2013 CHECK POINT ANNUAL SECURITY REPORT
03
_ APPLICATIONS IN THE ENTERPRISE WORKSPACE
022
Usage of Anonymizer
Applications Per Region
(% of Organizations)
49
%
Americas
40
%
EMEA
35
%
APAC
Web
Server
Ultrasurf
Proxy
Ultrasurf
Client
Ultrasurf
Connects to
One of Its
Proxy Servers
Internet
destination URLs\sites. By using Anonymizers, the user
appears to be on a different IP address and trying to access
different destinations, so the security policy may not be
enforced for that user with the altered IP address and the
altered destination address. In some cases, Anonymizers
might also be used to hide criminal activity.
When looking at organizations in our study, 43% used at
least one Anonymizer application by an employee, with Tor
being the most prominent. 86% of the organizations where
Anonymizer usage was found claimed that it was in a non-
legitimate use conflicting with guidelines and security policy.
When we look at the usage of Anonymizer applications
per region, we can see that they are more popular in the
Americas and less in Asia Pacific.
How does Ultrasurf Anonymizer Work?
Ultrasurf is a very sophisticated anonymizer that works
as a proxy client, creating an encrypted HTTP tunnel
between the user’s computer and a central pool of proxy
servers, enabling users to bypass firewalls and censorship.
Ultrasurf has a very resilient design for discovering proxy
servers including a cache file of proxy server IPs, DNS
requests, which return encoded IPs of proxy servers,
encrypted documents on Google Docs and a hard coded
list of proxy server IPs built into the program. These
techniques make it even more difficult to be detected by
security devices.
Chart 3-D
Source: Check Point Software Technologies
13
%
CGI-Proxy
8
%
Ultrasurf
7
%
Hopster
7
%
Hide My Ass
6
%
Hamachi
Most Popular Anonymizer Applications
(% of Organizations)
More info on top Anonymizer applications is available in Appendix B.
Chart 3-C
23
%
Tor
Source: Check Point Software Technologies