Security Checkup R81.20 2022
Security Checkup R81.20 2022
Customer Analysis duration Traffic inspected by the following Check Point Software Blades:
ABC Corp 7 Days Application Control
URL Filtering
Industry Analysis network
IPS
Finance Internal Network
Anti-bot
Company size Security Gateway version Anti-virus
500-1000 Employees R81.20
Threat Emulation
Content Awareness
Classification: [Restricted]ONLY for designated groups and individuals Check Point Software Technologies Ltd. © All rights reserved.
EXECUTIVE SUMMARY 2
9 3 39
conducted in your network.
known malware
The report uncovers where your organization
is exposed to security threats, and offers computers infected downloaded by unique software
vulnerabilities were
recommendations to address these risks.
To assess risk, network traffic was inspected
with bots
3 users attempted to be exploited
by Check Point to detect a variety of security
15
344 downloaded
threats, including: malware infections, usage
communications new malware
of high risk web applications, intrusion
with C&C* sites
attempts, loss of sensitive data, and more.
* C&C - Command and Control. New malware variant is a zero-day attack or Indicates potential attacks on computers on
If proxy is deployed, there might be additional malicious code with no known anti-virus signature. your network.
infected computers.
114 18 22 15
potential data high risk web high risk web cloud
loss incidents applications sites applications
©Check
©CheckPoint
PointSoftware
SoftwareTechnologies
TechnologiesLtd.
Ltd.AllAllrights
rightsreserved.
reserved. Classification: [Restricted][Restricted]
Classification: ONLY for designated groups andgroups
ONLY for designated individuals
and individuals Security
Security Checkup
Checkup - Threat
- Threat Analysis
Analysis Report
Report 2
TABLE OF CONTENTS TABLE OF CONTENTS
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & ATTACKS
HIGH RISK WEB ACCESS
DATA LOSS
BANDWIDTH ANALYSIS
MOBILE THREATS
ENDPOINTS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 3
Key Findings
KEY FINDINGS CYBER KILL CHAIN
32 34 39
A cyber kill chain reveals the stages of a
cyber attack. From early reconnaissance
to the goal of data exfiltration.
servers were scanned* users downloaded malwares unique exploits attempts on
The kill chain can also be used as a servers
management tool to help continuously
improve network defense.
* Scanne d (reconnaissance ) Servers – these servers were scanne d from the internet for first understanding of open ports and
Pre Inf ect ion services
1. Reconnaissance
2. Delivery
3. Exploitation Post Inf ection
15 9 3
4. Installation
2 7 2 2 3 4 2 6 2 3 4 1 3 3 5 1
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 4
KEY FINDINGS MALWARE AND ATTACKS
MACHINES INFECTED WITH MALWARES & BOTS
Bot is a malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data,
spreading spam, distributing malware and participating in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks known as
Advanced Persistent Threats (APTs). The following table summarizes the bot families and number of infected computers detected in your network.
scope
REP.hxotqg 172.18.22.26 DNS Trap 172.19.5.28
2 Protection
Total: 3 Families 7 Malwar es 9 Computers 172.18.0.31
T ypes
172.18.160.40
172.18.0.2
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers.
*** Amount of malicious traffic from end-point.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 5
KEY FINDINGS MALWARE & ATTACKS
* For more information on Check Point ThreatCloud IntelliStore please refer to http://www.checkpoint.com/products/threatcloud-intellistore/
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 6
KEY FINDINGS MALWARE & ATTACKS
Adware.Win32.MyWay.A 1 Computer
Adware.Win32.Staser.A 1 Computer
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 7
KEY FINDINGS MALICIOUS MAIL CAMPAIGN
Mail Campaig ns - Zero Day At t acks Malware and Zero Day Incidents
150
100
50
0
S e p 1 9 , 2 0 1 7 Sep 21, 2017 Sep 23, 2017 Sep 25, 2017 Sep 27, 2017 Sep 29, 2017 Oct 1 , 2 0 1 7 Oct 3, 2017 Oct 5, 2017
3 known malwares
Mail Campaig ns - Known Malwares
4
2
3 malicious domain reputation
activities*
0
S e p 1 9 , 2 0 1 7 Sep 21, 2017 Sep 23, 2017 Sep 25, 2017 Sep 27, 2017 Sep 29, 2017 Oct 1 , 2 0 1 7 Oct 3, 2017 Oct 5, 2017
* An email with malicious link was detected
Top Recipent s
to13
Email Recipient
to15
to2
to5
to6
0 2 4 6 8 10 12 14 16 18 20 22 24 26
Amount of files
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 8
KEY FINDINGS MALWARE AND ATTACKS
MALWARE DOWNLOADS (KNOWN MALWARE)
With the increase in sophistication of cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded files and email attachments.
During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes
downloads of known malware files detected in your network and the number of the downloading computers. Known malware refers to malware for which
signatures exists and therefore should be blocked by an anti-virus system.
0 1 2
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
[3 | 75%]
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 9
KEY FINDINGS MALWARE AND ATTACKS
DOWNLOADS OF NEW MALWARE VARIANTS (UNKNOWN MALWARE)
With cyber-threats becoming increasingly sophisticated, advanced threats often include new malware variants with no existing protections, referred to as
'unknown malware'. These threats include new (zero day) exploits, or even variants of known exploits, with no existing signatures and therefore are not
detectable by standard solutions. Detecting these types of malware requires running them in a virtual sandbox to discover malicious behavior. During the security
analysis, a number of malware-related events were detected in your network. The table below summarizes downloads of new malware variants detected in your
network.
1.5K 344
T otal files scanned T otal malware found Malicious downloads by prot ocol
(using sandboxing technology) smtp http
[1%]
Behaves like a
New Doc 75fab3cee3f2c0add14f59a1534…
known malware (
2017-10-01 172.17.0.3 22 3fd8590ca33be86176796f40b9… smtp
Generic.MALWAR High
- Page 2.7z 19 more Files MD5
E.0838 ) [99%]
Behaves like a
New Doc 91.243.175.15… 09d56ab0cfa15536d14570d5b4…
known malware (
2017-10-02 122.164.236.1… 20 a25bd1667f0022d1ed0693d7d3… smtp
Generic.MALWAR High
- Page 2.7z 172.17.0.3 15 more Files MD5 Top malicious file t ypes
E.0531 )
Number of
Behaves like a File T ype Download
New Doc 2781d8fd774372c2f043261ae2a… Files
known malware (
2017-10-02 172.17.0.3 19 21f9c24e0d2f79434e2e0c3b412… smtp
Generic.MALWAR High 7z 317 Files 526
- Page 3.7z 13 more Files MD5
E.0dd0 )
zip 8 Files 11
rar 4 Files 11
jar 7 Files 9
pdf 4 Files 5
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
docx 2 Files 4
T otal: 8 568
34 4 Files
T ypes Downloads
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 10
KEY FINDINGS MALWARE AND ATTACKS
Infected File
scope Malicious Activities Confidence Downloads MD5* Protocol
Name
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 11
KEY FINDINGS MALWARE AND ATTACKS
ACCESS TO SITES KNOWN TO CONTAIN MALWARE
Organizations can get infected with malware by accessing malicious web sites while browsing the internet, or by clicking on malicious links embedded in received
email. The following summarizes events related to sites known to contain malware.
Top DNS connect ions t o malicious sit es Top sources accessed malicious sit es
End-Point IP Malware Family Domain Hits
clientupdatenw.com
Phishing
172.18.0.31 gmil.com 7
Roughted
xml.pdn-1.com
10.1.0.31
gmil.com
Phishing
172.18.0.2 vip.debtcactive.com 5
Roughted
xml.pdn-1.com
172.19.0.145 Phishing clientupdatenw.com 4
172.18.3.89 Roughted xml.pdn-1.com 2 10.1.0.2
Source
Top HTTP/S connect ions t o malicious sit es 10.1.3.89
172.18.2.19
http://clientupdatenw.com/?v=3&client=client&os=WIN1…
172.18.2.20
http://boletin.aprendum.com/action.php?id_k=8021&id_…
172.18.2.64 10.1.37.13
Phishing http://clientupdatenw.com/?v=3&client=threshold&os=W… 30
172.18.3.4
http://clientupdatenw.com/?v=3&client=client&os=WIN6…
172.18.3.50
http://clientupdatenw.com/?v=3&client=trident&os=WIN…
12 more scope
172.18.3.33
172.18.3.89 http://xml.pdn-1.com/redirect?feed=95352&auth=eQ76q… 10.1.3.33
172.18.20.31 Roughted http://xml.pdn-1.com/redirect?feed=72089&auth=PRRXR… 6
172.18.20.82 http://xml.pdn-1.com/redirect?feed=97557&auth=eQ76q…
172.18.37.13
* You can analyze suspicious URLs by copying and pasting them into VirusTotal online service at www.virustotal.com
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 12
KEY FINDINGS MALWARE AND ATTACKS
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes all events with known industrial
reference.
Top at t acks and exploit ed soft ware vulnerabilit ies Top t arg et ed end-point s
Industry
Attacked Destination Attack / Exploit Attack Source Events
Reference
10.1.0.88
10.1.0.88 WebSphere Server CVE-2015-7501 10.174.140.74 24
and JBoss Platform 10.116.195.8
Destination
Apache Commons
Collections Remote T otal: 26 Sources 82
10.1.0.214
Code Execution
Apache Struts2 CVE-2017-5638 10.112.10.250 28 10.27.195.8
Content-Type
Remote Code T otal: 3 Sources 46 10.1.0.108
Execution
HP Universal CMDB CVE-2014-7883 10.156.190.64 0 20 40 60 80 100 120
1
Number of attacks
JMX Console
Authentication T otal: 1 Source 1
Bypass
T otal: 4 Attacks / Top CVEs
4 References 29 Sources 130
Exploits
10.116.195.8 NTP Servers Monlist CVE-2013-5211 10.222.94.58 22
CVE-2015-7501
Command Denial of
Service T otal: 34 Sources 93
Industry Reference
CVE-2013-5211
T otal: 1 Attack /
1 Reference 34 Sources 93
Exploit CVE-2017-5638
CVE-2016-2107
* You can learn more about the vulnerability that IPS detected by copying and pasting the CVE into Check CVE-2017-0027
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 13
KEY FINDINGS MALWARE AND ATTACKS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 14
KEY FINDINGS SERVERS EXPLOITS BASED ON CHECK POINT KNOWLEDGE
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
The following table summarizes all events that were analyzed and found by Check Point internal ThreatPortal online service.
Top at t acks and exploit ed vulnerabilit ies based on int ernal advisories Top t arg et ed end-point s
Attack
Attack / Exploit Attack Source Events
Destination
10.1.0.159
10.1.0.159 Suspicious Executable Mail Attachment 10.8.0.3 154
Destination
WordPress HTTP Brute Force Login 10.116.195.8
10.8.0.214 19
Attempt
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 15
KEY FINDINGS SCANNED SERVERS
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes these events.
10.1.85.23 10.3.178.7
SIPVicious Security Scanner 818 10.4.59.54
171 more Sources
10.91.46.124
ZmEu Security Scanner 17 10.104.45.245
4 more Sources
T otal: 7 Attacks / Exploits 84 9 192 Sources
10.1.85.22 10.3.178.7
SIPVicious Security Scanner 821 10.4.59.54
170 more Sources
10.91.46.124
ZmEu Security Scanner 17 10.104.45.245
5 more Sources
T otal: 6 Attacks / Exploits 84 7 188 Sources
10.1.85.21 10.3.178.7
SIPVicious Security Scanner 820 10.4.59.54
173 more Sources
10.91.46.124
ZmEu Security Scanner 13 10.104.45.245
3 more Sources
T otal: 6 Attacks / Exploits 84 4 191 Sources
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 16
KEY FINDINGS MALWARE & ATTACKS
DDOS ATTACKS
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate.
This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed
Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security
analysis, DDoS attacks were detected. The following summarizes the events.
Total: 14 Protections Critical 118 Sources 64 Destinations 70.4 K Total: 16 Countries 56.6K
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 17
KEY FINDINGS MALWARE AND ATTACKS
Zero-Day Phishing
During the security analysis, we've detected attempts of clients to connect to Zero-Day Phishing websites.
The following summarizes the Zero-Day Phishing incidents.
Web Phishing Attack Timeline
Check Point Zero-Day Phishing Prevention, powered by patented technologies and AI
engines, prevents access to the most sophisticated phishing websites, both known and Prevent
completely unknown, without the need to install and maintain clients on end-user devices.
6
Phishing Attacks 2
7 Total
Phishing Attempts 7 Detected
Phishing Attempts
0
8:00 PM Mon 11 4:00 AM 8:00 AM 12:00 PM 4:00 PM
[1]
[6]
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 18
KEY FINDINGS HIGH RISK WEB ACCESS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 19
KEY FINDINGS HIGH RISK WEB ACCESS
buogbvd.com 19 Users 19
br46cy78son.net 13 Users 7
dq4cmdrzqp.biz 8 Users 1
050h.com 9 Users 5
123carnival.com 5 Users 5
0hm.net 1 User 3
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 20
KEY FINDINGS DATA LOSS
Summary
74.3K total emails scanned 2 emails with data loss incidents 114 web data loss incidents
Top Data Types Incidents by Protocol
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 21
KEY FINDINGS DATA LOSS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 22
KEY FINDINGS SCADA COMMUNICATIONS
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
46 23 9 33
Sources Destinations Commands Ports
For deep security analysis of IOT - Please refer to Cyber Security Risk Assessment page
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 23
KEY FINDINGS HARMONY EMAIL & COLLABORATION
About Harmony Email & Collaboration Solution
Email is the first link in a chain of attacks, and with the rise of remote work, the use of cloud mailboxes and collaboration apps increased exponentially.
Harmony Email & Collaboration provides organizations with complete, full-suite protection that is constantly adapting and evolving to the ever-changing threat
landscape, while providing security admins with an easy-to-deploy and manage platform, making your security offerings easy and efficient.
This section covers applications that have tight integration with our Harmony Email and Collaboration solution and can be fully protected by our Threat Prevention
engines focusing on File Storage, Cloud Email Services, Collaboration and CRM.
Gmail [1]
79.3KB
Sent Traffic From SAAS Applications Windows Update [2]
17 Time Line
Connections Seen to SAAS Applications
Microsoft NCSI Windows Update walla.co.il
1MB
1 500KB
Users Seen Using SAAS Applications
0B
8:00 PM Mon 11 4:00 AM 8:00 AM 12:00 PM 4:00 PM
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 24
KEY FINDINGS HARMONY EMAIL & COLLABORATION
Microsoft NCSI Network Utilities Low 4 Users 3.9KB 6.7KB 10.8KB 10 Accept
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 25
KEY FINDINGS MOBILE THREATS
979GB
and downloads of high risk mobile apps, download of malicious mobile total mobile traffic
applications, outdated mobile operating systems, and more.
30 18 201 20
cloud mobile high risk mobile apps high risk web sites downloads of
apps malicious apps
and malware
19GB traffic
9GB traffic 855 hits
13
infected devices
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 26
KEY FINDINGS MOBILE THREATS
Bosua 3 devices 45
HummingBad 2 devices 33
SMS-Agent.A 2 devices 26
SmsThief 1 device 7
SMS-Agent.B 1 device 3
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 27
KEY FINDINGS MOBILE THREATS
Malware downloads
Malware* Downloaded by Downloads MD5
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 28
KEY FINDINGS MOBILE THREATS
Spy2Mobile High 22 2 GB
Bosspy High 19 1 GB
MobiStealth High 2 59 MB
TalkLogV High 1 56 MB
Total: 1 category 18 apps 87 9 GB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 29
KEY FINDINGS MOBILE THREATS
Top hig h risk web sit es (t op 10 sit es per cat eg ory) Hig h risk web sit es by cat eg ory
Site Categ ory Site Mobile Users Hits
Site category
Suspicious Content
ad.pxlad.io/ad Spam
Spyware / M alicious Sites
an.tacoda.net/an/atids.html
Botnets
bam.nr-data.net/1/92a411bc23 Phishing
beacon.securestudies.com/scripts/beaco …
0 20 40 60 80 100
cdn.applight.mobi/applight/2015 Hits
Suspicious Content down.onowcdn.com/testapk 81 Mobile Users 104
dxcnd.cn
fbhpadmax.com
file1.updrv.com/soft/2012/drivethelife5_s … Access t o sit es cont aining quest ionable cont ent
19 more Sites Browse T ime T raffic T otal
Categ ory
(hh:mm:ss) Bytes
a0.awsstatic.net
adx.adform.net/adx Sex 21:24:00 3.9GB
aptrk.com/g Illegal / Questionable 3:59:00 910.8MB
c.ffctdbtr.com
Gambling 0:10:00 11.4MB
cj-cy.com
Spam clk.apxadtracking.net/iclk/redirect.php 61 Mobile Users 73 Hacking 0:01:00 64.0KB
comerciointernacional.com.mx T otal: 4 Categ ories 25:34 :00 4 .8G B
delightfulmotivation.com
dl7wen29y4h7i03edf6pm3s6h7nt5oxgpoe…
dreamingofgalleries.me
16 more Sites
©Ch eck Point Software Tech nologies Ltd. All righ ts reserved. Classification: [Restricted] O NLY for design ated groups and individu als Secu rity Checku p - Threat Analysis Report 30
KEY FINDINGS ENDPOINTS
23 19 34 44 55
received email
running accessed high infected downloaded
containing link to
high risk risk websites with malware malware
malicious site
applications
22
servers attacked
22 14 15
users accessed users involved in accessed a site
questionable,
non-business
potential data loss
incidents
known to contain
malware
attacked 23
endpoints clients attacked
related websites
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 31
KEY FINDINGS BANDWIDTH ANALYSIS
Windows Update Software Update 1 Very Low 623 Sources 4.7GB Traffic by Protocol
Server Message Block (SMB) Network Protocols 1 Very Low 491 Sources 3.7GB https
Skype VoIP 3 Medium 475 Sources 2.3GB http
POP3S
bestday.com Travel - Unknown 232 Sources 2.3GB
MS-SQL-Server
SMTP Protocol Network Protocols 3 Medium 248 Sources 2.2GB Microsoft-ds
Google Services Computers / Internet 2 Low 437 Sources 1.9GB TCP/13000
UDP/40025
Microsoft Dynamics CRM Business Application 1 Very Low 3 Sources 1.7GB
TCP/587
Facebook Social Network 2 Low 226 Sources 1.6GB
UPD/3389
oloadcdn.net Computers / Internet - Unknown 3 Sources 1.5GB IMAP-SSL
Server Message Block (SMB)-write Network Protocols 1 Very Low 33 Sources 1.2GB 0B 100GB 200GB
Gmail Email 3 Medium 55 Sources 1.1GB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 32
RECOMMENDATIONS
RECOMMENDATIONS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
RECOMMENDATIONS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT
INFINITY
CHECK POINT INFINITY
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT INFINITY
PREEMPTIVE CYBER SECURITY CONSOLIDATED SECURITY Future-proof your business and ensure
Deploying security which is based on MANAGEMENT business continuity with the architecture that
detection and followed by remediation is Managing the entire security network is often keeps you protected against any threat,
costly and inefficient, since it allows attackers complicated and demands high level of anytime and anywhere.
toinfiltrate the network and cause damage human expertise. Check Point Infinity,
before remediation is done. powered by R80.x security management BENEFITS
Check Point Infinity prevents known and version, brings all security protections and • Prevention-driven cyber security, powered
zero-day unknown threats from penetrating functions under one umbrella, with a single by the most advanced threat prevention
the network with SandBlast product family, console which enables easier operation and solutions against known and unknown
saving time and the costs associated with more efficient management of the entire threats.
remediating the damages. security network. • Consistent security across all Check Point
SandBlast solutions include over 30 different The single console introduces unparalleled components with shared threat intelligence
innovative technologies and additional granular control and consistent security, and across networks, cloud and mobile.
prevention capabilities across all provides rich policy management which • Unified and efficient management of the
environments: enables delegation of policies within the entire security network through a single
enterprise. pane of glass.
• Network-based threat prevention for The unified management, based on modular • Rich integrations with 3rd party solutions
security gateways with best-in-class IPS, policy management and rich integrations with flexible APIs.
AV, post-infection BOT prevention, network with 3rd party solutions through flexible
Sandboxing (threat emulation) and malware APIs, enables automation of routine tasks to
sanitation with Threat Extraction. increase operational efficiencies, freeing up
• SandBlast Agent endpoint detection and security teams to focus on strategic security
response solution with forensics, rather than repetitive tasks.
anti-ransomware, AV, post-infection BOT
prevention and Sandboxing on the endpoint. SUMMARY
• SandBlast Mobile advanced threat Preventing the next cyber-attack is a possible
prevention for mobile devices protects from mission. Check Point has the most advanced
threats on the device (OS), in apps, and in technologies and threat prevention
the network, and delivers the industry’s solutions for the entire IT infrastructure.
highest threat catch rate for iOS and Check Point Infinity architecture unifies the
Android. entire IT security, providing real-time shared
• SandBlast for Office365 cloud, part of threat intelligence and a preemptive
Check Point’s cloud security offerings. protection – all managed by a single,
consolidated console.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report