The corporate Internet is a very different place these days, at least according to research done by cloud security vendor Zscaler's research arm ThreatLabZ. The report analyzes billions of Web transactions over Q4 2011. In particular, Facebook, Blackberry and Internet Explorer continue to decline in terms of enterprise traffic seen last year. The biggest threat to corporate security is outdated browser plug-ins, such as Acrobat and Flash, providing "a key driver for threats in the wild," according to the authors.
In terms of browser marketshare, Zscaler has an interesting way to calculate it, looking at traffic that originates from apps and other browser extensions along with the pages that you and I directly go to. As you can see in the above chart, 27% of the enterprise Web traffic comes from these sources, and Internet Explorer still accounts for more than half of that traffic. In Q1 2011, IE had more than 60% share of the traffic, so it is gradually declining. This is in contrast to the consumer space, where IE now accounts for less than 40% of traffic. Even though IEv9 was released a year ago, it has been slow to catch on in the enterprise, perhaps because of low Windows 7 penetration or because so many enterprise apps depend on prior versions.
But the bad news is that outdated plug-ins for browsers are in the majority, including older versions of Adobe Reader and Shockwave. As the above chart shows, corporations are very exposed with most desktops having something that is out of date.
To give further evidence of the slow rate of patching systems, the authors looked at a Java vulnerability for several months after it was first discovered. Not only did it take the major anti-virus vendors a long time to issue updates to protect against this treat, but the exploits were still observed in the traffic patterns that Zscaler monitored.
Zscaler saw Facebook traffic drop from more than 50% in Q1 to 43% by Q4 last year. The authors posit that a drop in time spent on Facebook's site as seen by Alexa may be one of the contributing factors. Or it could just be that corporate folks are frustrated in trying to find their posts thanks to the new timeline feature.