-ins offer a specific plug-ins as end-users fail to implement the updates. dangerous combination of characteristics This is an area where enterprises are currently struggling. As ThreatLabZ continues to highlight, browser plug-ins are made up of a potentially • Readers and players are ubiquitous, across browsers dangerous combination of characteristics – all of which adds up to a tempting target for hackers. • Most users aren’t aware of which plug-ins they have Looking at the statistics below, it becomes clear that most companies have installed little control over the type of plug-ins that their employees are using, or the • Most enterprises have no specific version of plug-ins in use. patch management deployed to keep plug-ins up to date © 2011 Zscaler. All Rights Reserved. Page 7
8.
State of The
Web - Quarter 3, 2011 Most Outdated Web Browser Plugins Q3 2011 Most Outdated Web Browser Plugins Q3 2011 Windows Media Player 1.26 % SilverLight 1.81 % Adobe Flash 7.12 % RealPlayer 10.02% Outlook 19.81% QuickTime 42.45% Adobe Reader 65.84% Java 70.60% Adobe Shockwave 94.22% Figure 4 0% 20%4 0% 60%8 0% 100% Android Reclaims its Title in the Enterprise Android and Blackberry Both mobile device usage and mobile device web transactions logged devices were used more than through Zscaler’s global security cloud infrastructure continue to grow. The any other mobile devices on highest percentage of Q3 mobile transactions through Zscaler’s cloud was corporate networks in Q3: from Android devices – followed by Blackberry, and Apple IOS devices. • Android: 40.36% • Blackberry: 37.26% As mobile transactions from our enterprise customers continue to • iOS: 22.38% grow, we notice that the Android platform accounts for the largest and geographically dispersed user-population. As well, it represents the mobile platform with the highest number of transactions through our cloud. The Apple IOS platform moved to third place this quarter, falling to 22.38% from 42.37% in Q2 2011. This is likely due to a growing sample size of mobile use outside the US. © 2011 Zscaler. All Rights Reserved. Page 8
9.
State of The
Web - Quarter 3, 2011 Q3 Mobile Usage by Geography Q3 Mobile Usage by Geography 4.75% Q3 Mobile Device 1.09% 1.39% 1.07% US Usage/Transactions 2.11% France 2.57% Israel 3. 22.38% 61 3.9 % UK 7% Spain 37.26% Saudi Arabia Australia Singapore 40.36% 79.44% Other Figure 6 Figure 5 IO ndroid Blackberry Figure 6 provides a geographic breakdown on web client transactions that used standard Android, BlackBerry or Apple IOS user-agents. The United States made up about 80% of the mobile client transactions from Zscaler’s enterprise customer base. Android Percent by Country Android Percent by Country 2.35% 1.13% 1.29% .94% US 1.53% Spain 2.76% Israel 9.17% Singapore UK 5.48% Netherlands India 75.34% Mexico Other Figure 7 © 2011 Zscaler. All Rights Reserved. Page 9
10.
State of The
Web - Quarter 3, 2011 Blackberry Percentby Country Blackberry Percent by Country 3.80% 1.25% .80% 2.10% US 3.48% France 7.78% UK Australia 5.48% Japan Mexico 80.78% Other Figure 8 Among our global enterprise customers, Android has the largest geographic coverage. Whereas, among US-based customers, BlackBerry and IOS devices represented more than 80% of the mobile usage. The following charts break out device usage by-country. (Note that IP addresses that did not resolve to a particular country were excluded from the percentages.) IOS IOS Percent byCountry Percent by Country 1.95% 4.41% 4.12% 6.77% Why it Matters to Your Enterprise: US Saudi Arabia • Enterprise users continue to leverage a variety of Israel smartphones and tablets for UK both personal and business Other use 82.76% • Supporting and securing an increasing variety of mobil devices remains a significant Figure 9 challenge for enterprises © 2011 Zscaler. All Rights Reserved. Page 10
11.
State of The
Web - Quarter 3, 2011 Q3 Web Category by Mobile Platform Q3 Web Category by Mobil Platform iPad iPod iPhone 0.61% 1.62% 0.99% 5.72% 0.58% 0.51% 0.02% 0.40% 3.73% 0.67% 21.84% 10.91% 3.67% 6.44% 2.35% 5.18% 4.54% 28.86% 5.79% 7.12% 12.99% 7.20% 15.02% 8.36% 30.20% 3.77% 21.83% 2.28% Social Networking Android Blackberry 2.28% Professional Services 4.30% 1.60% 1.16% 2.15% Corporate Marketing 1.53% 4.69% Web Search 0.12% 6.14% 11.36% News & Media 5.82% 8.07% Digital Media Sports 7.50% 8.28% Entertainment 10.55% 7.82% Music/ Streaming Audio 16.95% 6.33% Other Figure 10 Mobility Meets Productivity Zscaler ThreatLabZ tracks the most prominent website categories viewed by enterprise mobile platforms. For Q3 2011, social networking topped all others among website categories most viewed on enterprise mobile devices. This differs, however, from overall enterprise web browsing— where corporate marketing, professional services, web search and news/ media sites are more popularly visited than social networking. © 2011 Zscaler. All Rights Reserved. Page 11
12.
State of The
Web - Quarter 3, 2011 Q3 Website Categories Accessed by Mobile Devices 15 12% September 9% August July 6% 3% 0% s ng ce ia ts ch t a ki g vi en i in ed ed or or ar r et m Se Sp Se M M w ak et in l s& na l eb rta M ta N al io gi W e ew te ci ss at Di En N or So of e Figure 11 rp Pr Co When looking at various website categories browsed by specific mobile device platforms, few differences are noticed. However, Android and iPod have a much higher percentage of social networking browsing than other mobile device platforms. As well, the iPhone is more popular for music, streaming audio and professional services than other platforms. In some usage areas, the Blackberry and Ipad platforms seem closely related – with both being popularly used for news and media. Interesting to note is the mix of business and recreational traffic on all devices – these are being used for some productive purposes, not just personal apps and browsing. Facebook ‘Likes’ the Enterprise “ Maintaining the trend seen in Q2 2011, social networking was once again the most dominant category of browsed web applications through the Shopping is more popular Zscaler cloud in Q3. And, given its dominance in enterprise web application on desktop systems than use, Facebook once again lead the pack. Yet, for the first time, ThreatLabZ mobile platforms, while saw a slight month-to-month drop in enterprise client Facebook usage. sports is more popularly Meanwhile, other popular web applications like Gmail, YouTube, Twitter and LinkedIn experienced a slight increase. “ viewed on mobile platforms than desktops © 2011 Zscaler. All Rights Reserved. Page 12
13.
State of The
Web - Quarter 3, 2011 Similar to last quarter, social networking and webmail made up the majority of the total web application transactions for the quarter – with web search representing a comparatively smaller percentage. The chart below provides a detailed drill-down of overall web usage (by site) throughout the quarter: Q3 Web Application Usage Drill-Down Q3 Web Application Usage Drill-Down Facebook Gmail 0.81 % YouTube 1.15 % 16.16% 1.39 % Twitter 2.35 % MSN IM 1.94 % Yahoo Mail 2.78 % 45.72% LinkedIn 3.00 % 6.51 % Hotmail 6.58 % Google Search 11.61% Blogger Pandora Other Figure 12 Why it Matters to Your Enterprise: • Facebook remains the Top Q3 Web Application Usage by Month Top Q3 Web Application Usage by Month predominant web 2.0 app in the enterprise—making up 50% nearly 50% of overall usage for the quarter 40% • As Facebook, Twitter, LinkedIn 30% September and YouTube continue 20% August to dominate overall web July application use, enterprises 10% are often allowing unrestricted 0% employee access to social Facebook Gmail YouTube Twitter MSN IM Yahoo Mail LinkedIn networking apps Figure 13 • Allowing, yet securing, social networking apps is a paradox for today’s IT teams © 2011 Zscaler. All Rights Reserved. Page 13
14.
State of The
Web - Quarter 3, 2011 When Malware Strikes Zscaler ThreatLabZ identifies and tracks malicious content in real time – across both HTTP and HTTPS. This gives Zscaler ThreatLabZ the information needed to identify the sources of malware, while tracking general trends in malware threats. The top trend in malware continues to be the inclusion of IFrames within malicious content (often an exploit kit). In September 2011, greater than 67% of the anti-virus signatures that triggered were on web pages that had malicious IFrame inclusions. We have continued to notice a steady increase in security blocks—over time and throughout Q3—that resulted from malicious web responses. Below are the top 10 malware types for Q3. Q3 top 10 families of malware* 1 Malicious HTML IFrame 6 Malicious JS in PDF 2 Malicious JS Redirector 7 Malicious JS IFrame 3 Malicious binary, heuristic detection 8 Malware/Spyware Toolbar 4 Malicious SWF 9 Malicious W32 Trojan 5 OnlineGames Malware 10 JS Shellcode Figure 14 * based on A/V detection only for the most recent month of the quarter (September) © 2011 Zscaler. All Rights Reserved. Page 14
15.
State of The
Web - Quarter 3, 2011 Blackhat Sites and Phishing Spikes Blackhat SEO continues to be a tactic used by cyber criminals to increase web traffic to their sites. Compared to last quarter, the number of search results leading to malware has decreased. However, the number of spam sites (fake stores, fake search engines, etc.) using hijacked sites has increased. University websites (.edu) are still the main source of hijacked sites. The following chart breaks out the types of sites being served in these campaigns. Blackhat SEO Site Types Blackhat SEO Site Types 3.72% 2.01% Fake Store 5.44% Site Down Israel 5.73% UK Spain 7.45% 40.69% Saudi Arabia Australia 12.61% 22.35% Singapore Other Figure 14 © 2011 Zscaler. All Rights Reserved. Page 15
16.
State of The
Web - Quarter 3, 2011 A Safe and Productive Network Throughout Q3, Zscaler noticed a monthly drop in web policy blocks in social networking, webmail, and malware transactions. Conversely, there was a monthly increase in botnet, instant messaging, and anti-virus transactions. Q3 Web Web Policy Blocks Q3 Policy Blocks 30% 25% September 20% August 15% July 10% 5% 0% Malware SocNet Botnet IM Webmail Anti-Virus Figure 15 Malicious web responses continue to be on the rise – with malicious IFrame or Javascript inclusions being the primary threat blocked. This malicious content redirects browsers, often to an exploit site that attempts to exploit known vulnerabilities within web browsers or browser plug-ins. The most common plug-ins that our customers have installed and left unpatched/ vulnernable are Adobe Shockwave, Java, and Adobe Reader. Each of these “ Malicious web responses continue to be on the rise plug-ins has more than 50% of its installs left out-of-date. This is a sharp – with malicious IFrame or increase from the previous quarter. Javascript inclusions being “ the primary threat blocked © 2011 Zscaler. All Rights Reserved. Page 16
17.
State of The
Web - Quarter 3, 2011 Conclusion Every quarter Zscaler ThreatLabZ publishes our State of the Web report to provide some high-level trends observed from the large number of enterprise web transactions traversing the Zscaler security cloud. Given the scale of transactions we see (over a hundred billion across millions of global users), ThreatLabZ is able to provide interesting data-points on enterprise browser usage, browser plug-ins, mobile devices, website categories and various security trends we observe. Of the trends and data-points noticed this quarter, a few stand-out: • A month-to-month percentage decline in enterprise Facebook usage. • While Android mobile devices continue to be in the lead within our global user-base, we noticed Apple IOS devices representing the largest quarterly increase. • Malicious web-site responses – particularly those containing malicious IFrame or Javascript inclusions – appear to be on the rise. • At the same time, the number of clients with vulnerable versions of browser plug-ins also seem to be on the rise. © 2011 Zscaler. All Rights Reserved. Page 17
18.
State of The
Web - Quarter 3, 2011 About the Authors This report was written by Michael Sutton, Julien Sobrier, Mike Geide, Pradeep Kulkarni, and Umesh Wanve. About Zscaler: The Cloud Security Company™ Zscaler enforces business policy, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions, utilizing a multi-tenant, globally-deployed infrastructure. Zscaler’s integrated, cloud- delivered security services include Web Security, Mobile Security, Email Security and DLP Zscaler services enable organizations to provide the . right access to the right users, from any place and on any device—all while empowering the end-user with a rich Internet experience. About Zscaler ThreatLabZ™ ThreatLabZ is the global security research team for Zscaler. Leveraging an aggregate view of billions of daily web transaction, from millions of users across the globe, ThreatLabZ identifies new and emerging threats as they occur, and deploys protections across the Zscaler Security Cloud in real time to protect customers from advanced threats. For more information, visit www.zscaler.com. © 2011 Zscaler. All Rights Reserved. Page 18
Baixar agora