FRAMINGHAM, 1 MARCH 2011 - Microsoft Internet Explorer use is dropping and Web application traffic is surging according to one study of how employees at about 2,000 companies made use of the Internet over the past year.
Use of Microsoft's Internet Explorer browser dropped from 76.6% in January 2010 to 64.75% by December of the same year. The Apple Safari and Google Chrome browsers, each at about 1.5%, gained about 1% by the end of 2010, and Mozilla Firefox, which started 2010 at 9.62%, had dropped to 8.74% by year-end according to the "State of the Web - Q4 2010" report published by Zscaler today. The study is the security vendor's annual analysis of patterns associated with millions of Web-based transactions from many thousands of individuals using the Zscaler security-as-a-service cloud each day.
"IE dropped by 11% to 12%, so you would have expected another browser to gain that," says Michael Sutton, Zscaler's vice president of security research. But instead, corporate employees using Zscaler's cloud-based Web and e-mail filtering service are showing a growing preference for third-party applications, probably because "they get a more rich user experience" than with a browser, he notes. Zscaler recently added support for the iPhone to its cloud-based filtering service, but most of the traffic monitored last year was from the user's desktop, he adds.
From an enterprise security perspective, "this is a wake-up call" because "anything on your desktop may need patching," says Sutton. Just as security experts have pointed out that weaknesses in browsers have become a focus of attacks, there's the possibility that vulnerabilities in these apps could become a cause of concern in the future as well.
In other findings from Zscaler's annual report it appears that Microsoft's IE6 browser is finally fading from the enterprise, and IE8 is the "most dominant browser in the enterprise."
Meanwhile, the rise of non-browser traffic, described as "native applications that are transmitting HTTP(S) traffic," steadily rose from 10.50% of all traffic in January 2010 to 21.75% in December of last year, according to Zscaler.
It all indicates the startling rise of Web applications in corporate traffic patterns, says Sutton, who adds he was surprised to see native apps -- especially those built to support specific Web sites such as Facebook, Twitter, Google Maps, YouTube and many more -- climb to such prominence in Zscaler's study of the Web traffic patterns of its enterprise customer base. HTTPS delivery is good for preventing sidejacking, but it allows attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection, Sutton said.
Facebook took the lion's share at 47.65%, and the study notes that "the more interactive and media-rich the site or service, the more transactions there will be," Sutton said.
Sign up for MIS Asia eNewsletters.