Palo Alto Networks in conjunction with ASIS announced the release of its second Application Usage and Risk Report, a semiannual analysis of application usage, trends, and risks within enterprises. This edition of the report tripled its sample base to more than 60 companies, representing more than 960,000 users.

The report remains unique in that it is not simply focused on malware/threat tracking or behavioral surveys. It provides a detailed analysis of Internet applications and threats based on real traffic, and the larger perspective of business risks or benefits associated with that behavior. As before, much of the behavior was virtually invisible to many IT departments prior to the study.

Key findings of the report include:

HTTP has become the universal application protocol

HTTP applications consume 64% of enterprise bandwidth

HTTP traffic comprises: Client-server applications - 54%; Web surfing - 23%; browser-based applications - 23%

Browser-based applications aren’t simple web browsing – Google Docs, Webex and others download fully-fledged clients on top of the browser

Streaming video is consuming significant enterprise bandwidth

Streaming media (video/audio) applications found in nearly 100% of the accounts are consuming 10% of aggregate enterprise bandwidth

Streaming media applications consumed 30x the bandwidth than P2P filesharing. P2P (e.g., BitTorrent, eMule) and browser-based (e.g., Megaupload) filesharing, notorious for consuming bandwidth, were also found in nearly 100% of the accounts, but consumed less than 1% of the aggregate bandwidth

P2P technology continues its inroads as a delivery mechanism for streaming video, appearing in 43% of the accounts, contributing to increased media application usage.

Applications are the major uncontrolled threat vector

While nearly all organizations studied had application-level threats present, 86% of organizations had one threat in particular – a hidden iframe exploit – which is the entry point for all sorts of other threats, spyware, botnets or other exploits.

Media threats are common (62%) – several threats focusing on Real, Flash and iTunes were found in the sample, corresponding to the extremely high media application usage

Due, in large part to the heavy penetration of iframe/drive-by download exploits, every organization in the sample had adware and spyware, with the sample containing nearly 200 different types of adware and spyware.

“All applications – business, entertainment and malicious – have settled on HTTP as a universal transport.” said Steve Mullaney, vice president of marketing for Palo Alto Networks. “As applications continue to get richer and more powerful, the legacy security infrastructure is completely ineffective. This is evidenced by the near-saturation of application-borne threats we found and the vast range of unsanctioned – and in many cases invisible – applications in heavy use across enterprises. This report is not only a reference guide on the latest application trends, but it also provides IT with the business justification to reassess and realign policies and controls.”

The Application Usage and Risk Report is available for download from Palo Alto Networks at ( Additional information on more than 700 applications can be found in Palo Alto Networks’ Application Research Center (ARC), an online resource that contains up-to-date information on the rapidly evolving application landscape – including the latest news, alerts and analysis. Included in the ARC is the ability to search the Applipedia™ for important characteristics of each application that must be considered when developing policies to enable safe and productive application usage within the enterprise.