Professional Documents
Culture Documents
Prepared for ABC Corp Analysis duration 7 days Traffic inspected by the following
Industry Finance Analysis network Internal network Check Point Software Blades:
Company size 500 - 1000 Employees Security gateway version R80 Application Control, URL Filtering,
Country USA Security device Check Point Appliance 4800 IPS, Anti-Bot, Anti-Virus,
Threat Emulation, DLP
TABLE OF CONTENTS
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & ATTACKS
HIGH RISK WEB ACCESS
DATA LOSS
ENDPOINTS
BANDWIDTH ANALYSIS
SOFTWARE-DEFINED PROTECTION
CHECK POINT SOFTWARE-DEFINED PROTECTION
ABOUT CHECK POINT
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 1
EXECUTIVE SUMMARY 2
* C&C - Command and Control. New malware variant is a zero-day attack or Indicates potential attacks on computers on
If proxy is deployed, there might be additional malicious code with no known anti-virus signature. your network.
infected computers.
114 18 22 15
potential data high risk web high risk web cloud
loss incidents applications sites applications
©Check
©CheckPoint
PointSoftware
SoftwareTechnologies
TechnologiesLtd.
Ltd.AllAllrights
rightsreserved.
reserved. Classification: [Restricted][Restricted]
Classification: ONLY for designated groups andgroups
ONLY for designated individuals
and individuals Security Checkup
Security - Threat
Checkup Analysis
- Threat Report2
Report
Analysis
Key Findings
KEY FINDINGS MALWARE & ATTACKS 4
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS MALWARE & ATTACKS
* For more information on Check Point ThreatCloud IntelliStore please refer to http://www.checkpoint.com/products/threatcloud-intellistore/
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 5
KEY FINDINGS MALWARE & ATTACKS 6
Adware.Win32.MyWay.A 1 Computer
Adware.Win32.Staser.A 1 Computer
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS MALWARE & ATTACKS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 7
KEY FINDINGS MALWARE & ATTACKS 8
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS MALWARE & ATTACKS
0i7.ru 2 2
00xff.net 1 1
002dh.com 1 1
17ta.com 1 1
* You can analyze suspicious URLs by copying and pasting them into VirusTotal online service at www.virustotal.com
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 9
KEY FINDINGS MALWARE & ATTACKS 10
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS MALWARE & ATTACKS
DDOS ATTACKS
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate.
This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed
Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security
analysis, DDoS attacks were detected. The following summarizes the events.
Total: 14 Protections Critical 118 Sources 64 Destinations 70.4 K Total: 16 Countries 56.6K
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 11
KEY FINDINGS HIGH RISK WEB ACCESS 12
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS HIGH RISK WEB ACCESS
Top Risky Websites (Top 5 Categories) Access to sites containing questionable content
Number of Browse Time
Site Category Site Number of Users Site Category Traffic Total Bytes
Hits (hh:mm:ss)
Phishing wsq.altervista.org 7 Users 59 Illegal / Questionable 1:16:00 15.1MB
buogbvd.com 19 Users 19
br46cy78son.net 13 Users 7
dq4cmdrzqp.biz 8 Users 1
050h.com 9 Users 5
123carnival.com 5 Users 5
0hm.net 1 User 3
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 13
KEY FINDINGS DATA LOSS 14
Summary
74.3K total emails scanned 2 emails with data loss incidents 114 web data loss incidents
Top Data Types (Top 10 Categories) Incidents by Protocol
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS DATA LOSS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 15
KEY FINDINGS SCADA COMMUNICATIONS 16
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
46 23 9 33
Sources Destinations Commands Ports
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS ENDPOINTS
23 19 34 44 55
received email
running accessed high infected downloaded
containing link to
high risk risk websites with malware malware
malicious site
applications
22
servers attacked
22 14 15
users accessed users involved in accessed a site
questionable,
non-business
potential data loss
incidents
known to contain
malware
attacked 23
endpoints clients attacked
related websites
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 17
KEY FINDINGS BANDWIDTH ANALYSIS 18
Windows Update Software Update 1 Very Low 623 Sources 4.7GB Traffic by Protocol
Server Message Block (SMB) Network Protocols 1 Very Low 491 Sources 3.7GB https
Skype VoIP 3 Medium 475 Sources 2.3GB http
POP3S
bestday.com Travel - Unknown 232 Sources 2.3GB
MS-SQL-Server
SMTP Protocol Network Protocols 3 Medium 248 Sources 2.2GB Microsoft-ds
Google Services Computers / Internet 2 Low 437 Sources 1.9GB TCP/13000
UDP/40025
Microsoft Dynamics CRM Business Application 1 Very Low 3 Sources 1.7GB
TCP/587
Facebook Social Network 2 Low 226 Sources 1.6GB
UPD/3389
oloadcdn.net Computers / Internet - Unknown 3 Sources 1.5GB IMAP-SSL
Server Message Block (SMB)-write Network Protocols 1 Very Low 33 Sources 1.2GB 0B 100GB 200GB
Gmail Email 3 Medium 55 Sources 1.1GB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
Software-Defined
Protection
Enterprise Security Blueprint
SOFTWARE-DEFINED PROTECTION 20
In a world with high-demanding IT infrastructures The Software Defined Protection (SDP) architecture
and networks, where perimeters are no longer well partitions the security infrastructure into three
defined, and where threats grow more intelligent interconnected layers:
every day, we need to define the right way to protect
enterprises in the ever changing threat landscape. An Enforcement Layer that is based on physical,
virtual and host-based security enforcement points.
There is a wide proliferation of point security products; It segments the network as well as executes the
however these products tend to be reactive and protection logic in high-demand environments.
tactical in nature rather than architecturally oriented. A Control Layer that analyzes different sources of
Today’s corporations need a single architecture that threat information and generates protections and
combines high performance network security devices policies to be executed by the Enforcement Layer.
with real-time proactive protections. A new paradigm A Management Layer that orchestrates the
is needed to protect organizations proactively. infrastructure and brings the highest degree of
agility to the entire architecture.
Software-defined Protection is a new, pragmatic
security architecture and methodology. It offers By combining the high performance Enforcement
an infrastructure that is modular, agile and most Layer with the fast-evolving and dynamic software-
importantly, SECURE. based Control Layer, the SDP architecture provides
not only operational resilience, but also proactive
Such architecture must protect organizations of all incident prevention for an ever-changing threat
sizes at any location: headquarters networks, branch landscape.
offices, roaming through smartphones or mobile
devices, or when using cloud environments. Designed to be forward-looking, the SDP architecture
supports traditional network security and access The Software-
defined Protection
Protections should automatically adapt to the control policy requirements as well as the threat (SDP) architecture
threat landscape without the need for security prevention needed by modern enterprises that
administrators to follow up manually on thousands embrace new technologies such as mobile computing
of advisories and recommendations. These and Software-defined Networks (SDN).
protections must integrate seamlessly into the larger
IT environment, and the architecture must provide a
defensive posture that collaboratively leverages both
internal and external intelligent sources.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
SOFTWARE-DEFINED PROTECTION
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 21
SOFTWARE-DEFINED PROTECTION 22
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
SOFTWARE-DEFINED PROTECTION
VISIBILITY WITH
CHECK POINT SMARTEVENT
Check Point SmartEvent performs big data analysis
and real-time security event correlation. It provides
consolidated and correlated views of incidents
based on multiple sources of information. Security
event analysis creates actionable intelligence in the
form of threat indicators that can be distributed via
ThreatCloud to block threats in real-time.
Visit:
www.checkpoint.com/sdp
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 23
CHECK POINT 24
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report