BLOG | OFFICE OF THE CTO

Application Services Update: Sensitive Services may be Accessible

Lori MacVittie Thumbnail
Lori MacVittie
Published September 13, 2018
  • Share via AddThis

 

It’s time again to dig into the application services organizations are actually using to make apps faster and safer.

Of note this quarter again is a continuing rise in use of bot defense services. Security and performance application services held firm, showing no losses or gains.

Disturbing is the number of administrative-based ports that remain configured for access. While it’s impossible to determine whether these ports are accessible from the Internet from the data available, the virtual servers configured to support administrative access and protocols is significant, numbering in the thousands. That includes consoles that enable privileged tasks via the web, such as webmin. With incidents involving openly accessible web-consoles increasing, it behooves network operations to regularly audit application services and ensure access is warranted and secured if necessary.

App services iHealth 2018
DEFEND

BOT DEFENSE KEEPS RISING

Bot defense gained 2% again over last quarter, growing from 19% to 21% of organizations employing it to defend against malicious non-human traffic.

Research from F5 Labs proposes that half of all Internet traffic originates with bots. Nearly one third (30%) of these are malicious.

CONTROL & PROTECT

SECURITY STANDS FIRM

Use of application access and web single-sign on services were steady quarter over quarter, as was web security usage.

Analysis from F5 Labs revealed that applications and identities were the initial targets in 86% of breaches, making these application services critical.

ACCELERATE

SUSTAINING SPEED

Web acceleration and HTTP compression services each maintained previous gains, staying steady at 39% and 44% respectively.

The use of client-side SSL (82%) remains disproportionate with its server-side implementation (70%), indicating SSL termination in support of speed rather than end-to-end security.

Application services facts