Enterprise Risk Report SLR Sample
SLR_example SLR_example of /wp-content/uploads/2016/08
User Manual: SLR-Sample-Report of /wp-content/uploads/2016/03
Open the PDF directly: View PDF 
.
Page Count: 18
| Download | |
| Open PDF In Browser | View PDF |
SECURITY LIFECYCLE REVIEW ACME 22 July 2015 Report Period: 6 Days PREPARED BY: Palo Alto Networks Palo Alto Networks www.paloaltonetworks.com SECURITY LIFECYCLE REVIEW EXECUTIVE SUMMARY FOR ACME Key Findings: 268 268 total applications are in use, presenting potential business and security challenges. As critical functions move outside of an organization’s control, employees use non-work-related applications, or cyberattackers use them to deliver threats and steal data. 62 high-risk applications were observed, including those that can introduce or hide malicious activity, transfer files outside the network, or establish unauthorized communication. 1,602,451 total threats were found on your network, including vulnerability exploits, known and unknown malware, and outbound command and control activity. The Security Lifecycle Review summarizes the business and security risks facing ACME. The data used for this analysis was gathered by Palo Alto Networks during the report time period. The report provides actionable intelligence around the applications, URL traffic, types of content, and threats traversing the network, including recommendations that can be employed to reduce the organization’s overall risk exposure. APPLICATIONS IN USE 62 HIGH RISK APPLICATIONS 1,602,451 TOTAL THREATS 1,597,505 VULNERABILITY EXPLOITS 4,922 KNOWN THREATS 24 UNKNOWN THREATS Report Period: 6 Days Start: Sun, Jun 07, 2015 End: Sun, Jun 14, 2015 Applications at a Glance SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 2 Applications at a Glance Applications can introduce risk, such as delivering threats, potentially allowing data to leave the network, enabling unauthorized access, lowering productivity, or consuming corporate bandwidth. This section will provide visibility into the applications in use, allowing you to make an informed decision on potential risk versus business benefit. Key Findings: High-risk applications such as file-sharing, social-networking and email were observed on the network, which should be investigated due to their potential for abuse. 268 total applications were seen on the network across 24 sub-categories, as opposed to an industry average of 199 total applications seen in other High Technology organizations. 474.3GB was used by all applications, including networking with 211.22GB, compared to an industry average of 2.78TB in similar organizations. file-sharing High-Risk Applications 22 17 INDUSTRY AVERAGE The first step to managing security and business risk is identifying which applications can be abused to cause the most harm. We recommend closely evaluating applications in these categories to ensure they are not introducing unnecessary compliance, operational, or cyber security risk. Number of Applications on Network 268 199 17 email 11 9 INDUSTRY AVERAGE remote-access 11 7 INDUSTRY AVERAGE encrypted-tunnel INDUSTRY AVERAGE 10 5 COMPANY 474.30 GB 2.78 TB INDUSTRY AVERAGE 204 ALL ORGANIZATIONS 14 Bandwidth Consumed by Applications COMPANY INDUSTRY AVERAGE social-networking INDUSTRY AVERAGE 5.04 TB ALL ORGANIZATIONS Categories with the Most Applications Categories Consuming the Most Bandwidth The following categories have the most applications variants, and should be reviewed for business relevance. Bandwidth consumed by application category shows where application usage is heaviest, and where you could reduce operational resources. business-systems 79 46 INDUSTRY AVERAGE general-internet 62 38 INDUSTRY AVERAGE networking 31 collaboration media INDUSTRY AVERAGE 118.71 GB general-internet 1.32 TB 75.73 GB 624.46 GB INDUSTRY AVERAGE 50 50 INDUSTRY AVERAGE business-systems 211.22 GB 577.85 GB INDUSTRY AVERAGE 54 INDUSTRY AVERAGE networking INDUSTRY AVERAGE collaboration INDUSTRY AVERAGE media 23 37 INDUSTRY AVERAGE 13.80 GB 122.13 GB 6.35 GB 208.21 GB Applications that Introduce Risk SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 3 Applications that Introduce Risk The top applications (sorted by bandwidth consumed) for application subcategories that introduce risk are displayed below, including industry benchmarks on the number of variants across other High Technology organizations. This data can be used to more effectively prioritize your application enablement efforts. RISK LEVEL 5 4 3 2 1 Key Findings: A total of 268 applications were seen in your organization, compared to an industry average of 199 in other High Technology organizations. The most common types of application subcategories are internet-utility, management and infrastructure. The application subcategories consuming the most bandwidth are encryptedtunnel, infrastructure and software-update. Email - 12.16GB 11 9 Remote-Access - 1.6GB 11 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP EMAIL APPS TOP REMOTE-ACCESS APPS pop3 teamviewer-base 4.77 GB imap 3.42 GB smtp telnet 644.33 MB gmail-base 1.10 GB ms-rdp 2.84 GB outlook-web-online 500.84 MB 456.72 MB 51.11 MB citrix 1.89 MB teamviewer-remote-control 1.88 MB icloud-mail 7.32 MB logmein 1.45 MB zimbra 1.44 MB pptp 670.86 KB airdroid 156.07 KB yahoo-mail 183.80 KB File-Sharing - 12.98GB 22 17 Encrypted-Tunnel - 128.95GB 10 APPLICATION VARIANTS VS INDUSTRY AVERAGE webdav google-drive-web dropbox TOP ENCRYPTED-TUNNEL APPS 7.67 GB 4.01 GB 1019.48 MB ssl 76.64 GB ssh 50.28 GB ipsec-esp 1.38 GB 121.12 MB open-vpn 627.08 MB 110.62 MB ciscovpn 26.57 MB ftp 54.78 MB ike skydrive-base 10.05 MB tcp-over-dns 693.25 KB ipsec-esp-udp 296.29 KB slideshare-base 5 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP FILE-SHARING APPS owncloud bittorrent 7 APPLICATION VARIANTS VS INDUSTRY AVERAGE 8.02 MB 9.56 MB Applications that Introduce Risk (Continued) SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 4 Applications that Introduce Risk (Continued) Instant-Messaging - 227.04MB 12 10 Social-Networking - 1.28GB APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP INSTANT-MESSAGING APPS whatsapp-base 83.29 MB ms-lync-online mibbit telegram 1.07 GB linkedin-base 29.04 MB 86.01 MB twitter-base google-plus-base 7.12 MB 83.93 MB 34.54 MB 4.94 MB tinder 6.33 MB 2.01 MB jabber 4.02 MB pinterest-base chatango 3.68 MB ning-base 605.60 KB msn-base 2.54 MB myspace-base 254.70 KB Photo-Video - 6.16GB 13 23 Proxy - 1.19GB 3 APPLICATION VARIANTS VS INDUSTRY AVERAGE facebook-video youtube-base instagram-base 2 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP PHOTO-VIDEO APPS http-video 17 TOP SOCIAL-NETWORKING APPS facebook-base 91.36 MB facebook-chat 14 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP PROXY APPS 5.67 GB 250.22 MB 141.32 MB http-proxy socks freegate 1.19 GB 144.09 KB 628 Bytes 98.75 MB imgur-base 8.90 MB rtcp 4.67 MB dailymotion 2.29 MB vimeo-base 434.68 KB Applications that Introduce Risk — Detail SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 5 Applications that Introduce Risk — Detail Risk Application Category Sub Category Technology Bytes Sessions 4 pop3 collaboration email client-server 4.77GB 57356 4 imap collaboration email client-server 3.42GB 6755 5 smtp collaboration email client-server 2.84GB 115038 3 outlook-web-online collaboration email browser-based 644.33MB 17571 4 gmail-base collaboration email browser-based 500.84MB 3284 2 icloud-mail collaboration email client-server 7.32MB 13 3 zimbra collaboration email browser-based 1.44MB 34 3 yahoo-mail collaboration email browser-based 183.8KB 26 4 ssl networking encrypted-tunnel browser-based 76.64GB 2782592 4 ssh networking encrypted-tunnel client-server 50.28GB 668279 2 ipsec-esp networking encrypted-tunnel client-server 1.38GB 17 3 open-vpn networking encrypted-tunnel client-server 627.08MB 275 3 ciscovpn networking encrypted-tunnel client-server 26.57MB 24 2 ike networking encrypted-tunnel client-server 9.56MB 574 4 tcp-over-dns networking encrypted-tunnel client-server 693.25KB 8 2 ipsec-esp-udp networking encrypted-tunnel client-server 296.29KB 485 3 owncloud general-internet file-sharing client-server 7.67GB 107111 5 bittorrent general-internet file-sharing peer-to-peer 4.01GB 30852 5 webdav general-internet file-sharing browser-based 1019.48MB 168511 5 google-drive-web general-internet file-sharing browser-based 121.12MB 462 4 dropbox general-internet file-sharing client-server 110.62MB 8669 5 ftp general-internet file-sharing client-server 54.78MB 11282 4 skydrive-base general-internet file-sharing browser-based 10.05MB 376 3 slideshare-base general-internet file-sharing browser-based 8.02MB 206 1 whatsapp-base collaboration instant-messaging client-server 91.36MB 1340 Notes: SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 6 Risk Application Category Sub Category Technology Bytes Sessions 3 facebook-chat collaboration instant-messaging browser-based 83.29MB 250 3 ms-lync-online collaboration instant-messaging client-server 29.04MB 652 4 mibbit collaboration instant-messaging browser-based 7.12MB 79 2 telegram collaboration instant-messaging client-server 4.94MB 415 5 jabber collaboration instant-messaging client-server 4.02MB 88 1 chatango collaboration instant-messaging client-server 3.68MB 509 4 msn-base collaboration instant-messaging client-server 2.54MB 163 5 http-video media photo-video browser-based 5.67GB 990 4 facebook-video media photo-video browser-based 250.22MB 105 4 youtube-base media photo-video browser-based 141.32MB 129 2 instagram-base media photo-video client-server 98.75MB 1204 4 imgur-base media photo-video browser-based 8.9MB 323 1 rtcp media photo-video client-server 4.67MB 3 4 dailymotion media photo-video browser-based 2.29MB 331 5 vimeo-base media photo-video browser-based 434.68KB 8 5 http-proxy networking proxy browser-based 1.19GB 33453 5 socks networking proxy network-protocol 144.09KB 649 4 freegate networking proxy client-server 628Bytes 6 3 teamviewer-base networking remote-access client-server 1.1GB 40350 4 ms-rdp networking remote-access client-server 456.72MB 10726 2 telnet networking remote-access client-server 51.11MB 28602 3 citrix networking remote-access client-server 1.89MB 406 2 teamviewer-remote-control networking remote-access client-server 1.88MB 2 4 logmein networking remote-access client-server 1.45MB 13 4 pptp networking remote-access network-protocol 670.86KB 53 Notes: SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 7 Risk Application Category Sub Category Technology Bytes Sessions 3 airdroid networking remote-access browser-based 156.07KB 50 4 facebook-base collaboration social-networking browser-based 1.07GB 31521 3 linkedin-base collaboration social-networking browser-based 86.01MB 4174 2 twitter-base collaboration social-networking browser-based 83.93MB 8013 2 google-plus-base collaboration social-networking browser-based 34.54MB 305 1 tinder collaboration social-networking client-server 6.33MB 24 2 pinterest-base collaboration social-networking browser-based 2.01MB 143 3 ning-base collaboration social-networking browser-based 605.6KB 28 4 myspace-base collaboration social-networking browser-based 254.7KB 54 Notes: SaaS Applications SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 8 SaaS Applications SaaS–based application services continue to redefine the network perimeter, often labeled “shadow IT”, most of these services are adopted directly by individual users, business teams, or even entire departments. In order to minimize data security risks, visibility and proper policy must be maintained for SaaS applications. File-Sharing - 7.92GB 11 17 Email - 1.13GB 5 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP FILE-SHARING APPS owncloud TOP EMAIL APPS outlook-web-online 7.67 GB google-drive-web dropbox skydrive-base 121.12 MB gmail-base 110.62 MB icloud-mail zimbra 10.05 MB slideshare-base 8.02 MB docstoc-base 2.06 MB adobe-cloud 1.07 MB depositfiles 1.01 MB General-Business - 763.33MB yahoo-mail 3 9 644.33 MB 500.84 MB 7.32 MB 1.44 MB 183.80 KB Office-Programs - 562.06MB APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP GENERAL-BUSINESS APPS paloalto-wildfire-cloud windows-azure-base constant-contact 9 APPLICATION VARIANTS VS INDUSTRY AVERAGE 5 5 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP OFFICE-PROGRAMS APPS 757.11 MB google-docs-base 556.37 MB 6.21 MB office-on-demand 3.02 MB 11.36 KB ms-office365-base 2.59 MB google-calendar-base 51.13 KB evernote-base 35.67 KB SaaS Applications (Continued) SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 9 SaaS Applications (Continued) Management - 379.73MB 3 14 Internet-Utility - 61.41MB APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP MANAGEMENT APPS new-relic google-analytics alisoft 1.60 MB yahoo-web-analytics github-base 1.58 MB icloud-base google-cloud-print 1 10 49.56 MB 5.91 MB 5.84 MB 98.74 KB Storage-Backup - 19MB 2 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP INSTANT-MESSAGING APPS ms-lync-online 23 TOP INTERNET-UTILITY APPS 376.56 MB Instant-Messaging - 29.04MB 4 APPLICATION VARIANTS VS INDUSTRY AVERAGE 3 APPLICATION VARIANTS VS INDUSTRY AVERAGE TOP STORAGE-BACKUP APPS 29.04 MB crashplan jdi-onlinebackupstorage 18.88 MB 120.90 KB URL Activity SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 10 URL Activity Uncontrolled Web surfing exposes organizations to security and business risks, including exposure to potential threat propagation, data loss, or compliance violations. The most common URL categories visited by users on the network are shown below. Key Findings: High-risk URL categories were observed on the network, including unknown, web-hosting and educational-institutions. Users visited a total of 5,417,856 URLs during the report time period across 54 categories. There was a variety of personal and work-related Web activity present, including visits to potentially risky websites. unknown High-Risk URL Categories 835,662 537,953 INDUSTRY AVERAGE The Web is a primary infection vector for attackers, with high-risk URL categories posing an outsized risk to the organization. Solutions should allow for fast blocking of undesired or malicious sites, as well as support quick categorization and investigation of unknowns. private-ip-addresses 186,042 716,542 INDUSTRY AVERAGE proxy-avoidance-and-anonymizers 220 INDUSTRY AVERAGE 1,804 High-Traffic URL Categories Commonly Used URL Categories The top 5 commonly visited URL categories, along with industry benchmarks across your peer group, are shown below. The top 20 most commonly visited URL categories are shown below. UNKNOWN INDUSTRY AVERAGE 835,662 537,953 WEB-HOSTING INDUSTRY AVERAGE EDUCATIONAL-INSTITUTIONS INDUSTRY AVERAGE MOTOR-VEHICLES INDUSTRY AVERAGE COMPUTER-AND-INTERNET-INFO INDUSTRY AVERAGE 791,818 45,553 673,547 160,355 659,560 30,774 585,932 1,819,665 BUSINESS-AND-ECONOMY WEB-BASED-EMAIL PRIVATE-IP-ADDRESSES HUNTING-AND-FISHING SEARCH-ENGINES PARKED SOCIAL-NETWORKING INTERNET-COMMUNICATIONS-AND-TELEPHONY CONTENT-DELIVERY-NETWORKS WEB-ADVERTISEMENTS PERSONAL-SITES-AND-BLOGS INTERNET-PORTALS STREAMING-MEDIA FINANCIAL-SERVICES TRAINING-AND-TOOLS GOVERNMENT NEWS ONLINE-STORAGE-AND-BACKUP SHOPPING MALWARE 580,566 272,858 186,042 181,780 129,993 93,869 70,017 51,254 47,411 46,064 26,190 24,779 20,059 17,206 16,797 15,584 13,853 11,991 9,495 8,880 File Transfer Analysis SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 11 File Transfer Analysis Applications that can transfer files serve an important business function, but they also potentially allow for sensitive data to leave the network or cyber threats to be delivered. Within your organization, 286 unique file types were observed, across 51 different file types, delivered via a total of 35 total applications. The image below correlates the applications most commonly used to transfer files, along with the most prevalent file and content types observed. Applications File Types RTF 138 OWNCLOUD 285 ENCRYPTED EXCEL 142 TIF 3 LNK 2 EXCEL 89 OFFICE 2007 PPT 21 WORD 447 POP3 581 OFFICE 2007 XLS 443 WEB-BROWSING 544 OFFICE 2007 WORD 170 ANDROID APK 74 SMTP 2,860 ZIP 2,671 GIF 70 PE 99 DLL 51 EXECUTABLE (EXE) 48 SHELL SCRIPT 38 TAR 4 SYMANTEC-AV-UPDATE 240 35 Applications 51 transferred File Types Threats at a Glance SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 12 Threats at a Glance Understanding your risk exposure, and how to adjust your security posture to prevent attacks, requires intelligence on the type and volume of threats used against your organization. This section details the application vulnerabilities, known and unknown malware, and command and control activity observed on your network. Key Findings: 1,597,505 total vulnerability exploits were observed in your organization, including brute-force, infoleak and spyware. 4,946 malware events were observed, versus an industry average of 65,136 across your peer group. 470,739 total outbound command and control requests were identified, indicating attempts by malware to communicate with external attackers to download additional malware, receive instructions, or exfiltrate data. 74% 1,597,505 Vulnerability Exploits 4,946 44% 62% 1,336,705: brute-force 236,992: info-leak 56% 38% 188,351: spyware 26% 29,385: Other ACME INDUSTRY AVERAGE 100% 1% 99% ACME INDUSTRY AVERAGE ALL ORGANIZATIONS 10% 90% 24: Unknown Malware 4,922: Known Malware Malware Detections ALL ORGANIZATIONS 470,739 Command and Control Detections 470,739: Known Connections Files Leaving the Network Transferring files is a required and common part of doing business, but you must maintain visibility into what content is leaving the network via which applications, in order to limit your organization’s exposure to data loss. via 33 different applications 176,174 files potentially leaving the network High-Risk and Malicious File Type Analysis SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 13 High-Risk and Malicious File Type Analysis Today’s cyber attackers use a variety of file types to deliver malware and exploits, often focusing on content from common business applications present in most enterprise networks. The majority of commodity threats are delivered via executable files, with more targeted and advanced attacks often using other content to compromise networks. Key Findings: A variety of file-types were used to deliver threats, and prevention strategies should cover all major content types. You can reduce your attack surface by proactively blocking high-risk file-types, such as blocking executable files downloaded from the Internet, or disallowing RTF files or LNK files, which are not needed in daily business. High-Risk File Types The file types shown represent a greater risk to the organization due to a combination of new vulnerabilities being discovered, existing and unpatched flaws, and prevalence of use in attacks. Email Link 12.47% 11.22% INDUSTRY AVERAGE MSOFFICE 70.63% INDUSTRY AVERAGE of all files INDUSTRY AVERAGE are ZIP 6.79% 1.76% PDF 4.26% 4.07% Word INDUSTRY AVERAGE 3.16% 0.35% Office 2007 PPT INDUSTRY AVERAGE 2.68% 0.19% Files Delivering Unknown Malware We recommend investigating the files that may be used to deliver threats both within your organization, and across your peer group. Together, these trends allow you to take preventive action such as blocking high-risk file types across different user groups. 62.5% Microsoft Word 97 - 2003 Document INDUSTRY AVERAGE 37.5% 4.44% of all files are PE Application Vulnerabilities SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 14 Application Vulnerabilities Application vulnerabilities allow attackers to exploit vulnerable, often unpatched, applications to infect systems, which often represent one of the first steps in a breach. This page details the top five application vulnerabilities attackers attempted to exploit within your organization, allowing you to determine which applications represent the largest attack surface. Key Findings: 32 total applications were observed delivering exploits to your environment. 1,597,505 total vulnerability exploits were observed across the following top three applications: ntp, dns and netbios-ns. 1,588 unique vulnerability exploits were found, meaning attackers continued to attempt to exploit the same vulnerability multiple times. Applications delivering exploits 32 COMPANY 21 INDUSTRY AVERAGE ALL ORGANIZATIONS Total vulnerability exploits 1,597,505 1,588 1,640,465 3,011,544 18 Vulnerability Exploits per Application Unique vulnerability exploits 409 270 (top 5 applications with most detections) DETECTIONS APPLICATION & VULNERABILITY EXPLOITS SEVERITY THREAT TYPE CVE ID 883,153 ntp 762 NTP Reserved Mode Denial of Service Vulnerability 882,391 NTP Denial-Of-Service Attack High dos CVE-2009-3563 Low brute-force CVE-2013-5211 High High Medium dos dos brute-force CVE-2002-1220 CVE-2006-5614 371,790 dns 4 ISC BIND OPT Record Handling Denial of Service Vulnerability 1 Microsoft Windows NAT Helper DNS Query Denial of Service 369,545 DNS ANY Queries Brute-force DOS Attack 465 DNS Zone Transfer IXFR Attempt 465 DNS Zone Transfer IXFR Response Info Info info-leak info-leak Info Info brute-force brute-force Info Info info-leak info-leak Info info-leak Info info-leak 50,443 Microsoft SQL Server User Authentication Brute-force Attempt High brute-force 19,065 MSSQL Login failed for user 'sa' execution 451 MSSQL DB Login Authentication Failed Info Info overflow brute-force Info Info info-leak info-leak 1,229 DGA NXDOMAIN response Found 49 DNS ANY Request 12 DNS Zone Transfer AXFR Response 12 DNS Zone Transfer AXFR Attempt 8 DGA NXDOMAIN response 145,924 netbios-ns 145,924 NetBIOS nbtstat query 69,959 mssql-db CVE-2000-1209 49,517 msrpc 48,522 Microsoft RPC ISystemActivator bind 995 Microsoft RPC Endpoint Mapper Known and Unknown Malware SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 15 Known and Unknown Malware Applications are the primary vectors used to deliver malware and infect organizations, communicate outbound, or exfiltrate data. Adversaries’ tactics have evolved to use the applications commonly found on the network into which traditional security solutions have little or no visibility. Key Findings: 5 total applications were observed delivering malware to your organization, out of 268 total applications on the network. Many applications delivering malware are required to run your business, which means you need a solution that can prevent threats, while still enabling the applications. While most malware is delivered over HTTP or SMTP, advanced attacks will often use other applications, including those on non-standard ports or employing other evasive behavior. KNOWN MALWARE UNKNOWN MALWARE 13 SMTP INDUSTRY AVERAGE 255 2 130 23 51771 WEB-BROWSING INDUSTRY AVERAGE 18085 KNOWN MALWARE UNKNOWN MALWARE 4905 DNS INDUSTRY AVERAGE 6510 1 1443 1 1 IMAP INDUSTRY AVERAGE SOAP INDUSTRY AVERAGE 1 357 15889 5 applications found delivering malware Command and Control Analysis SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 16 Command and Control Analysis Command-and-control (CnC) activity indicates a host in the network has been infected by malware, and is attempting to connect outside of the network to malicious actors. Understanding and preventing this activity is critical, as attackers use CnC to deliver additional malware, provide instruction, or exfiltrate data. Key Findings: 6 total applications were used for command-and-control communication. 470,739 total command and control requests were observed originating from your network. 276,811 total suspicious DNS queries were observed. COMMAND AND CONTROL ACTIVITY BY APPLICATION DNS - 276,811 Spyware Phone Home: 193,928 This image below represents compromised hosts attempting to connect external malicious CnC servers. Win32.Conficker.C p2p Dorifel.Gen Command And Control Traffic Ebury SSH Rootkit Command and Control Traffic Sipvicious.Gen User-Agent Traffic Morto RDP Request Traffic Sipvicious.sundayddr User-Agent Traffic 142 11 6 188,340 5,418 11 Suspicious DNS Queries: 276,811 While DNS is a common and necessary application, it is also commonly used to hide outbound CnC communication, as shown in the chart below. Trojan-Downloader.andromeda:hzmksreiuojy.com SIP - 188,351 33,530 generic:swtsik.com 432 generic:uaxkpp.com 455 generic:yxjtwf.com 524 generic:eyfznt.com 505 generic:suunyu.com 501 generic:fxglwa.com 459 generic:njkhyo.com 502 generic:quuike.com 447 generic:whnwqu.com 516 MS-RDP - 5,418 UNKNOWN-UDP - 142 UNKNOWN-TCP - 11 SSH - 6 Summary: ACME SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 17 Summary: ACME The analysis determined that a wide range of applications and cyber attacks were present on the network. This activity represents potential business and security risks to ACME, but also an ideal opportunity to implement safe application enablement policies that, not only allow business to continue growing, but reduce the overall risk exposure of the organization. 268 APPLICATIONS IN USE 62 HIGH RISK APPLICATIONS Highlights Include: High-risk applications such as file-sharing, social-networking and email were observed on the network, which should be investigated due to their potential for abuse. 268 total applications were seen on the network across 24, as opposed to an industry average of 199 total applications seen in other High Technology organizations. 1,597,505 total vulnerability exploits were observed across the following top three applications: ntp, dns and netbios-ns. 4,946 malware events were observed, versus an industry average of 65,136 across your peer group. 6 total applications were used for command and control communication. 1,602,451 TOTAL THREATS 1,597,505 VULNERABILITY EXPLOITS 4,922 KNOWN THREATS 24 UNKNOWN THREATS Recommendations: Implement safe application enablement polices, by only allowing the applications needed for business, and applying granular control to all others. Address high-risk applications with the potential for abuse, such as remote access, file sharing, or encrypted tunnels. Deploy a security solution that can detect and prevent threats, both known and unknown, to mitigate risk from attackers. Use a solution that can automatically re-program itself, creating new protections for emerging threats, sourced from a global community of other enterprise users. SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 18
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : No Producer : HiQPdf 8.0 Title : Enterprise Risk Report Page Count : 18 Page Layout : OneColumn Page Mode : UseNoneEXIF Metadata provided by EXIF.tools