3D Security Report Sample 121005

8/12/2019 3D Security Report Sample 121005

1/20

SAMPLE REPORT

Prepared byCheck Point Software Technologies


2/20


3/20


4/20

2012 Check Point Software Technologies Ltd. All rights reservedClassification: [Customer Confidential] For customer use only

4

Web Security Events

Top High Risk Applications and Sites

Within the areas of Application Control and URL Filtering, the following items are of the highest risk level (the first column

specifies the number of events related to the mentioned application/site):


5/20


5

Top High-Risk Application Descriptions

The following tables provide summary explanations of the top events found and their associated security or

business risks.

Application and Description EventsSopcastSopcast is a media streaming application which allows media streaming via P2P networks. Sopcast allowsusers to broadcast media to other users or watchstreams broadcasted by other users.

2

DropboxDropbox is an application that allows the user to share files.

70

SugarsyncSugarSync provides online backup, syncing, and sharing files from the user's PC and mobile devices.

15

uTorrentuTorrent is a freeware closed source BitTorrent client that is designed to use minimal computer resources whileoffering functionality comparable to larger BitTorrent clients such as Vuze or BitComet. Torrent's developmenthad started in 2005 by Ludvig Strigeus, a Swedish programmer, and since 2006 the code has been owned andmaintained by BitTorrent, Inc.

5

VuzeVuze (formerly Azureus) is a Java-based BitTorrent client that is used to transfer files via the BitTorrent protocol.The software provides users the ability to view, publish and share original DVD and HD quality video content aswell. Vuze was released under the GNU General Public License.

2

Top Users of High-Risk Applications

The following users were involved in the highest number of risky application and Web usage events:

Users* Events

Irma Whitewash 23

Ingrid Whitewash 21Zachary Zest 16

Leif Lash 11

Ella Eyelash 9

Carlos Cash 5

Hope Hash 2

Evan Eyelash 1

Joe Roberts 1

*Note: User names will be displayed in the above table only when Check Point Identity Awareness Software Blade is

enabled and configured.


6/20


6

Intrusion and Attack Events

During the 3D Security Analysis, the Check Point solution identified a number of intrusion prevention-related events.

Some of these events were categorized as critical. The following chart shows the distribution of events according

to severity:

Severity Event Name CVE* Events

Critical

Microsoft Windows Remote Desktop protocol codeexecution (MS12-020)

CVE-2012-0002 2

Adobe Flash Player URL security domain checking codeexecution (APSB12-07)

CVE-2012-0772 70

High

Microsoft DNS server denial of service (MS12-017) CVE-2012-0006 15

Medium

Interactive Data eSignal stack buffer overflow CVE-2012-3494 5

Total 50

*CVE (Common Vulnerabilities and Exposures) is a dictionary for publicly known security vulnerabilities. To find more

information about specific IPS event, search the CVE ID using National Vulnerability Database CVE search Web page.


7/20


7

IPS Events by Country

The following map shows the distribution of IPS events according to their origin countries. To mitigate attacks based on

source or destination countries, create a policy using Check Point IPS Geo-protection feature.


8/20


8

Data Loss Events

Your company data is one of the the most valuable assets to your organization. Any intentional or unintentional loss cancause damage to your organization. The following represents the characteristics of the data loss events that were identi-

fied during the course of the anlysis.

Top Data Loss Events

The following list summarizes the identified data loss activity and the number of times that the specific type of events

occurred for different data types configured for the DLP Software Blade.

Severity Data Events

Critical

Data containing credit card numbers was sent outside the organization (PCIcompliance violation). 17

High

Data containing programming language lines (Source Code) such as C, C++, C#, JAVA andmore, was sent outside the organization. Indicates leaks of intellectual property.

14

Pay slip file was sent outside the organization. 16

International Bank Account Number (IBAN) was sent outside the organization. 61

Data containing Mergers and Acquisitions (M&A) plans was sent outside the organization(e.g., corporate strategy, corporate finance and more).

2

Medium

Email sent to several internal recipients and a single external one. Such emails are usuallybeing sent unintentionally to a wrong external recipient.

18

Total 128

Top Data Loss Events by Mail Sender

This chart shows data leakage by mail sender on your network.

Sender Events

[email protected] 5

[email protected] 5

[email protected] 5

[email protected] 4

[email protected] 4

[email protected] 4

[email protected] 4

[email protected] 4

[email protected] 4


9/20


10/20


10

Top Bot and Virus Events

During the 3D Security Analysis, the Check Point solution identified a number of malware-related events. The following

table summarizes the top bots and viruses detected in your environment.

Severity Bot/Virus Name EventsCritical

Backdoor.IRC.Zapchast.zwrc 8

Backdoor.Win32.Gbot.pzh 5

P2P-Worm.Win32.Palevo.ath 8

High

Backdoor.Win32.Hupigon.ozqk 6

Trojan-Downloader.JS.Expack.bn 1

Worm.Win32.AutoRun.duv 5

Medium

Email-Worm.Win32.Bagle.pac 7

Trojan-Downloader.JS.Agent.gco 25

Trojan-Downloader.Win32.Pendix.d 24

Worm.BAT.Autorun.gr 2

Total 91

More details about malware identified in this report can be found by searching Check Point ThreatWiki, Check Point's

public malware database at threatwiki.checkpoint.com.

Bot and Virus Activity

The following chart shows the distribution of detected malware activity according to their infected hosts. Bots usually

communicate with Command and Control (C&C) which is the bots remote operator server used to send data outside of

the organization.
http://www.threatwiki.checkpoint.com/http://www.threatwiki.checkpoint.com/


11/20


11

Top Hosts Involved in Malicious Activity

From a host perspective, the following machines have the highest number of bots and virus events:

Host User Events

DierdreDash-desktop (125.0.0.63) Dierdre Dash 2

EvanEyelash-laptop (125.0.0.26) Evan Eyelash 2

LindaLash-laptop (125.0.0.80) Linda Lash 3

ArielAsh-laptop (86.0.0.57) Ariel Ash 2

ClarissaCash-desktop (86.0.0.62) Clarissa Cash 2

ElvinEyelash-laptop (86.0.0.25) Elvin Eyelash 2

CesarCash-laptop (75.0.0.17) Cesar Cash 2

FeliciaFlash-desktop (75.0.0.68) Felicia Flash 2

JackJosh-desktop (75.0.0.38) Jack Josh 2

JonJosh-laptop (75.0.0.40) Jon Josh 2

SarahSash-laptop (75.0.0.48) Sarah Sash 2Total 23

*Note: User names will be displayed in the above table only when Check Point Identity Awareness Software Blade is

enabled and configured.

Top Destination Countries

The following map shows the distribution of detected bots and viruses according to their destination countries. In the

case of bots, the destination country usually refers to the Command & Control center location. In the case of viruses, the

destination country usually refers to the place where the virus was downloaded from.


12/20


12

Bandwidth AnalysisThe following section summarized the bandwidth usage and web browsing profile of your organization during the time

of analysis.

Application Bandwidth Utilization

During the course of the 3D Security Analysis, your companys employees used significant corporate network resources

for non-work activity. The following chart shows how bandwidth was used by your employees:


13/20


13

Top Bandwidth Utilization by Applications and Websites

In all, the analysis process identified that the following applications and websites are used within your network as well:


14/20


14

Top Web Categories

The following table shows the top 10 categories and number of hits associated with employee Internet browsing:

Category Number of Hits % of Total Hits

Social Networking 118 31%

Webmail 50 13%

Search Engines / Portals 34 9%

Video Streaming 30 8%

Browser Plugin 29 8%

Multimedia 21 5%

Network Utilities 20 5%

Business Applications 18 5%

Media Sharing 15 4%

Other 47 12%

Total 382 100%

Network Bandwidth Utilization (MB)

During the course of the 3D Security Analysis, your companys employees used significant corporate network resources

for non-work activity. The following chart shows how bandwidth was used by your employees:


15/20


15

Social Networking Bandwidth (MB)

The use of social networking sites has become common at the workplace and at home. Many businesses leverage

social networking technologies for their marketing and sales efforts, and their recruiting programs. During the course of

this project, and consistent with over-all market trends, the following social networking sites consumed the most

network bandwidth:


16/20


16

Remediation RecommendationsThis report addresses identified security events across multiple security areas and at varying levels of criticality. The table

below reviews the most critical of these incidents and presents methods to mitigate their risks. Check Point provides

multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the

Software Blades into which the defenses are incorporated.

Web Security Event Remediation Recommendations

Application Events Remediation Steps

Sopcast 2 With the Application Control and URL Filtering Software Blades,you can activate, track and prevent the use of all the mentionedapplications and Web sites. You can define a granular policy to

allow certain applications to specific groups only.Use UserCheck to educate users about the organization Webbrowsing and application usage policies.

Dropbox 70

Sugarsync 15uTorrent 5

Vuze 2

Click for more information aboutApplication Controland URL FilteringSoftware Blades.

To maximize Web security on corporate laptops and desktops, use Check PointAnti-Malware & Program Controland

WebCheckEndpoint Security Software Blades.

Intrusion Prevention Event Remediation Recommendations

Threat Events Remediation Steps

Microsoft Windows Remote Desktopprotocol code execution (MS12-020)

2

In Check Point IPS Software Blade, enable thefollowing protection:

Microsoft Windows Remote Desktop protocolcode execution (MS12-020)

Adobe Flash Player URL security domainchecking code execution (APSB12-07)

70


Adobe Flash Player URL security domain checkingcode execution (APSB12-07)

Microsoft DNS server denial of service(MS12-017)

15In Check Point IPS Software Blade, enable thefollowing protection:

Microsoft DNS server denial of service (MS12-017)

Interactive Data eSignal stackbuffer overflow

5


Interactive Data eSignal stack buffer overflow

Click for more information about Check Point IPSSecurity Gateway Software Blade.

To maximize intrusions and attacks protection, use Check Point Firewall & Compliance CheckEndpoint Security

Software Blade.
http://www.checkpoint.com/products/application-control-software-blade/index.htmlhttp://www.checkpoint.com/products/url-filtering-software-blade/http://www.checkpoint.com/products/anti-malware-program-control/index.htmlhttp://www.checkpoint.com/products/webcheck/index.htmlhttp://www.checkpoint.com/products/softwareblades/intrusion-prevention-system.htmlhttp://www.checkpoint.com/products/firewall-compliance-check/index.htmlhttp://www.checkpoint.com/products/firewall-compliance-check/index.htmlhttp://www.checkpoint.com/products/softwareblades/intrusion-prevention-system.htmlhttp://www.checkpoint.com/products/webcheck/index.htmlhttp://www.checkpoint.com/products/anti-malware-program-control/index.htmlhttp://www.checkpoint.com/products/url-filtering-software-blade/http://www.checkpoint.com/products/application-control-software-blade/index.html


17/20


17

Data Loss Event Remediation Recommendations

Data Events Remediation Steps

Data containing credit card numbers wassent outside the organization (PCIcompliance violation).

17To remediate the detected events, activate the DLP SoftwareBlade. Configure DLP policy based on the detected DLP datatype and choose an action (Detect/Prevent/Ask User, etc.). Ifyou consider the detected data type to be sensitive information,the recommended action is prevent.

Use UserCheck to:

Educate users about the organizations data usage policy

Provide users with instant feedback when their actions violatethe data usage security policy

Data containing programming language lines(Source Code) such as C, C++, C#, JAVAand more, was sent outside the organization.Indicates leaks of intellectual property.

14

Pay slip file was sent outside theorganization.

16

International Bank Account Number (IBAN)was sent outside the organization.

61

Data containing Mergers and Acquisitions(M&A) plans was sent outside theorganization (e.g., corporate strategy,corporate finance and more).

2

Email sent to several internal recipientsand a single external one. Such emails areusually being sent unintentionally to a wrongexternal recipient.

18

Click for more information about DLPSoftware Blade.

To maximize data loss protection on corporate laptops and desktops, use Check Point Full Disk Encryptionand Media

EncryptionEndpoint Security Software Blades.

Bot and Virus Event Remediation Recommendations

Bot/Virus Name Events Remediation Steps

Backdoor.IRC.Zapchast.zwrc 8 To block traffic generated by the detected malware, enable Anti-Bot and Antivirus Software Blades and set the policys profilesettings to Prevent mode.

To start the remediation process of the infected machine,

searchfor the detected malware in Check Point ThreatWiki tofind additional remediation supporting information about themalware. This information can help you better understand theinfection and its potential risks.

Use UserCheck to educate users about the organization Webbrowsing and application usage policies.

Backdoor.Win32.Gbot.pzh 5

P2P-Worm.Win32.Palevo.ath 8

Backdoor.Win32.Hupigon.ozqk 6

Trojan-Downloader.JS.Expack.bn 1

Worm.Win32.AutoRun.duv 5

Email-Worm.Win32.Bagle.pac 7

Trojan-Downloader.JS.Agent.gco 25

Trojan-Downloader.Win32.Pendix.d 24

Worm.BAT.Autorun.gr 2

Click for more information about Check PointAnti-BotandAntivirusSecurity Gateway Software Blades.

To maximize bot and virus protection on corporate laptops and desktops, use Check PointAnti-Malwareand

WebCheckEndpoint Security Software Blades.
http://www.checkpoint.com/products/dlp/index.htmlhttp://www.checkpoint.com/products/full-disk-encryption/index.htmlhttp://www.checkpoint.com/products/media-encryption/index.htmlhttp://www.checkpoint.com/products/media-encryption/index.htmlhttp://www.checkpoint.com/products/anti-bot-software-blade/index.htmlhttp://www.checkpoint.com/products/softwareblades/antivirus-anti-malware.htmlhttp://www.checkpoint.com/products/anti-malware-program-control/index.htmlhttp://www.checkpoint.com/products/webcheck/index.htmlhttp://www.checkpoint.com/products/webcheck/index.htmlhttp://www.checkpoint.com/products/anti-malware-program-control/index.htmlhttp://www.checkpoint.com/products/softwareblades/antivirus-anti-malware.htmlhttp://www.checkpoint.com/products/anti-bot-software-blade/index.htmlhttp://www.checkpoint.com/products/media-encryption/index.htmlhttp://www.checkpoint.com/products/media-encryption/index.htmlhttp://www.checkpoint.com/products/full-disk-encryption/index.htmlhttp://www.checkpoint.com/products/dlp/index.html


18/20


18

Introducing Check Point 3D SecurityCheck Point 3D Security redefines security as a 3-dimensional business process that combines policies, people and

enforcement for stronger protection across all layers of securityincluding network, data and endpoints. To achieve the

level of protection needed in the 21st century, security needs to grow from a collection of disparate technologies to an

effective business process. With 3D Security, organizations can now implement a blueprint for security that goes beyondtechnology to ensure the integrity of all information security.

Check Point 3D Security enables organizations to redefine security by integrating these dimensions into a

business process:

Policiesthat support business

needs and transform security into a

business process

Securitythat involves people in

policy definition, education and

incident remediation

Enforce,consolidate and control

all layers of securitynetwork, data,

application, content and user

The Check PointApplication Control Software Bladeprovides the industry's strongest applicationsecurity and identity control to organizations of all sizes. It enables IT teams to easily create granular poli-

ciesbased on users or groupsto identify, block or limit usage of over 240,000 Web 2.0 applications

and widgets.

The Check Point URL Filtering Software Bladeintegrates with Application Control, allowing unified

enforcement and management of all aspects of web security. URL Filtering provides optimized web

security through full integration in the gateway to prevent bypass through external proxies; integration

of policy enforcement with Application Control for full Web and Web 2.0 protection; and UserCheck

empowers and educates users on Web usage policy in real time.

The IPS Software Bladedelivers complete and proactive intrusion preventionall with the deployment

and management advantages of a unified and extensible next-generation firewall solution.

Check Point DLP Software Bladecombines technology and processes to revolutionize Data Loss

Prevention (DLP), helping businesses to pre-emptively protect sensitive information from unintentional

loss, educating users on proper data handling policies and empowering them to remediate incidents in

real-time.

The Check PointAnti-Bot Software Bladedetects bot-infected machines, prevents bot damages by

blocking bot C&C communications, and integrates with other Software Blades to provide a comprehen-

sive threat prevention solution on a single gateway.

The Check PointAntivirus Software Bladestops viruses and other malware at the gateway before

they affect users. Using a continually updated list of antivirus and anti-spyware signatures and anomaly-

based protections, the Antivirus Software Blade protects against threats transmitted through popular

network protocols.
http://www.checkpoint.com/products/softwareblades/application-control.htmlhttp://www.checkpoint.com/products/softwareblades/url-filtering.htmlhttp://www.checkpoint.com/products/softwareblades/intrusion-prevention-system.htmlhttp://www.checkpoint.com/products/dlp/index.htmlhttp://www.checkpoint.com/products/anti-bot-software-blade/index.htmlhttp://www.checkpoint.com/products/softwareblades/antivirus-anti-malware.htmlhttp://www.checkpoint.com/products/softwareblades/antivirus-anti-malware.htmlhttp://www.checkpoint.com/products/anti-bot-software-blade/index.htmlhttp://www.checkpoint.com/products/dlp/index.htmlhttp://www.checkpoint.com/products/softwareblades/intrusion-prevention-system.htmlhttp://www.checkpoint.com/products/softwareblades/url-filtering.htmlhttp://www.checkpoint.com/products/softwareblades/application-control.html


19/20


19

About Check Point Software TechnologiesThe mission of Check Point Software Technologies (www.checkpoint.com) is to secure the Internet. Check Point was

founded in 1993, and has since developed technologies to secure communications and transactions over the Internet by

enterprises and consumers.

When the company was founded, risks and threats were limited and securing the Internet was relatively simple.

A firewall and an antivirus solution generally provided adequate security for business transactions and communications

over the Internet. Today, enterprises require many (in some cases 15 or more) point solutions to secure their informa-

tion technology (IT) networks from the multitude of threats and potential attacks and are facing an increasingly complex

IT security infrastructure.

Check Points core competencies are developing security solutions to protect business and consumer transactions and

communications over the Internet, and reducing the complexity in Internet security. We strive to solve the security maze

by bringing more, better and simpler security solutions to our customers.

Check Point develops markets and supports a wide range of software, as well as combined hardware and software prod-

ucts and services for IT security. We offer our customers an extensive portfolio of network and gateway security solutions,

data and endpoint security solutions and management solutions. Our solutions operate under a unified security archi-tecture that enables end-to-end security with a single line of unified security gateways, and allow a single agent for all

endpoint security that can be managed from a single unified management console. This unified management allows for

ease of deployment and centralized control and is supported by, and reinforced with, real-time security updates.

Check Point was an industry pioneer with our FireWall-1 and our patented Stateful Inspection technology. Check Point

has recently extended its IT security innovation with the development of our Software Blade architecture. The dynamic

Software Blade architecture delivers secure, flexible and simple solutions that can be customized to meet the security

needs of any organization or environment.

Our products and services are sold to enterprises, service providers, small and medium sized businesses and consum-

ers. Our Open Platform for Security (OPSEC) framework allows customers to extend the capabilities of our products and

services with third-party hardware and security software applications. Our products are sold, integrated and serviced by

a network of partners worldwide. Check Point customers include tens of thousands of businesses and organizations ofall sizes including all Fortune 100 companies. Check Points award-winning ZoneAlarm solutions protect millions of con-

sumers from hackers, spyware and identity theft.

Contact Check Point now

www.checkpoint.com/contactus

By phone in the US: 1-800-429-4391 option 5 or 1-650-628-2000
http://www.checkpoint.com/http://www.checkpoint.com/contactushttp://www.checkpoint.com/contactushttp://www.checkpoint.com/


20/20

2003-2012 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point 2200, Check Point 4000 Appliances, Check Point 4200, Check Point 4600,Check Point 4800, Check Point 12000 Appliances, Check Point 12200, Check Point 12400, Check Point 12600, Check Point 21400, Check Point 6100 Security System, Check Point Anti-Bot Software Blade, CheckPoint Application Control Software Blade, Check Point Data Loss Prevention, Check Point DLP, Check Point DLP-1, Check Point Endpoint Security, Check Point Endpoint Security On Demand, the Check Point logo,Check Point Full Disk Encryption, Check Point GO, Check Point Horizon Manager, Check Point Identity Awareness, Check Point IPS, Check Point IPSec VPN, Check Point Media Encryption, Check Point Mobile,Check Point Mobile Access, Check Point NAC, Check Point Network Voyager, Check Point OneCheck, Check Point R75, Check Point Security Gateway, Check Point Update Service, Check Point WebCheck,ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, DefenseNet, DynamicID, Endpoint Connect VPNClient, Endpoint Security, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT,INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IP Appliances, IPS-1, IPS Software Blade, IPSO, R75, Software Blade, IQ Engine, MailSafe, the More, better, Simpler Securitylogo, Multi-Domain Security Management, MultiSpect, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1,Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, Secure Virtual Workspace, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatformPro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, SecurityPower, Series 80 Appliance, SiteManager-1, Smart-1, SmartCenter, SmartCenterPower, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, SmartEvent, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning,SmartReporter, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SmartWorkflow, SMP, SMP On-Demand, SocialGuard, SofaWare, Software BladeArchitecture, the softwareblades logo, SSL Network Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector, UserCheck, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security,VPN-1, VPN-1 Edge, VPN-1 MASS, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1VE, VPN-1 VSX, VSX, VSX-1, Web Intelligence, ZoneAlarm, ZoneAlarm Antivirus + Firewall, ZoneAlarm DataLock, ZoneAlarm Extreme Security, ZoneAlarm ForceField, ZoneAlarm Free Firewall, ZoneAlarm ProFirewall, ZoneAlarm Internet Security Suite, ZoneAlarm Security Toolbar, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners.Th d t d ib di thi d t t t db U S P t t N 5 606 668 5 835 726 5 987 611 6 496 935 6 873 988 6 850 943 7 165 076 7 540 013 7 725 737 d7 788 726 d b t t d

CONTACT CHECK POINT

Worldwide Headquarters5 HaSolelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753 4555 | Fax: 972-3-624-1100 | email: [email protected]

U.S. Headquarters959 Skyway Rd. Ste. 300, San Carlos, CA 94070 | Tel: 800-429-4391 ; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

3D Security Report Sample 121005

Documents

Transcript of 3D Security Report Sample 121005