Interactively browse the key findings at www.paloaltonetworks.com/aur.
The June 2012 Application Usage and Risk report answers the question asked by network and security administrators alike: where's my bandwidth. Hint: Your users like to watch video - and just wait until the Olympics are streaming across YouTube - and your network.
Interactively browse the key findings at www.paloaltonetworks.com/aur.
2. Where’s My Bandwidth?
Key questions this report answers:
• Which application categories consume the most bandwidth?
• Exactly how much bandwidth does streaming video consume?
• Which type of filesharing is most heavily used?
• Is social networking truly a bandwidth hog?
3. Top 5 Categories = 76% of the Bandwidth
Peel away the corporate usage. Roughly a quarter of your bandwidth $$$
is video and filesharing…
4. Users Like to Watch Video
13% of total bandwidth is video/photo traffic. 107 variants found; an
average of 34 in 97% of the organizations. A fraction of it is corporate use.
5. P2P Never Dies
It continues to be used despite control efforts. 7 variants found in 78% of
the organizations.
6. The Filesharing Traffic
Port-based Firewalls Miss
Nearly 15% of filesharing is invisible to firewalls. Application control means
all apps, all ports, all the time.
7. Browser-Based Filesharing
Use Cases Solidify…
Work vs. entertainment? Megaupload traffic went to Putlocker, Rapidshare,
others. P2P crushes BBFS in total BW consumed.
8. Pinterest and Tumblr - New Ways to
Express Yourself
Tumblr is the antithesis of Facebook; unfiltered, fully customizable.
Pinterest is a new way to share your hobbies and interests.
9. Which Ports do Applications Really Use?
The common perception is that Port 80 (tcp/80) is where all the traffic and
all the problems are. Port 80 security is a requirement; but too much focus
is shortsighted.
12. Palo Alto Networks Application Usage
and Risk Report
www.paloaltonetworks.com/aur
Editor's Notes
107 video/photo apps, 140 filesharing apps, 30% of the bandwidth. How do the business apps survive?
Globally, users watch a significant amount of video. Youtube and PP Stream, a p2p based streaming video application are leading consumers. In total, 107 application variants were found globally. On average, 34 in every networkViewed from a cost of BW perspective, $0.13 of the bandwidth $$$ is spent on video.
P2P filesharing, specifically bittorrent is off the charts. Jumping 4x to 13.4% of total bandwidth – despite ongoing efforts to control it. Viewed from a cost of BW perspective, $0.13 of the bandwidth $$$ is spent on bittorrent and other P2P filesharing apps.
All applications within the Palo Alto Networks database include underlying technology (browser-based, peer-to-peer, etc) as well as which ports the applications use. The 140 filesharing and file transfer applications were broken down into four port groupings defined as: Applications that use tcp/80 only. As expected, the bulk of these applications are browser-based. Putlocker, Depositfiles and Docstoc are three examples of the applications found in this group. Applications that use tcp/443 ortcp/443 & 80. Applications within this group use tcp/443or tcp/443,80. RapidShare, 4Shared and YouSendIt! are three of the browser-based filesharing application examples while Sugarsync and Microsoft LiveMesh represent two of the client-server based examples. Applications that do not use tcp/80 at all. All of these applications are either client-server (FTP, TFTP) or peer-to-peer. The peer-to-peer applications in this group are using a range of ports and include Ares, DirectConnect and Kazaa. Applications that are dynamic (hop ports), or use a range of high numbered ports. As expected, this group of applications is primarily peer-to-peer and includes BitTorrent, eMule and Xunlei. The browser-based examples within this group include Fileserve, Filesonic, and Mediafire. As a user accessibility and firewall evasion feature, port hopping (aka, dynamic) has historically been used in either client-server or peer-to-peer applications. The use of port hopping in browser-based applications indicates how significantly applications have evolved.
Usage patterns indicate a clear delineation between work and entertainment . 71 variants in this group – only 1% of total BW consumed. Compared to P2P at 13.4%. Control efforts should be directed at both P2P and browser-based filesharing
Social networking applications are used universally. New variants (Pinterest and Tumblr) jump –tumblr a new comer, is rapidly growing in popularity. Its growth may be due to the differences between it and facebook. Tumblr: freeform, unstructured, unfiltered, customizable. Facebook: structured, filtered, minimal customization.Pinterest – a new variant added in march 2012 - found in only 15% of the orgs yet consumed 1% of SN BW G+ = jumped in frequecny from 25% to 86% and a 10X increase in BW Shows that the social networking space continues to define itself.
Applications that use tcp/80 only. As expected, the bulk of the applications in this group are browser-based. Applications that use tcp/443 and/or tcp/80. Applications within this group use both tcp/443 exclusively or tcp/443 and tcp/80. Applications that do not use tcp/80 at all. All of these applications are either client-server (FTP, TFTP) or peer-to-peer. Applications that are dynamic (hop ports), or use a range of high numbered ports. As expected, this group of applications is primarily peer-to-peer with some browser-based and client server examples as well. Bottom line: Application visibility and control needs to be on all ports, across all apps, all the time.