Page 21 - Check Point 2013 Security Report

2013 CHECK POINT ANNUAL SECURITY REPORT

03

_ APPLICATIONS IN THE ENTERPRISE WORKSPACE

022

Usage of Anonymizer

Applications Per Region

(% of Organizations)

49

%

Americas

40

%

EMEA

35

%

APAC

Web

Server

Ultrasurf

Proxy

Ultrasurf

Client

Ultrasurf

Connects to

One of Its

Proxy Servers

Internet

destination URLs\sites. By using Anonymizers, the user

appears to be on a different IP address and trying to access

different destinations, so the security policy may not be

enforced for that user with the altered IP address and the

altered destination address. In some cases, Anonymizers

might also be used to hide criminal activity.

When looking at organizations in our study, 43% used at

least one Anonymizer application by an employee, with Tor

being the most prominent. 86% of the organizations where

Anonymizer usage was found claimed that it was in a non-

legitimate use conflicting with guidelines and security policy.

When we look at the usage of Anonymizer applications

per region, we can see that they are more popular in the

Americas and less in Asia Pacific.

How does Ultrasurf Anonymizer Work?

Ultrasurf is a very sophisticated anonymizer that works

as a proxy client, creating an encrypted HTTP tunnel

between the user’s computer and a central pool of proxy

servers, enabling users to bypass firewalls and censorship.

Ultrasurf has a very resilient design for discovering proxy

servers including a cache file of proxy server IPs, DNS

requests, which return encoded IPs of proxy servers,

encrypted documents on Google Docs and a hard coded

list of proxy server IPs built into the program. These

techniques make it even more difficult to be detected by

security devices.

Chart 3-D

Source: Check Point Software Technologies

13

%

CGI-Proxy

8

%

Ultrasurf

7

%

Hopster

7

%

Hide My Ass

6

%

Hamachi