Internet Explorer losing enterprise traction

Enterprise usage of Internet Explorer dropped by 10 percent over the past year, to just over 50 percent, with some organizations still clinging to IE6 despite the security risks. The bigger threat, though, lies in the fact that more than a quarter of enterprise Web traffic flows through browser extension and plug-ins — some of which IT neglects to keep properly patched, thus making them juicy targets for hackers.

Such are the findings of the newly released Q4 2011 edition of Zscaler ThreatlabZ’s “State of the Web” report, in which the security company analyzes enterprise Web traffic worldwide. The report reveals interesting trends as enterprises move more toward mobile and the cloud — but perhaps more important, it reveals potential security holes in enterprise networks that desperately need filling.

Anyone who’s been tracking browser trends of late is likely unsurprised to see that use of Internet Explorer is on the decline in the business world, as general use of Microsoft’s browser has steadily declined over the past couple of years. As of Q4, Zscaler saw 53.3 percent of enterprise Web traffic driven through some version of IE, a 10 percent decline for the year. As a point of comparison, consumer usage of IE is now below 40 percent, according to StatCounter, with Chrome now ahead of IE8.

IE doesn’t have any rivals nipping particularly closely at its heels in the enterprise, however. According to the report, 26.99 percent of enterprise users use Firefox; just over 5 percent use Chrome; 4.16 percent use Safari; and 0.11 percent use Opera.

Zscaler observed that usage of IE8 doubled in 2011, from 26 percent to 55 percent. Internet Explorer 9 has seen slow enterprise adoption since its release last March, but of more concern, IE6 usage represents around 5 percent of enterprise traffic. IE7 usage declined from around 38 percent to around 35 percent.

Web apps and browser extensions are now responsible for a significant chunk of enterprise Web traffic, at 27 percent, according to Zscaler. “This significant percent of non-browser traffic is not entirely surprising, as most enterprises have blocked ports beyond those needed for Web/email traffic,” according to the report. “As such, modern-app designers are using those ports as viable egress points for any application, including mobile apps.

The problem, the report cautions, is that these apps and browser extensions responsible for over a quarter of all enterprise Web traffic represent a new pathway for cyber criminals to attack enterprise networks. IT has seemingly continued to overlook this threat, according to Zscaler. “Most extensions are unpatched, out of date, and at risk,” according to the report.

As an example, Zscaler noted that Adobe Reader has been a prime target for toolkit attacks.

The most broadly installed browser plug-ins are Adobe Flash, with an install base of 96.02 percent; Windows Media Player, with an install base of just around 90 percent; Adobe Reader, at around 88 percent; Microsoft Outlook, at 87.6 percent; and Microsoft .Net, at slightly over 87 percent.

The list of installed yet outdated (unpatched) plug-ins is strikingly different, however. Zscaler observed that around 61 percent of all Adobe Reader installations in the enterprise were outdated. Second was Adobe Shockwave, at around 52 percent. Microsoft Silverlight ranked third, at around 41 percent, while QuickTime was fourth, at just over 19 percent.

Why do Microsoft extensions rank highly among the most installed but lowest among the unpatched, aside from Silverlight? The trend “suggests that enterprises are doing a good job of enforcing operating system updates (i.e. Windows Update), which includes updates to these components, [but they] have yet to get a handle on managing the updating of third-party software and components.”

Insecure browers and plug-ins aside, Zscaler pointed to botnets — which can infect systems to download more malware, send spam, steal credentials, or launch DoS attacks — as the most prevalent threat to enterprises, ranked by most Web transactions. In the month of the December, Zscaler observed, botnet transactions accounted for nearly 80 percent security blocks. Malicious URLs were a distant second at around 14 percent.

This story, “Internet Explorer losing enterprise traction,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.