New Application Usage Report Reveals Organizations Cannot Control Applications with Existing Security Infrastructure

Based on Actual Network Traffic, Report Highlights Inability of Traditional
Firewalls, URL Filtering, IPS and Proxies to Control Today`s Applications and
Tech-Savvy Users
SUNNYVALE, Calif.--(Business Wire)--
Palo Alto Networks, the leader in next-generation firewalls, today announced
that results of an industry study reveal that legacy security products are not
controlling users` applications of choice within the enterprise, despite more
than $6B spent annually on these products. 

These are results of the company`s third Application Usage and Risk Report, a
semi-annual analysis of application usage on enterprise networks. Unlike other
industry reports that are based on behavioral surveys, Palo Alto Networks` usage
report looks at which applications are in use, identifies emerging trends, and
discusses the associated business risks or benefits. Made available today, this
edition of the report summarizes traffic assessments of nearly 900,000 users
across more than 60 large organizations that span markets including financial
services, manufacturing, healthcare, government, retail and education. 

Despite the fact that every organization in the study was equipped with a legacy
firewall and 87 percent had one or more additional controls such as a proxy, an
IPS or URL filtering, the sample was unable to have visibility into, nor control
of, application traffic. Examples from the report include:

* An average of six peer-to-peer (P2P) file sharing applications were found in
92 percent of the sample networks - with some organizations having as many as 17
variants. Common examples included Xunlei, BitTorrent and GnuNet. 
* Browser-based file sharing was found in 76 percent of the organizations, with
an average of five variants. The most common examples were YouSendIt!,
MegaUpload and MediaSpace. 
* In nearly every organization, applications that enable users to bypass
security controls (public proxies, encrypted tunnels, remote desktop control)
were found.

Today`s applications are built for accessibility using standard features that
enable them to automatically slip through security controls. The analysis shows
that more than half of the nearly 500 unique applications found enable
accessibility by hopping ports or using port 80 or 443 (typically open to enable
web browsing or SSL traffic). 

In addition to the business and security risks that the lack of visibility over
these applications poses, applications also consume an organization`s bandwidth
at a significant rate. From the report, more than half of the bandwidth was
being consumed by 28 percent of the applications, most of which were consumer
oriented. 

"The findings in this report are significant, especially when you consider these
tough economic times and the money organizations are spending on security
products which are not working," said Lane Bess, President and CEO of Palo Alto
Networks. "It`s clear that applications and threats have evolved and legacy
firewall technology has not kept up. Administrators need a security
infrastructure that does more than look at ports and protocols to provide the
visibility and control necessary to fully protect their networks." 

The Application Usage and Risk Report is available for download from Palo Alto
Networks at http://www.paloaltonetworks.com/literature/AUR_report0409.html.
Additional information on more than 800 applications that are identified by Palo
Alto Networks can be found in the company`s Application Research Center (ARC),
an online resource that contains up-to-date information on the rapidly evolving
application landscape - including the latest news, alerts and analysis. Included
in the ARC is the ability to search the Applipedia for important characteristics
of each application that must be considered when developing policies to enable
safe and productive application usage within the enterprise. 

About Palo Alto Networks

Palo Alto Networks is the leader in next-generation firewalls, enabling
unprecedented visibility and granular policy control of applications and content
- by user, not just IP address - at up to 10Gbps with no performance
degradation. Based on patent-pending App-ID technology, Palo Alto Networks
firewalls accurately identify and control applications - regardless of port,
protocol, evasive tactic or SSL encryption - and scan content to stop threats
and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and
maintain complete visibility and control, while significantly reducing total
cost of ownership through device consolidation. For more information, please
visit www.paloaltonetworks.com. 

Palo Alto Networks, the Palo Alto Networks Logo and App-ID are trademarks of
Palo Alto Networks, Inc. in the United States. All other trademarks, trade names
or service marks used or mentioned herein belong to their respective owners. 





Spalding Communications, LLC
Dan Spalding, 408-960-9297
dan@spaldingcomm.com
or
CHEN PR
Meghan Rozanski, 781-672-3128
mrozanski@chenpr.com

Copyright Business Wire 2009