0% found this document useful (0 votes)
167 views42 pages

Security Checkup R81.20 2022

The report analyzes network traffic over a 7 day period and identifies security threats including malware infections, high risk web access, potential data loss incidents, and exploitation attempts. It found computers infected with malware and bots, communications with command and control sites, downloads of new malware variants, access to high risk web applications and sites, and potential data loss incidents.

Uploaded by

Marcio Cassiano
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
167 views42 pages

Security Checkup R81.20 2022

The report analyzes network traffic over a 7 day period and identifies security threats including malware infections, high risk web access, potential data loss incidents, and exploitation attempts. It found computers infected with malware and bots, communications with command and control sites, downloads of new malware variants, access to high risk web applications and sites, and potential data loss incidents.

Uploaded by

Marcio Cassiano
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

THREAT ANALYSIS REPORT

Date Customer Prepared By


June 30th, 2022 Corporate ABC Check Point Software Technologies
THREAT ANALYSIS REPORT

Customer Analysis duration Traffic inspected by the following Check Point Software Blades:
ABC Corp 7 Days Application Control

URL Filtering
Industry Analysis network
IPS
Finance Internal Network
Anti-bot
Company size Security Gateway version Anti-virus
500-1000 Employees R81.20
Threat Emulation

Country Security device


Threat Extraction

USA Check Point Appliances 4800 Zero Phishing

Content Awareness

Classification: [Restricted]ONLY for designated groups and individuals Check Point Software Technologies Ltd. © All rights reserved.
EXECUTIVE SUMMARY 2

The following Security Checkup report Malware and Attacks


presents the findings of a security assessment

9 3 39
conducted in your network.
known malware
The report uncovers where your organization
is exposed to security threats, and offers computers infected downloaded by unique software
vulnerabilities were
recommendations to address these risks.
To assess risk, network traffic was inspected
with bots
3 users attempted to be exploited
by Check Point to detect a variety of security
15
344 downloaded
threats, including: malware infections, usage
communications new malware
of high risk web applications, intrusion
with C&C* sites
attempts, loss of sensitive data, and more.

* C&C - Command and Control. New malware variant is a zero-day attack or Indicates potential attacks on computers on
If proxy is deployed, there might be additional malicious code with no known anti-virus signature. your network.
infected computers.

Data Loss High Risk Web Access SaaS Applications

114 18 22 15
potential data high risk web high risk web cloud
loss incidents applications sites applications

6 96.2GB 409 hits 12.5GB


sensitive data
categories
Applications that have integration with our
Potential risks: opens a backdoor to your Potential risks: Exposure to web-based threats Harmony Email & Collaboration solution
Indicated information sent outside the company network, hides user activity, causes data leakage and network infection. Examples: Spam, malicious, and can be fully protected by our Threat
or to unauthorized internal users. Information or malware infections. phishing web sites. Prevention engines
that might be sensitive.

©Check
©CheckPoint
PointSoftware
SoftwareTechnologies
TechnologiesLtd.
Ltd.AllAllrights
rightsreserved.
reserved. Classification: [Restricted][Restricted]
Classification: ONLY for designated groups andgroups
ONLY for designated individuals
and individuals Security
Security Checkup
Checkup - Threat
- Threat Analysis
Analysis Report
Report 2
TABLE OF CONTENTS TABLE OF CONTENTS

Table of Contents
EXECUTIVE SUMMARY

KEY FINDINGS
MALWARE & ATTACKS
HIGH RISK WEB ACCESS
DATA LOSS
BANDWIDTH ANALYSIS
MOBILE THREATS
ENDPOINTS

CHECK POINT INFINITY


CHECK POINT INFINITY
ABOUT CHECK POINT

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 3
Key Findings
KEY FINDINGS CYBER KILL CHAIN

Cyber Kill Chain Pre Inf ection

32 34 39
A cyber kill chain reveals the stages of a
cyber attack. From early reconnaissance
to the goal of data exfiltration.
servers were scanned* users downloaded malwares unique exploits attempts on
The kill chain can also be used as a servers
management tool to help continuously
improve network defense.
* Scanne d (reconnaissance ) Servers – these servers were scanne d from the internet for first understanding of open ports and
Pre Inf ect ion services

1. Reconnaissance
2. Delivery
3. Exploitation Post Inf ection

15 9 3
4. Installation

Post Inf ect ion


malicious connections to C&C machines are infected different malware families were
1. Command and Control
2. Propagation
servers found

Malicious t raffic connect ed t o infect ed end-point (inbound/out bound connect ions)

2 7 2 2 3 4 2 6 2 3 4 1 3 3 5 1

We d 2 0 Fri 22 Sun 24 Tue 26 Thu 28 Sat 30 M on 2 Wed 4

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 4
KEY FINDINGS MALWARE AND ATTACKS
MACHINES INFECTED WITH MALWARES & BOTS
Bot is a malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data,
spreading spam, distributing malware and participating in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks known as
Advanced Persistent Threats (APTs). The following table summarizes the bot families and number of infected computers detected in your network.

Top malwares in t he net work Top infect ed machines ***


Infected
Malware Family Malware Name* Protection T ype
Computers**
172.18.37.13
172.18.0.2
REP.ipohyi DNS Trap
172.18.0.31
172.18.37.7
172.19.5.34
Phishing Phishing.dgodag DNS Trap
172.19.22.108
172.18.22.26
Joanap Backdoor.Win32.Jo
172.18.160.40 Signature
anap.A
172.19.5.34
Phishing Phishing.czuavk 172.18.37.7 DNS Trap

scope
REP.hxotqg 172.18.22.26 DNS Trap 172.19.5.28

REP.ioevan 172.19.5.28 DNS Trap


172.19.22.108
Roughted Roughted.jx 172.18.37.13 DNS Trap

2 Protection
Total: 3 Families 7 Malwar es 9 Computers 172.18.0.31
T ypes

172.18.160.40

172.18.0.2

0B 500B 1KB 1.5KB 2KB


Traffic Sent Bytes

* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers.
*** Amount of malicious traffic from end-point.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 5
KEY FINDINGS MALWARE & ATTACKS

EXTENDED MALWARE INCIDENTS (CHECK POINT THREATCLOUD INTELLISTORE)


Malware threats were detected by extended security intelligence feeds (via Check Point ThreatCloud IntelliStore*).

Top Threats by Feed Feeds by Severity


Feed Detection
Feed Threat Severity Source High Medium
Engine

Mnemonic Malicious domain.bqzei High 52 Sources Anti-Bot


C&C domain.utqzy High 43 Sources Anti-Bot Mnemonic

Vendor & Seveity


Adware domain.qzf High 20 Sources Anti-Bot
Adware domain.qaf High 17 Sources Anti-Bot MalwarePatrol

C&C domain.uteuu High 25 Sources Anti-Bot

C&C domain.vaoek High 19 Sources Anti-Bot ID


Malicious domain.bqtmg High 7 Sources Anti-Bot
C&C domain.uxqcw High 10 Sources Anti-Bot 0 50 100 150 200
C&C domain.umzgw High 3 Sources Anti-Bot Events

Adware domain.qbm High 2 Sources Anti-Bot

Total: 10 Threats High 198 Sources 1 Engine

MalwarePatrol URL hosting a malware High 57 Sources Anti-Bot


executable file.dkgoh
Anti-Virus

Total: 1 Threat High 57 Sources 2 Engines

ID ExploitKit Nuclear.lkfo High 24 Sources Anti-Virus

ExploitKit Nuclear.rqdx High 32 Sources Anti-Virus

MalwareDownload Medium 15 Sources Anti-Virus


Generic.bpkp

ExploitKit Angler.bcncr Medium 7 Sources Anti-Virus

Total: 4 Threats High 78 Sources 1 Engine

Total: 3 Feeds 15 Threats High 333 Sources 2 Engine

* For more information on Check Point ThreatCloud IntelliStore please refer to http://www.checkpoint.com/products/threatcloud-intellistore/

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 6
KEY FINDINGS MALWARE & ATTACKS

MACHINES INFECTED WITH ADWARE AND TOOLBARS


Adware and toolbars are potentially unwanted programs designed to display advertisements, redirect search requests to advertising websites, and collect
marketing-type data about the user in order to display customized advertising on the computer. Computers infected with these programs should be diagnosed
as they may be exposed to follow-up infections of higher-risk malware. The following table summarizes the adware and toolbar malware families and the
number of infected computers detected in your network.

Top Malware Families

Adware Name* Infected Computers**

Adware domain.pzf 3 Computers

Adware domain.qaf 2 Computers

Adware domain.qbm 1 Computer

Adware.Win32.MyWay.A 1 Computer

Adware.Win32.Staser.A 1 Computer

Adware domain.iqp 1 Computer

Total: 6 Adware 9 Computers

* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 7
KEY FINDINGS MALICIOUS MAIL CAMPAIGN

Mail Campaig ns - Zero Day At t acks Malware and Zero Day Incidents

339 zero day attacks


200

150

100

50

0
S e p 1 9 , 2 0 1 7 Sep 21, 2017 Sep 23, 2017 Sep 25, 2017 Sep 27, 2017 Sep 29, 2017 Oct 1 , 2 0 1 7 Oct 3, 2017 Oct 5, 2017
3 known malwares
Mail Campaig ns - Known Malwares
4

2
3 malicious domain reputation
activities*

0
S e p 1 9 , 2 0 1 7 Sep 21, 2017 Sep 23, 2017 Sep 25, 2017 Sep 27, 2017 Sep 29, 2017 Oct 1 , 2 0 1 7 Oct 3, 2017 Oct 5, 2017
* An email with malicious link was detected

Top Recipent s

to13
Email Recipient

to15

to2

to5

to6

0 2 4 6 8 10 12 14 16 18 20 22 24 26
Amount of files

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 8
KEY FINDINGS MALWARE AND ATTACKS
MALWARE DOWNLOADS (KNOWN MALWARE)
With the increase in sophistication of cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded files and email attachments.
During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes
downloads of known malware files detected in your network and the number of the downloading computers. Known malware refers to malware for which
signatures exists and therefore should be blocked by an anti-virus system.

Malware downloads over ht t p Top sources downloaded malware


Infected File Name User Downloaded by MD5* Incidents Count

noa2.exe User 1 10.8.0.214 37945c44a897aa42a66adcab68f


2
560e0 10.8.0.214

install_flash_player.exe User 2 10.8.0.25 fbbdc39af1139aebba4da00447


1 10.8.0.3
5e8839

T otal: 2 Files 2 Users 2 Sources 2 Files 3 10.8.0.25

0 1 2

Malware downloads over smt p Downloads by prot ocol


User http smtp
Infected File Name Downloaded by MD5* Incident Count
Email

QUOTATION to87 10.8.0.3 31acdfaba00a78d39b7e8369ca


1 [1 | 25%]
589071_OCT2017 PDF c90416
..ace

T otal: 1 File 1 User 1 Sour ce 1 File 1

* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
[3 | 75%]

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 9
KEY FINDINGS MALWARE AND ATTACKS
DOWNLOADS OF NEW MALWARE VARIANTS (UNKNOWN MALWARE)
With cyber-threats becoming increasingly sophisticated, advanced threats often include new malware variants with no existing protections, referred to as
'unknown malware'. These threats include new (zero day) exploits, or even variants of known exploits, with no existing signatures and therefore are not
detectable by standard solutions. Detecting these types of malware requires running them in a virtual sandbox to discover malicious behavior. During the security
analysis, a number of malware-related events were detected in your network. The table below summarizes downloads of new malware variants detected in your
network.

1.5K 344
T otal files scanned T otal malware found Malicious downloads by prot ocol
(using sandboxing technology) smtp http

[1%]

Downloads of new malware variant s


Infected Malicious
scope Confidence Downloads MD5* Protocol
File Name Activities

Behaves like a
New Doc 75fab3cee3f2c0add14f59a1534…
known malware (
2017-10-01 172.17.0.3 22 3fd8590ca33be86176796f40b9… smtp
Generic.MALWAR High
- Page 2.7z 19 more Files MD5
E.0838 ) [99%]

Behaves like a
New Doc 91.243.175.15… 09d56ab0cfa15536d14570d5b4…
known malware (
2017-10-02 122.164.236.1… 20 a25bd1667f0022d1ed0693d7d3… smtp
Generic.MALWAR High
- Page 2.7z 172.17.0.3 15 more Files MD5 Top malicious file t ypes
E.0531 )
Number of
Behaves like a File T ype Download
New Doc 2781d8fd774372c2f043261ae2a… Files
known malware (
2017-10-02 172.17.0.3 19 21f9c24e0d2f79434e2e0c3b412… smtp
Generic.MALWAR High 7z 317 Files 526
- Page 3.7z 13 more Files MD5
E.0dd0 )
zip 8 Files 11

rar 4 Files 11
jar 7 Files 9
pdf 4 Files 5
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
docx 2 Files 4

T otal: 8 568
34 4 Files
T ypes Downloads

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 10
KEY FINDINGS MALWARE AND ATTACKS

Infected File
scope Malicious Activities Confidence Downloads MD5* Protocol
Name

Behaves like a known 21f9c24e0d2f79434e2e0c3b412f8c82


New Doc 2017-
172.17.0.3 malware ( High 16 934564cebf2ac8b1bf5188c926909d13 smtp
10-02 - Page 1.7z
Generic.MALWARE.235c ) 9 more Files MD5
Behaves like a known 55409267c072f07f3c3792665a7c5a01
New Doc 2017- 103.58.144.21
malware ( High 15 e2595ce25f56a7b0609d1657a5bbb722 smtp
10-01 - Page 1.7z 172.17.0.3
Generic.MALWARE.6c8c ) 13 more Files MD5
Behaves like a known aa4b8b2c9b715c5b0eb6ac25ebd989b7
New Doc 2017-
172.17.0.3 malware ( High 9 acf3e7de88e4795323dae13dde88ec56 smtp
10-01 - Page 3.7z
Generic.MALWARE.4c0a ) 5 more Files MD5
66.163.186.229
74.6.129.214
attachment20170
74.6.129.229 Tampering with normal
816-14130- High 7 4F2139E3961202B1DFEAE288AED5CB8F smtp
74.6.133.216 system operation
h2sg68.doc
74.6.134.216
1 more scope
58578c7b.exe
172.18.0.159 Malicious Registry Activity High 3 58578c7b40de85473fa3ed61a8325531 smtp

Invoice -8020082_ A new process was


172.17.0.3 created during the High 2 ce8d91a03b1f16fd2650d9266af7769e smtp
PDF.zip
emulation

MT103_20170929. Behaves like a known


84.38.132.131 malware ( High 2 90259617abc8e 16de350497e 2fcb0627 smtp
zip
Generic.MALWARE.cc15 )
2 Confidence
T otal: 4 59 Files 27 9 scope 362 Malicious activities 568 34 4 Files MD5 2 Services
Levels

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 11
KEY FINDINGS MALWARE AND ATTACKS
ACCESS TO SITES KNOWN TO CONTAIN MALWARE
Organizations can get infected with malware by accessing malicious web sites while browsing the internet, or by clicking on malicious links embedded in received
email. The following summarizes events related to sites known to contain malware.

Top DNS connect ions t o malicious sit es Top sources accessed malicious sit es
End-Point IP Malware Family Domain Hits

clientupdatenw.com
Phishing
172.18.0.31 gmil.com 7
Roughted
xml.pdn-1.com
10.1.0.31
gmil.com
Phishing
172.18.0.2 vip.debtcactive.com 5
Roughted
xml.pdn-1.com
172.19.0.145 Phishing clientupdatenw.com 4
172.18.3.89 Roughted xml.pdn-1.com 2 10.1.0.2

172.18.37.7 Phishing 4iy269pif3b3dd.ru 1

T otal: 8 scope 2 Families 5 Domains 22

Source
Top HTTP/S connect ions t o malicious sit es 10.1.3.89

End-Point IP Malware Family Domain Hits

172.18.2.19
http://clientupdatenw.com/?v=3&client=client&os=WIN1…
172.18.2.20
http://boletin.aprendum.com/action.php?id_k=8021&id_…
172.18.2.64 10.1.37.13
Phishing http://clientupdatenw.com/?v=3&client=threshold&os=W… 30
172.18.3.4
http://clientupdatenw.com/?v=3&client=client&os=WIN6…
172.18.3.50
http://clientupdatenw.com/?v=3&client=trident&os=WIN…
12 more scope
172.18.3.33
172.18.3.89 http://xml.pdn-1.com/redirect?feed=95352&auth=eQ76q… 10.1.3.33
172.18.20.31 Roughted http://xml.pdn-1.com/redirect?feed=72089&auth=PRRXR… 6
172.18.20.82 http://xml.pdn-1.com/redirect?feed=97557&auth=eQ76q…
172.18.37.13

T otal: 21 scope 2 Families 8 Domains 36 0 2 4 6 8


Hits

* You can analyze suspicious URLs by copying and pasting them into VirusTotal online service at www.virustotal.com

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 12
KEY FINDINGS MALWARE AND ATTACKS
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes all events with known industrial
reference.
Top at t acks and exploit ed soft ware vulnerabilit ies Top t arg et ed end-point s

Industry
Attacked Destination Attack / Exploit Attack Source Events
Reference
10.1.0.88
10.1.0.88 WebSphere Server CVE-2015-7501 10.174.140.74 24
and JBoss Platform 10.116.195.8

Destination
Apache Commons
Collections Remote T otal: 26 Sources 82
10.1.0.214
Code Execution
Apache Struts2 CVE-2017-5638 10.112.10.250 28 10.27.195.8
Content-Type
Remote Code T otal: 3 Sources 46 10.1.0.108
Execution
HP Universal CMDB CVE-2014-7883 10.156.190.64 0 20 40 60 80 100 120
1
Number of attacks
JMX Console
Authentication T otal: 1 Source 1
Bypass
T otal: 4 Attacks / Top CVEs
4 References 29 Sources 130
Exploits
10.116.195.8 NTP Servers Monlist CVE-2013-5211 10.222.94.58 22
CVE-2015-7501
Command Denial of
Service T otal: 34 Sources 93

Industry Reference
CVE-2013-5211
T otal: 1 Attack /
1 Reference 34 Sources 93
Exploit CVE-2017-5638

CVE-2016-2107

* You can learn more about the vulnerability that IPS detected by copying and pasting the CVE into Check CVE-2017-0027

Point ThreatPortal online service at https://thre atpoint.che ckpoint.com/T hreatPortal/


0 50 100 150
Number of attacks

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 13
KEY FINDINGS MALWARE AND ATTACKS

Attacked Destination Attack / Exploit Industry Reference Attack Source Events

10.1.0.214 Microsoft Office Information Disclosure CVE-2017-0027 10.8.0.214 54


(MS17-014: CVE-2017-0027)
T otal: 2 Sources 55

SQL Servers Unauthorized Commands CVE-2014-3704 10.1.22.36 10


SQL Injection
T otal: 1 Source 10
Microsoft Excel File Format Code CVE-2012-0141 10.8.0.214 9
Execution (MS12-030)
T otal: 1 Source 9

T otal: 3 Attacks / Exploits 3 References 3 Sources 74


10.27.195.8 NTP Servers Monlist Command Denial of CVE-2013-5211 10.197.94.58 16
Service
T otal: 27 Sources 62

Multiple Vendors NTP Mode 7 Denial of CVE-2009-3563 10.118.216.57 1


Service
T otal: 1 Source 1

T otal: 2 Attacks / Exploits 2 References 27 Sources 63


10.1.0.108 Apache Struts2 Content-Type Remote CVE-2017-5638 10.112.10.250 32
Code Execution
T otal: 3 Sources 50
WebSphere Server and JBoss Platform CVE-2015-7501 10.172.10.250 3
Apache Commons Collections Remote
Code Execution T otal: 1 Source 3

HP Universal CMDB JMX Console CVE-2014-7883 10.156.190.64 2


Authentication Bypass
T otal: 1 Source 2

T otal: 4 Attacks / Exploits 4 References 4 Sources 57

T otal: 111 Destinations 28 Attacks / Exploits 39 References 213 Sources 7 86

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 14
KEY FINDINGS SERVERS EXPLOITS BASED ON CHECK POINT KNOWLEDGE
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
The following table summarizes all events that were analyzed and found by Check Point internal ThreatPortal online service.

Top at t acks and exploit ed vulnerabilit ies based on int ernal advisories Top t arg et ed end-point s
Attack
Attack / Exploit Attack Source Events
Destination
10.1.0.159
10.1.0.159 Suspicious Executable Mail Attachment 10.8.0.3 154

Suspicious Mail Attachment Containing


10.8.0.3 116
JavaScript Code 10.1.0.214

Suspicious Metadata Mail Phishing


10.8.0.3 4
Containing Archive Attachment
10.1.0.22
T otal: 4 Attacks / Exploits 1 Source 27 8
10.1.0.214 Sqlmap Automated SQL Injection tool 10.1.22.36 69
10.1.0.3
SQL Servers UNION Query-based SQL
10.1.22.36 37
Injection

Destination
WordPress HTTP Brute Force Login 10.116.195.8
10.8.0.214 19
Attempt

T otal: 12 Attacks / Exploits 3 Sources 185 10.27.195.8


10.1.0.22 Suspicious Metadata Mail Phishing 10.2.175.20 1
Redirection
10.3.107.76 1 10.1.160.204

Suspicious Executable Mail Attachment 10.116.175.136 6


10.2.145.207 2 10.1.160.168

Suspicious Mail Attachment Containing 10.83.38.64 2


JavaScript Code
10.142.186.47 2 10.1.160.40

T otal: 4 Attacks / Exploits 85 Sources 103


T otal: 63 10.1.160.87
35 Attacks / Exploits 199 Sources 1.2K
Destinations

0 50 100 150 200 250


Number of attacks

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 15
KEY FINDINGS SCANNED SERVERS
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes these events.

Top scanned servers


T arg et end-point Attack / Exploit Events Source

10.1.85.23 10.3.178.7
SIPVicious Security Scanner 818 10.4.59.54
171 more Sources
10.91.46.124
ZmEu Security Scanner 17 10.104.45.245
4 more Sources
T otal: 7 Attacks / Exploits 84 9 192 Sources
10.1.85.22 10.3.178.7
SIPVicious Security Scanner 821 10.4.59.54
170 more Sources
10.91.46.124
ZmEu Security Scanner 17 10.104.45.245
5 more Sources
T otal: 6 Attacks / Exploits 84 7 188 Sources
10.1.85.21 10.3.178.7
SIPVicious Security Scanner 820 10.4.59.54
173 more Sources
10.91.46.124
ZmEu Security Scanner 13 10.104.45.245
3 more Sources
T otal: 6 Attacks / Exploits 84 4 191 Sources

T otal: 32 Destinations 11 Attacks / Exploits 4 .5K 24 7 Sources

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 16
KEY FINDINGS MALWARE & ATTACKS

DDOS ATTACKS
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate.
This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed
Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security
analysis, DDoS attacks were detected. The following summarizes the events.

Summary Top Source Countries


Source Country Attacks

14 70.4K 13.3MB Mexico 41.4K


attack types total attacks bandwidth utilization United Kingdom 5.9K

United States 5.7K


Top DDoS Attacks Poland 2.1K
Attack Name Severity Source Destination Events France 1.3K
Network flood IPv4 UDP Critical 59 Sources 7 attacked 6.4K Sweden 156
4 attacked
China 24
Network flood IPv4 TCP-SYN Critical 2 Sources 13 attacked 5.0K
21 attacked Serbia 19
4 attacked
India 18
TCP Scan (horizontal) High 3 Sources 2 attacked 15.55K
Canada 18
TCP Scan (vertical) High 3 Sources 13 attacked 1.6K Netherlands 14
15 attacked
5 attacked
Singapore 5

TCP Scan High 12 Sources 21 attacked 1.0K Vietnam 3


18 attacked
17 attacked Trinidad and Tobago 2
7 attacked
2 attacked Kuwait 2

Total: 14 Protections Critical 118 Sources 64 Destinations 70.4 K Total: 16 Countries 56.6K

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 17
KEY FINDINGS MALWARE AND ATTACKS
Zero-Day Phishing
During the security analysis, we've detected attempts of clients to connect to Zero-Day Phishing websites.
The following summarizes the Zero-Day Phishing incidents.
Web Phishing Attack Timeline
Check Point Zero-Day Phishing Prevention, powered by patented technologies and AI
engines, prevents access to the most sophisticated phishing websites, both known and Prevent
completely unknown, without the need to install and maintain clients on end-user devices.
6

Phishing Attacks 2

7 Total
Phishing Attempts 7 Detected
Phishing Attempts
0
8:00 PM Mon 11 4:00 AM 8:00 AM 12:00 PM 4:00 PM

Top 10 Sources Top 10 Phishing Domains


Source Domain Name Confidence Level Destination Country

1.1.1.20 salesforce.sbm-de… High United States


zp-demo.com zp-demo.com

1.1.1.50 salesforce.sbm-de… High United States


zp-demo.com
salesforce.sbm-demo.xyz
1.1.1.100 salesforce.sbm-de… High United Kingdom
zp-demo.com
United States
0 1 2 3 4

Phishing Attacks Severity


High Critical

[1]

[6]

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 18
KEY FINDINGS HIGH RISK WEB ACCESS

USAGE OF HIGH RISK WEB APPLICATIONS


Web applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration
applications might be legitimate when used by admins and the helpdesk, but please note that some remote access tools can be used for cyber-attacks as well. The
following risky web applications were detected in your network, sorted by category, risk level and number of users.

Top High Risk Web Applications


Application Category Application Name Source Risk Level * Traffic
96.2 GB
total high risk web
Proxy Anonymizer Tor 7 Sources Critical 23 GB applications traffic
Hola 4 Sources Critical 354 MB

Ultrasurf 4 Sources Critical 239 MB Top Categories


Hide My Ass 3 Sources Critical 120 MB Application Category Traffic
OpenVPN 1 Source Critical 32 MB
Proxy Anonymizer 26 GB
Total: 7 Applications 16 Sources 26 GB
P2P File Sharing 61 GB
P2P File Sharing BitTorrent Protocol 24 Sources High 23 GB File Storage &
Sharing Applications 9.2 GB
SoulSeek 22 Sources High 22 GB
Total: 3 Categories 96.2 GB
Xunlei 19 Sources High 12 GB

iMesh 13 Sources High 456 MB * RIsk level 5 indicates an application that


can bypass security or hide identities. Risk
Gnutella Protocol 8 Sources High 56 MB level 4 indicates an application that can
Total: 6 Applications 73 Sources 61 GB cause data leakage or malware infection
without user knowledge.
File Storage & Dropbox 132 Sources High 6 GB
Sharing Applications
Hightail 54 Sources High 3 GB

Mendeley 9 Sources High 123 MB

Zippyshare 5 Sources High 55 MB

Sendspace 1 Source High 3 MB

Total: 5 Applications 201 Sources 9.2 GB


Total: 3 Categories 18 Applications 290 Sources 96.2 GB

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 19
KEY FINDINGS HIGH RISK WEB ACCESS

ACCESS TO HIGH RISK WEB SITES


Web use is ubiquitous in business today. But the constantly evolving nature of the web makes it extremely difficult to protect and enforce standards for
web usage in a corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs
and applications as well. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by
category, number of users, and number of hits.

Top Risky Websites Access to sites containing questionable content


Number of Browse Time
Site Category Site Number of Users Site Category Traffic Total Bytes
Hits (hh:mm:ss)
Phishing wsq.altervista.org 7 Users 59 Illegal / Questionable 1:16:00 15.1MB

applynow. Sex 2:42:00 8.9MB


4 Users 45
mwexoticspetsforsale.com
Gambing 13:11:00 7.4MB
login.marlktplaats.com 4 Users 21
Hacking 00:01:00 56.0KB
masternard.com 3 Users 5
Total: 4 Categories 17:10:00 31.5MB
pro-update.com 1 User 3
Access to non-business websites or to sites containing
Total: 7 Sites 16 Users 135 questionable content can expose an organization to possible
Spam bgeqwre.com 24 Users 65 productivity loss, compliance and business continuity risks.
bgvlidf.com 22 Users 55

buogbvd.com 19 Users 19

br46cy78son.net 13 Users 7

dq4cmdrzqp.biz 8 Users 1

Total: 6 Sites 73 Users 153


Spyware / Malicious 100footdiet.org 132 Users 66
Sites
0scan.com 54 Users 33

050h.com 9 Users 5

123carnival.com 5 Users 5

0hm.net 1 User 3

Total: 9 Sites 254 Users 121


Total: 3 Categories 22 Sites 343 Users 409

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 20
KEY FINDINGS DATA LOSS

DATA LOSS INCIDENTS


Your company’s internal data is one of its most valuable assets. Any intentional or unintentional loss can cause damage to your organization. The information
below was sent outside the company, or to potentially unauthorized internal users. This information may potentially be sensitive information that should be
protected from loss. The following represents the characteristics of the data loss events that were identified during the course of the analysis.

Summary

74.3K total emails scanned 2 emails with data loss incidents 114 web data loss incidents
Top Data Types Incidents by Protocol

Data Type Users Events Services http 77


[67.5%]
Credit Card Numbers 7 54 http smtp 37
[32.5%]
Business Plan 5 32 smtp

Financial Reports 2 12 http

Source Code 1 9 http

Pay Slip File 3 5 smtp

U.S. Social Security Numbers 1 2 http

Total: 6 Data Types 19 Users 114 Events 2 Services

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 21
KEY FINDINGS DATA LOSS

FILES UPLOADED TO CLOUD BASED WEB APPLICATIONS


One of the greatest characteristics of Web 2.0 is the ability to generate content and share it with others. This capability comes with significant risk. Sensitive
information can get into the wrong hands by storing confidential financial files on cloud-based file storage and sharing services. The following table provides an
overview of the types of files uploaded from your organization and the respective file storage and sharing applications used.

Cloud-Based Web Applications File Types


Site / Application Uploaded Number EXE [14%]
Site / Application File Type
Category Files of Users
PDF [27%]
File Storage & Sharing Dropbox 7 Files 59 Users .EXE, .PPTX, .PDF
Applications
Hightail 4 Files 45 Users .DOCX, .PPTX

Mendeley 4 Files 21 Users .PDF, .XLXS DOCX [18%]


Google Drive-web 3 Files 13 Users .EXE, .PDF

Mega 3 Files 6 Users .EXE

Total: 7 Sites 24 Files 163 Users


P2P File Sharing BitTorrent Protocol 24 Files 65 Users .DOCX, .PPTX

SoulSeek 22 Files 55 Users .PDF, .XLXS

FileMp3.org 16 Files 43 Users .PDF, PPTX PPTX [22%]


XLXS [19%]
P2P-Radio 9 Files 22 Users .XLXS

Sharebox 3 Files 10 Users .PDF, .XLXS

Total: 6 Sites 76 Files 201 Users


Share Files Facebook 132 Files 66 Users .DOCX, .PPTX

FreeWire 42 Files 23 Users DOCX.

Total: 2 Sites 174 Files 89 Users


Total: 3 Categories 15 Sites 274 Files 453 Users

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 22
KEY FINDINGS SCADA COMMUNICATIONS

SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.

SCADA Communications

46 23 9 33
Sources Destinations Commands Ports

Top SCADA Protocols & Commands


Protocol & Command Transactions Traffic
BACNet Protocol (Building Automation and Control Networks) 38 4.3GB
DNP3 Protocol - freeze and clear 21 123MB
EtherNet/IP 16 2.2GB
OPC UA - secure conversation message 2 71.0MB
DNP3 Protocol - immediate freeze 2 513MB
DNP3 Protocol 2 1.6GB
DNP3 Protocol - write 1 1.7GB
DNP3 Protocol - ware restart 1 57MB
DNP3 Protocol - select 1 321MB
Total: 9 Protocols & Commands 84 Transactions 10.885GB

For deep security analysis of IOT - Please refer to Cyber Security Risk Assessment page

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 23
KEY FINDINGS HARMONY EMAIL & COLLABORATION
About Harmony Email & Collaboration Solution
Email is the first link in a chain of attacks, and with the rise of remote work, the use of cloud mailboxes and collaboration apps increased exponentially.
Harmony Email & Collaboration provides organizations with complete, full-suite protection that is constantly adapting and evolving to the ever-changing threat
landscape, while providing security admins with an easy-to-deploy and manage platform, making your security offerings easy and efficient.
This section covers applications that have tight integration with our Harmony Email and Collaboration solution and can be fully protected by our Threat Prevention
engines focusing on File Storage, Cloud Email Services, Collaboration and CRM.

SAAS Application Top Harmony Email & Collaboration Supported


Applications
4
SAAS Applications Seen
walla.co.il [1]

Gmail [1]

79.3KB
Sent Traffic From SAAS Applications Windows Update [2]

1.1MB Microsoft NCSI [10]


Received Traffic From SAAS Applications

17 Time Line
Connections Seen to SAAS Applications
Microsoft NCSI Windows Update walla.co.il

1MB

1 500KB
Users Seen Using SAAS Applications
0B
8:00 PM Mon 11 4:00 AM 8:00 AM 12:00 PM 4:00 PM

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 24
KEY FINDINGS HARMONY EMAIL & COLLABORATION

Traffic Sent Traffic Received Traffic Total


Service Service Category Application Risk Users Connections Action
Bytes Bytes Bytes

Search Engines / Unknown Accept


walla.co.il 1 Users 70.6KB 975.0KB 1.0MB 1
Portals
Windows Update Software Update Very Low 1 Users 4.8KB 119.9KB 124.6KB 2 Accept

Microsoft NCSI Network Utilities Low 4 Users 3.9KB 6.7KB 10.8KB 10 Accept

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 25
KEY FINDINGS MOBILE THREATS

The following Security Checkup report presents the findings of a security


assessment conducted in your network. The report focuses on mobile 547 Android devices
threats and uncovers where your organization is exposed to them, and offers

433 iOS devices


recommendations to address these risks.

To assess risk, network traffic was inspected by Check Point to detect a


variety of security threats, including: mobile malware infections, usage

979GB
and downloads of high risk mobile apps, download of malicious mobile total mobile traffic
applications, outdated mobile operating systems, and more.

Mobile devices detected on corporate network (number of devices is based on source IP


addresses).

30 18 201 20
cloud mobile high risk mobile apps high risk web sites downloads of
apps malicious apps
and malware

19GB traffic
9GB traffic 855 hits
13
infected devices

Download of malicious content such as


Examples: Dropbox, Google Drive, OneDrive. High risk mobile apps are apps that might Examples: Spam, malicious, botnets and malicious apps, malware and adware
Risk of data loss and compliance violations. be used by attackers to monitor and control phishing web sites. Potential risks: Exposure and infected devices communicating with
mobile devices or cause data loss. to web-based threats and network infection. Command and Control servers.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 26
KEY FINDINGS MOBILE THREATS

MOBILE DEVICES INFECTED WITH MALWARE


Mobile malware are malicious software which invade your mobile device. Mobile malware allow criminals to steal sensitive information from a device, take
control of its sensors to execute keylogging, steal messages, turn on the video camera, and all this without your knowledge. Mobile malware play a key role
in targeted attacks known as Advanced Persistent Threats (APTs). The following table summarizes the mobile malware detected in your network.

Bot infections Command & Control locations


Communications with
Malware* Infected Devices
Command and Control Center

Plankton 5 devices 1,453

Xinyin 5 devices 1,265

AndroRAT 4 devices 684

BatteryBot 2 devices 587

Bosua 3 devices 45

HummingBad 2 devices 33

SMS-Agent.A 2 devices 26

SmsThief 1 device 7

SMS-Agent.B 1 device 3

Total: 9 malware families 13 infected devices 4,103

* For more information on specific malware, search on www.threat-cloud.com

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 27
KEY FINDINGS MOBILE THREATS

DOWNLOADS OF MALICIOUS APPS AND MALWARE


With the increased in sophistication in mobile cyber threats, many targeted attacks begin by embedding malware in downloaded apps and files. During the
security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes downloads
of malware by mobile devices.

Malware downloads
Malware* Downloaded by Downloads MD5

MobileConf.apk 21 devices 3 582e74467fd100622871fd9cc4dc005c

com.android.senscx.apk 13 devices 3 048b145948a07ab93e24a76dafda8bb7

org.blhelper.vrtwidget.apk 8 devices 3 76745ce873b151cfd7260e182cbfd404

SystemThread.apk 7 devices 3 b9484ae3403c974db0f721b01bd6c302

com.android.systemUI.apk 3 devices 3 f8645efd5ea2b802d68406207000d59b

Pornclub.apk 2 devices 2 6fa0ffc80d7796748238ad5f1ef3fd71

Settings Tools.apk 2 devices 1 29dc63afd068dad7a589c680896e5e86

MainActivity.apk 1 device 1 f3867f6159ee25ebf90c8cc0220184ed

clean.apk 1 device 1 eeb6777ce814c6c78e7b9bce9f8176e6

Total: 9 malware files 58 devices 20 downloads 9 Files MD5

* For more information on specific malware, search on www.threat-cloud.com

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 28
KEY FINDINGS MOBILE THREATS

USAGE OF HIGH RISK MOBILE APPS


Mobile apps are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration
apps might be legitimate when used by admins and the helpdesk, but when used maliciously, they can allow potential attackers to steal sensitive information
from a device, take control of the sensors to execute keylogging, steal messages, turn on video camera, and more. The following risky apps were detected in your
network.

Top high risk mobile apps Mobile devices


App Category App Name* Risk Level Devices Traffic
Android 64% iOS 36%
Spyware Mspy High 24 5 GB

Spy2Mobile High 22 2 GB

Bosspy High 19 1 GB

Mobile Spy High 11 456 MB

Shadow Copy High 5 350 MB

My Mobile Watchdog High 3 120 MB

MobiStealth High 2 59 MB

TalkLogV High 1 56 MB
Total: 1 category 18 apps 87 9 GB

* For more information on specific app, search on http://appwiki.checkpoint.com/

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 29
KEY FINDINGS MOBILE THREATS

ACCESS T O HIGH RISK WEB SIT ES


Web use is ubiquitous in business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult to protect and enforce web usage in a
corporate environment. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category,
number of users, then number of hits.

Top hig h risk web sit es (t op 10 sit es per cat eg ory) Hig h risk web sit es by cat eg ory
Site Categ ory Site Mobile Users Hits

Site category
Suspicious Content
ad.pxlad.io/ad Spam
Spyware / M alicious Sites
an.tacoda.net/an/atids.html
Botnets
bam.nr-data.net/1/92a411bc23 Phishing
beacon.securestudies.com/scripts/beaco …
0 20 40 60 80 100
cdn.applight.mobi/applight/2015 Hits
Suspicious Content down.onowcdn.com/testapk 81 Mobile Users 104
dxcnd.cn
fbhpadmax.com
file1.updrv.com/soft/2012/drivethelife5_s … Access t o sit es cont aining quest ionable cont ent
19 more Sites Browse T ime T raffic T otal
Categ ory
(hh:mm:ss) Bytes
a0.awsstatic.net
adx.adform.net/adx Sex 21:24:00 3.9GB
aptrk.com/g Illegal / Questionable 3:59:00 910.8MB
c.ffctdbtr.com
Gambling 0:10:00 11.4MB
cj-cy.com
Spam clk.apxadtracking.net/iclk/redirect.php 61 Mobile Users 73 Hacking 0:01:00 64.0KB
comerciointernacional.com.mx T otal: 4 Categ ories 25:34 :00 4 .8G B
delightfulmotivation.com
dl7wen29y4h7i03edf6pm3s6h7nt5oxgpoe…
dreamingofgalleries.me
16 more Sites

Web Access to non-business websites or to sites containing


questionable content can expose an organization to possible
productivity loss, compliance and business continuity risks.

©Ch eck Point Software Tech nologies Ltd. All righ ts reserved. Classification: [Restricted] O NLY for design ated groups and individu als Secu rity Checku p - Threat Analysis Report 30
KEY FINDINGS ENDPOINTS

343 total endpoints detected


Endpoints Involved in High Risk Web Access Endpoints Involved in Malware and Attack Incidents
and Data Loss Incidents

23 19 34 44 55
received email
running accessed high infected downloaded
containing link to
high risk risk websites with malware malware
malicious site
applications

22
servers attacked
22 14 15
users accessed users involved in accessed a site
questionable,
non-business
potential data loss
incidents
known to contain
malware
attacked 23
endpoints clients attacked
related websites

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 31
KEY FINDINGS BANDWIDTH ANALYSIS

BANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITES


An organization‘s network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Some are business related and
some might not be business related. Applications that use a lot of bandwidth, for example, streaming media, can limit the bandwidth that is available for
important business applications. It is important to understand what is using the network’s bandwidth to limit bandwidth consumption of non-business
related traffic. The following summarizes the bandwidth usage of your organization sorted by consumed bandwidth.

Top Applications/Sites (Top 30)

Application/Site Category Risk Level Sources Traffic 539.8GB


YouTube Media Sharing 2 Low 151 Sources 13.6GB total traffic scanned
Office 365-Outlook Email 1 Very Low 363 Sources 10.9GB

Microsoft SQL Server Business Application 2 Low 189 Sources 6.4GB

Windows Update Software Update 1 Very Low 623 Sources 4.7GB Traffic by Protocol
Server Message Block (SMB) Network Protocols 1 Very Low 491 Sources 3.7GB https
Skype VoIP 3 Medium 475 Sources 2.3GB http
POP3S
bestday.com Travel - Unknown 232 Sources 2.3GB
MS-SQL-Server
SMTP Protocol Network Protocols 3 Medium 248 Sources 2.2GB Microsoft-ds
Google Services Computers / Internet 2 Low 437 Sources 1.9GB TCP/13000
UDP/40025
Microsoft Dynamics CRM Business Application 1 Very Low 3 Sources 1.7GB
TCP/587
Facebook Social Network 2 Low 226 Sources 1.6GB
UPD/3389
oloadcdn.net Computers / Internet - Unknown 3 Sources 1.5GB IMAP-SSL
Server Message Block (SMB)-write Network Protocols 1 Very Low 33 Sources 1.2GB 0B 100GB 200GB
Gmail Email 3 Medium 55 Sources 1.1GB

Outlook.com Email 3 Medium 280 Sources 1.0GB


ds.pr.dl.ws.microsoft.com Computers / Internet - Unknown 1 Source 958.6MB

Jabber Protocol (XMPP) Network Protocol 2 Low 391 Sources 872.6MB

Total: 254 Applications/Sites 34 Categories 4 Risks 2,049 Sources 539.8GB

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 32
RECOMMENDATIONS
RECOMMENDATIONS

Recommendations for the Security Checkup Key Findings


The Security Checkup assessment report reveals several types of threats that your organization is exposed to. In order to secure your critical assets
we recommend you to review the following cyber security solutions and learn more about Check Point most updated technologies.

KEY FINDING MALWARE & ATTACKS

CHECK POINT SOLUTION: THREAT PREVENTION


A key Check Point differentiator when compared to other firewalls is the integration of best-in-class threat prevention across the architecture.
While others concede attackers will get in and are pivoting to detection and response, our focus remains on stopping attacks before they succeed.
This includes tackling the latest large-scale, multi-vector GenV attacks, in addition to more conventional attacks that are still widely used. Learn more.

KEY FINDING HIGH RISK WEB ACCESS, BANDWIDTH ANALYSIS

CHECK POINT SOLUTION: APPLICATION INSPECTION AND CONTROL


Check Point’s Application Control capability supports security policies to identify, allow, block or limit usage of thousands of applications,
including web and social networking, regardless of port, protocol or evasive technique used to traverse the network. It currently understands
over 8,100 Web 2.0 applications with more being added continuously. Advanced user interaction features allow security administrators to alert
employees in real-time about application access limitations, and query them as to whether application use is for business or personal use.
This enables IT administrators to gain a better understanding of Web usage patterns, adapt policies and regulate personal usage without
interrupting the flow of business. Learn more.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
RECOMMENDATIONS

KEY FINDING DATA LOSS

CHECK POINT SOLUTION: DATA LOSS PREVENTION (DLP)


Check Point Data Loss Prevention (DLP) pre-emptively protects your business from unintentional loss of valuable and sensitive information.
Integrated in Check Point Next Generation Firewalls (NGFW), network DLP enables businesses to monitor data movement and empowers
your employees to work with confidence, while staying compliant with regulations and Industry standards. Learn more.

KEY FINDING MOBILE THREATS

CHECK POINT SOLUTION: HARMONY MOBILE


Mobile security is a top concern for every company these days - and for a good reason. In the new normal, your remote workers increasingly access
corporate data from their mobile devices, and that means you’re exposed to data breaches more than ever. Harmony Mobile is the market-leading
Mobile Threat Defense solution. It keeps your corporate data safe by securing employees’ mobile devices across all attack vectors: apps, network
and OS. Designed to reduce admins’ overhead and increase user adoption, it perfectly fits into your existing mobile environment, deploys and scales
quickly, and protects devices without impacting user experience nor privacy. Learn more.

KEY FINDING ENDPOINTS

CHECK POINT SOLUTION: HARMONY ENDPOINT


Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape.
It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact
with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a
single, efficient, and cost-effective solution. Learn more.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT
INFINITY
CHECK POINT INFINITY

THE CYBER SECURITY It provides complete threat prevention which


ARCHITECTURE OF THE FUTURE seals security gaps, enables automatic,
immediate threat intelligence sharing across
Growing connectivity along with evolving all security environments, and a unified
networks and technologies provide great security management for an utmost efficient
opportunities for businesses, but also security operation.
presents new and more sophisticated threats.
Securing networks is becoming more UNIFIED SECURITY ACROSS ALL
complex, often requiring advanced NETWORKS, CLOUD AND MOBILE
technologies and high level of human Check Point Infinity leverages unified threat
expertise. Separate IT environments often intelligence and open interfaces to block
drive businesses to apply different point attacks on all platforms before they infiltrate
solutions, many of which are focused on the network. The interconnectivity between
detection and mitigation rather than all Check Point’s components delivers
prevention. This reactive approach to consistent security through advanced threat
cyberattacks is costly and ineffective, prevention, data protections, web security
complicates security operations and creates and more. In addition, the different
inherent gaps in security posture. components share the same set of interfaces
Enterprises need a more complete and APIs, enabling consistent protection and
architecture that scales with dynamic simplified operation across all networks.
business demands and focused on prevention Check Point Infinity also includes the
to ensure all IT environments are completely broadest security coverage available for the
protected. cloud in today’s market, delivering the same
levels of advanced security, regardless of the
SOLUTION cloud provider selection.
Check Point Infinity is the only fully- Migration of business applications to mobile
consolidated cyber security architecture that has transformed the way we use our devices,
futureproofs your business and IT exposing us to new types of cyber
infrastructure across all networks, cloud threats. SandBlast Mobile, the industry’s
and mobile. most secure mobile protection, maximizes
The architecture is designed to resolve the mobility and security infrastructure with
complexities of growing connectivity and the widest set of integrations in the industry
inefficient security. to ensure you stay protected anytime and
anywhere.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT INFINITY

PREEMPTIVE CYBER SECURITY CONSOLIDATED SECURITY Future-proof your business and ensure
Deploying security which is based on MANAGEMENT business continuity with the architecture that
detection and followed by remediation is Managing the entire security network is often keeps you protected against any threat,
costly and inefficient, since it allows attackers complicated and demands high level of anytime and anywhere.
toinfiltrate the network and cause damage human expertise. Check Point Infinity,
before remediation is done. powered by R80.x security management BENEFITS
Check Point Infinity prevents known and version, brings all security protections and • Prevention-driven cyber security, powered
zero-day unknown threats from penetrating functions under one umbrella, with a single by the most advanced threat prevention
the network with SandBlast product family, console which enables easier operation and solutions against known and unknown
saving time and the costs associated with more efficient management of the entire threats.
remediating the damages. security network. • Consistent security across all Check Point
SandBlast solutions include over 30 different The single console introduces unparalleled components with shared threat intelligence
innovative technologies and additional granular control and consistent security, and across networks, cloud and mobile.
prevention capabilities across all provides rich policy management which • Unified and efficient management of the
environments: enables delegation of policies within the entire security network through a single
enterprise. pane of glass.
• Network-based threat prevention for The unified management, based on modular • Rich integrations with 3rd party solutions
security gateways with best-in-class IPS, policy management and rich integrations with flexible APIs.
AV, post-infection BOT prevention, network with 3rd party solutions through flexible
Sandboxing (threat emulation) and malware APIs, enables automation of routine tasks to
sanitation with Threat Extraction. increase operational efficiencies, freeing up
• SandBlast Agent endpoint detection and security teams to focus on strategic security
response solution with forensics, rather than repetitive tasks.
anti-ransomware, AV, post-infection BOT
prevention and Sandboxing on the endpoint. SUMMARY
• SandBlast Mobile advanced threat Preventing the next cyber-attack is a possible
prevention for mobile devices protects from mission. Check Point has the most advanced
threats on the device (OS), in apps, and in technologies and threat prevention
the network, and delivers the industry’s solutions for the entire IT infrastructure.
highest threat catch rate for iOS and Check Point Infinity architecture unifies the
Android. entire IT security, providing real-time shared
• SandBlast for Office365 cloud, part of threat intelligence and a preemptive
Check Point’s cloud security offerings. protection – all managed by a single,
consolidated console.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT

solutions. Our solutions operate under a unified CORPORATE HEADQUARTERS


About Check Point security architecture that enables end-to-end security United States
with a single line of unified security gateways, and Check Point Software Technologies Inc.
allow a single agent for all endpoint security that 959 Skyway Road Suite 300
Check Point Software Technologies’ mission is to can be managed from a single unified management San Carlos, CA 94070
secure the Internet. Check Point was founded in console. This unified management allows for ease of 1-800-429-4391
1993, and has since developed technologies to deployment and centralized control and is supported
secure communications and transactions over the by, and reinforced with, real-time security updates. International
Internet by enterprises and consumers. Check Point Software Technologies Ltd.
Our products and services are sold to enterprises, 5 Ha’Solelim Street
Check Point was an industry pioneer with our service providers, small and medium sized Tel Aviv 67897, Israel
FireWall-1 and our patented Stateful Inspection businesses and consumers. Our Open Platform for +972-3-753-4555
technology. Check Point has extended its IT security Security (OPSEC) framework allows customers to
innovation with the development of our Software extend the capabilities of our products and services Please contact us for more information and
Blade architecture. The dynamic Software Blade with third-party hardware and security software to schedule your onsite assessment:
architecture delivers secure, flexible and simple applications. Our products are sold, integrated
solutions that can be customized to meet the security and serviced by a network of partners worldwide. Within the US: 866-488-6691
needs of any organization or environment. Check Point customers include tens of thousands of
businesses and organizations of all sizes including all Outside the US: +44 2036087492
Check Point develops markets and supports a wide Fortune 100 companies. Check Point’s award-winning
range of software, as well as combined hardware ZoneAlarm solutions protect millions of consumers
and software products and services for IT security. from hackers, spyware and identity theft.
We offer our customers an extensive portfolio
of network and gateway security solutions, data
www.checkpoint.com
and endpoint security solutions and management

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy