Story image

Explosion of SaaS applications in enterprise causing security concerns

08 Oct 15

Enterprise adoption of Software as a Service-based applications is exploding, according to new research from Palo Alto Networks.

The security company’s latest edition of its Application Usage and Threat Report, based on data from more than 7000 enterprises worldwide, showcases real-world trends in enterprise application usage and critical developments in how attackers are attempting to infect organisations.

The report found the increase in SaaS adoption has the potential to introduce new security risks or allow unauthorised access to sensitive data.

The report says the number of SaaS-based applications observed on enterprise networks has grown 46% from 2012 to 2015, and now includes more than 316 applications.

Email attachments also continue their toxicity; with over 40% of email attachments found to be malicious, the report reveals.

Palo Alto Networks has found remote access application usage is widespread. There are currently 79 unique remote access applications in use worldwide, which are commonly used by cyberattackers during the course of their operations.

The company has also found tragedies in the news or headline news are being turned into attack vectors. On average, there was a six-hour gap between a breaking news story and when it was used to deliver a spear phishing or spam or web attack, the report says.

“At Palo Alto Networks, we believe that the sharing of cyberthreat intelligence benefits society as a whole, and that belief is the motivation behind the publication of our annual Application Usage and Threat Report,” explains Ryan Olson, intelligence director, Unit 42 at Palo Alto Networks.

“The better informed cybersecurity professionals are about how attackers are exploiting applications to compromise networks, the more likely they will be able to identify attacks and take action to stop them before their networks are compromised,” he says.

With the increasing popularity of SaaS applications, Olson says security teams are cautioned to familiarise themselves with shadow IT – a trend occurring in enterprise networks in which users use SaaS and other applications without IT’s knowledge or approval – and its potential to weaken security policies.

Additionally, pervasiveness of malicious email attachments highlights the need for automated security measures that can automatically stop a disguised executable file mistakenly activated by an end user, he explains.

Olson adds the speed at which new threats are evolving is getting faster and faster. “Automated attack tools help criminals to take advantage of new vulnerabilities in a matter of hours,” he says. “Stopping these attacks requires automated advanced threat prevention measures that provide broad visibility and protection against known and unknown threats.

HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.
Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.