Transcription
Cyber Threat AssessmentReport Date: April 5, 2019 14:19Data Range: 2019-03-29 00:00 2019-04-04 23:59 PDT (FAZ local)
Table of ContentsOrganizational File Usage3Files Needing Inspection3Breakdown of File Types3Results of Executable Sandbox Analysis4Top Sandbox-identified Malicious EXEs4Top Sources of Sandbox Discovered Malware4Recommended Actions5Security and Threat Prevention6High Risk ApplicationsHigh Risk ApplicationsApplication Vulnerability ExploitsTop Application Vulnerability Exploits DetectedMalware, Botnets and Spyware/AdwareTop Malware, Botnets and Spyware/Adware DetectedAt-Risk Devices and HostsMost At-Risk Devices and HostsEncrypted Web TrafficHTTPS vs. HTTP Traffic RatioTop Source Country/RegionTop Source Country/RegionUser ProductivityApplication UsageApp CategoriesCloud Usage (SaaS)Cloud Usage (IaaS)Application Category BreakdownsRemote Access ApplicationsProxy ApplicationsTop Social Media ApplicationsTop Video/Audio Streaming ApplicationsTop Gaming ApplicationsTop Peer to Peer ApplicationsWeb UsageTop Web CategoriesTop Web ApplicationsWebsites FrequentedMost Visited Web DomainsTop Websites by Browsing TimeNetwork UtilizationBandwidthAverage Bandwidth by HourTop Bandwidth Consuming 121212121213131314141516161616FortiGuard Security and Services17Appendix A18DevicesCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-10518page 1 of 18
Executive SummaryIPS Attacks Detected: 76,730Malware/Botnets Detected: 16High-Risk Applications Used: 24Malicious Websites Detected: 1Last year, over 2,100 enterprises were breached as a result of poor internal security practices and latent vendor content security.The average cost of a corporate security breach is estimated at 3.5 million USD and is rising at 15% year over year. Intrusions,malware/botnets and malicious applications collectively comprise a massive risk to your enterprise network. These attackmechanisms can give attackers access to your most sensitive files and database information. FortiGuard Labs mitigates these risksby providing award-winning content security and is consistently rated among industry leaders by objective third parties such as NSSLabs, VB 100 and AV Comparatives.Applications Detected: 416Top Used Application: HTTPS.BROWSERTop Application Category: Network.ServiceWebsites Visited: 9860Top Website: fortinet-ca2.fortinet.comTop Web Category:User application usage and browsing habits can not only be indicative of inefficient use of corporate resources, but can also indicatea lack of proper enforcement of corporate usage policies. Most enterprises recognize that personal use of corporate resources isacceptable. But there are many grey areas that businesses must keep a close eye on including: use of proxy avoidance/peer to peerapplications, inappropriate web browsing, phishing websites, and potentially illegal activity - all of which expose your company toundue liability and potential damages. With over 5,800 application control rules and 250 million categorized websites, FortiGuardLabs provides telemetry that FortiOS uses to keep your business running effectively.Total Bandwidth: 4751159077954Top Host by Bandwidth: 172.16.92.197Performance effectiveness is an often undervalued aspect of security devices, but firewalls must keep up with the line speeds thattoday’s next generation switches operate at. A recent survey by Infonetics indicates that 77% of decision-makers at largeorganizations feel that they must upgrade their network security performance (100 Gbps aggregate throughput) in the comingyear. FortiGates leverage FortiASICs to accelerate CPU intensive functions such as packet forwarding and pattern matching. Thisoffloading typically results in a 5-10X performance increase when measured against competitive solutions.Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 2 of 18
Sandbox AnalysisToday’s increasingly sophisticated threats can mask their maliciousness and bypass traditional antimalware security. Conventionalantimalware engines are, in the time afforded and to the certainty required, often unable to classify certain payloads as either goodor bad; in fact, their intent is unknown. Sandboxing helps solve this problem – it entices unknown files to execute in a protectedenvironment, observes its resultant behavior and classifies its risk based on that behavior. With this functionality enabled for yourassessment, we have taken a closer look at files traversing your network.Organizational File UsageTotal Files Detected ( 7055 )During the assessment period, we monitored the total number of files that were sent across your network. These files could havebeen email attachments, files uploaded to file sharing services, downloads from the Internet, etc. This number will give you an ideaof the sheer amount of file-based activity either inbound or outbound.Subset of Files Which Could be Sent for Sandbox Inspection ( 543 )While some file types like .png files are extremely low risk in nature, others can be executed or contain macros and other active codethat could exhibit malicious behaviors. Common files types such as exe, doc, xls, and zip should be inspected for their potential todeliver threats to your network. Fortinet's sandboxing technologies can inspect more than 50 different file types even whileobfuscated within multiple layers of compression.Files Needing InspectionBreakdown of File Types92.30% Excluded Files (6,512 )7.70% Higher Risk File Types (543 )Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-10592.30% Others (6,512 )6.73% Executable Files (475 )0.81% Adobe Flash (57 )0.16% Adobe PDF (11 )page 3 of 18
Results of Executable Sandbox AnalysisTotal EXE Files Analyzed ( 443 )As a highest risk file type, we started with executables which, after a standard anti-malware check on the FortiGate, were sent to thesandbox for further inspection. The number here represents the subset of executables that were sent to the sandbox for additionalscrutiny.Total Malicious EXEs Found ( 0 )Of the Total EXE Files Analyzed, certain files may have tested positive for malicious threat payloads upon further inspection. Oftentimes this subsequent identification is due to later stage downloads or communications that are known to be malicious. This is thenumber of malicious files that were discovered during our executable analysis.Top Sandbox-identified Malicious EXEsNo matching log data for this reportTop Sources of Sandbox Discovered MalwareNo matching log data for this reportCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 4 of 18
Recommended ActionsApplication Vulnerability Attacks Detected ( 113 )Application vulnerabilities (also known as IPS attacks) act as entry points used to bypass security infrastructure and allow attackers afoothold into your organization. These vulnerabilities are often exploited due to an overlooked update or lack of patch managementprocess. Identification of any unpatched hosts is the key to protecting against application vulnerability attacks.Malware Detected ( 13 )Malware can take many forms: viruses, trojans, spyware/adware, etc. Any instances of malware detected moving laterally across thenetwork could also indicate a threat vector originating from inside the organization, albeit unwittingly. Through a combination ofsignature and behavioral analysis, malware can usually be prevented from executing and exposing your network to maliciousactivity. Augmenting your network with APT/sandboxing technology (e.g. FortiSandbox) can also prevent previously unknownmalware (zero-day threats) from propagating within your network.Botnet Infections ( 3 )Bots can be used for launching denial-of-service (DoS) attacks, distributing spam, spyware and adware, propagating malicious code,and harvesting confidential information which can lead to serious financial and legal consequences. Botnet infections need to betaken seriously and immediate action is required. Identify botnet infected computers and clean them up using antivirus software.Fortinet's FortiClient can be used to scan and remove botnets from the infected hosts.Malicious Websites Detected ( 1 )Malicious websites are sites known to host software/malware that is designed to covertly collect information, damage the hostcomputer or otherwise manipulate the target machine without the user's consent. Generally visiting a malicious website is aprecursor to infection and represents the initial stages of the kill chain. Blocking malicious sites and/or instructing employees not tovisit/install software from unknown websites is the best form of prevention here.Phishing Websites Detected ( 0 )Similar to malicious websites, phishing websites emulate the webpages of legitimate websites in an effort to collect personal orprivate (logins, passwords, etc.) information from end users. Phishing websites are often linked to within unsolicited emails sent toyour employees. A skeptical approach to emails asking for personal information and hovering over links to determine validity canprevent most phishing attacks.Proxy Applications Detected ( 10 )These applications are used (usually intentionally) to bypass in-place security measures. For instance, users may circumvent thefirewall by disguising or encrypting external communications. In many cases, this can be considered a willful act and a violation ofcorporate use policies.Remote Access Applications Detected ( 8 )Remote access applications are often used to access internal hosts remotely, thus bypassing NAT or providing a secondary accesspath (backdoor) to internal hosts. In the worst case scenario, remote access can be used to facilitate data exfiltration and corporateespionage activity. Many times, the use of remote access is unrestricted and internal corporate use changes should be put intopractice.P2P and Filesharing Applications ( 5 )These applications can be used to bypass existing content controls and lead to unauthorized data transfer and data policy violations.Policies on appropriate use of these applications need to be implemented.Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 5 of 18
Security and Threat PreventionHigh Risk ApplicationsThe FortiGuard research team assigns a risk rating of 1 to 5 to an application based on the application behavioral characteristics. Therisk rating can help administrators to identify the high risk applications quickly and make a better decision on the application controlpolicy. Applications listed below were assigned a risk rating of 4 or higher.High Risk ApplicationsRiskApplication ryProxyNetwork-Protocol1615.65 MB37,310Asprox.BotnetBotnetClient-Server1100.16 KB237Proxy.WebsitesProxyBrowser-Based3452.29 KB180Private.TunnelProxyClient-Server3831.31 KB140ProxyClient-Server32.53 GB124KProxyProxyBrowser-Based11,006.87 KB 46Ultrasurf 9.6 ProxyClient-Server26.76 KB25Hotspot.ShieldProxyClient-Server4126.59 KB16OKHTTP.Library.VPNProxyClient-Server16.64 KB4Setup.VPNProxyClient-Server145.02 KB4PsiphonProxyClient-Server17.90 KB2RshRemote.AccessClient-Server576160.11 GB3,966,965RDPRemote.AccessClient-Server5871.13 GB98,981TelnetRemote.AccessClient-Server1,03512.82 5 MB3,245RloginRemote.AccessClient-Server17184.88 KB2,326VNCRemote.AccessClient-Server132557.95 MB1,199RexecRemote.AccessClient-Server2522.02 KB561BitTorrentP2PPeer-to-Peer5318.97 KB259PPTVP2PPeer-to-Peer6934.29 KB99Private.Internet.Access.VPNFigure 1: Highest risk applications sorted by risk and sessionsApplication Vulnerability ExploitsApplication vulnerabilities can be exploited to compromise the security of your network. The FortiGuard research team analyzesthese vulnerabilities and then develops signatures to detect them. FortiGuard currently leverages a database of more than 5,800known application threats to detect attacks that evade traditional firewall systems. For more information on applicationvulnerabilities, please refer to FortiGuard at: http://www.fortiguard.com/intrusion.Top Application Vulnerability Exploits DetectedSeverity Threat NameTypeCVE-IDPrimetek.Primefaces.5 Code 24,092Apache.Struts.2.Jakart Code -56388742,962Oracle.WebLogic.Serv Code 017-3506,CVE-20 8617-1027121,781Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 6 of 18
Severity Threat NameSourceCountApache.Struts.2.REST. Code -2016-4438,CVE-20 8517-1261121,700Apache.Struts.2.OGNL Other.Script.InjectionCVE-2012-0391,CVE-20 ,CVE-2018-1177621,209Cisco.IOS.HTTP.Remot Improper -20 8701-05373491ThinkPHP.Controller.P Code 82,CVE-20 8718-200627321SWEditServlet.Directo Path tnetVictim2293TFTP.Server.Buffer.Ov Buffer ErrorserflowCVE-2005-1812,CVE-20 Illegal.Cook Code 62187Adobe.Flash.newfunct 20 110-12971173Adobe.Coldfusion.Bla Code 3066843170Apache.Commons.Col OS Command CVE-2015-4852,CVE-20 e.I Information Joomla!.com fields.SQ SQL .Form.Ren OS Command -2018-7600852156Palo.Alto.Networks.Fir Improper utionCVE-2017-15944862156CVE-2002-0392,CVE-20 ,CVE-2013-20282150HTTP.Chunk.Overflow Numeric ErrorsCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-10586page 7 of 18
Severity Threat NameSourceCountBash.Function.Definiti OS Command 14-6271,CVE-20 ,CVE-2014-71872117IBM.Rational.ClearQu SQL 007-436823162HTTP.Negative.Conten Numeric SMB2.Negotiation. Resource Management E-20 1509-3103TorrentLocker.Botnet1Figure 2: Top vulnerabilities identified, sorted by severity and countCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 8 of 18
Malware, Botnets and Spyware/AdwareThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open aninfected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During the securityassessment, Fortinet identified a number of malware and botnet-related events which indicate malicious file downloads orconnections to botnet command and control sites.Top Malware, Botnets and Spyware/Adware DetectedMalware tionHTTP862293Asprox.BotnetBotnet C&CAsprox.Botnet281209ETDB TEST FILEVirusFTP11183Figure 3: Common Malware, Botnets, Spyware and Adware detectedAt-Risk Devices and HostsBased on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client. Thisclient reputation is based on key factors such as websites browsed, applications used and inbound/outbound destinations utilized.Ultimately, we can create an overall threat score by looking at the aggregated activity used by each individual host.Most At-Risk Devices and e 4: These devices should be audited for malware and intrusion susceptibilityCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 9 of 18
Encrypted Web TrafficFrom a security perspective, it's important to visualize howHTTPS vs. HTTP Traffic Ratiomuch of your web-based traffic is encrypted. Encrypted trafficposes very real challenges for enterprises who want to ensurethat those same applications are not being used for maliciouspurposes, including data exfiltration. Ideally, your firewall can58.26% HTTPS (1.47 TB)41.74% HTTP (1.05 TB)inspect encrypted traffic at high speeds - this is whyperformance and hardware/ASIC offloading are key whenevaluating a firewall.Top Source Country/RegionBy looking at IP source traffic, we can determine the originating country/region of any particular request. Certain botnets, commandand control functions, and even remote access can be session heavy and indicative of targeted attacks or persistent threats fromnation-states. This chart is representative of country-based traffic - activity from specific originating nations may be anomalous andwarrant further investigation.Top Source Country/RegionCountry/RegionBandwidthUnited States2.24 GBJapan1.66 GBCanada520.09 MBRussian Federation150.41 MBSwitzerland34.89 MBChina30.47 MBMalaysia29.39 MBItaly29.28 MBMexico23.90 MBUnited Kingdom11.36 MBFigure 5: Activity originating from these country/region should be audited for expected traffic sourcesCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 10 of 18
User ProductivityApplication UsageApp CategoriesThe FortiGuard research team categorizes applications intodifferent categories based on the application behavioralcharacteristics, underlying technology, and the related traffictransaction characteristics. The categories allow for betterapplication control. FortiGuard maintains thousands ofapplication sensors and can even perform deep applicationinspection. For example, IT managers can get unprecedentedvisibility into filenames sent to the cloud or the titles of videosbeing streamed.For application category details, on2.25%Others2.96%App pplicationWith the proliferation of cloud-based computing, enterprises are increasingly reliant on third parties for infrastructure plumbing.Unfortunately for enterprises, this means that their information is only as secure as the cloud provider's security. In addition, it canoften introduce redundancy (if services are already available internally) and increase costs (if not monitored properly).Cloud Usage (SaaS)IT managers are often unaware of how many cloud-basedservices are in use within their organization. Sometimes, these42.36% YouTube (58.45 GB)13.23% Instagram (18.25 GB)12.13% Facebook (16.74 GB)5.36% LinkedIn (7.40 GB)3.93% Skype (5.42 GB)3.40% Samsung.Cloud (4.70 GB)19.60% Others (27.05 GB)The adoption of "infrastructure as a service" (IaaS) platforms isapplications can be used to circumvent or even replacecorporate infrastructure already available to users in lieu of easeof use. Unfortunately, a potential side effect of this is that yoursensitive corporate information could be transferred to thecloud. Accordingly, your data could be exposed if the cloudprovider's security infrastructure is breached.Cloud Usage (IaaS)popular and can be very useful when compute resources arelimited or have specialized requirements. That said, the effectiveoutsourcing of your infrastructure must be well regulated toprevent misuse. The occasional auditing of IaaS applications canbe a useful exercise not only for security purposes, but also tominimize organizational costs associated with pay per use modelsor recurring subscription fees.Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-10569.83% Amazon.AWS (3.88 GB)22.08% Amazon.CloudFront (1.23 GB)5.63% Fortiguard.Search (320.07 MB)2.01% Microsoft.Azure (114.28 MB)0.33% TrendMicro.WFBS (18.66 MB)0.07% Godaddy (3.90 MB)0.06% Others (3.58 MB)page 11 of 18
Application Category BreakdownsUnderstanding application subcategories can give invaluable insights into how efficiently your corporate network is operating.Certain application types (such as P2P or gaming applications) are not necessarily conducive to corporate environments and can beblocked or limited in their scope. Other applications may have dual purpose uses (such as video/audio streaming or social mediaapps) and can be managed accordingly. These charts illustrate application categories sorted by the amount of bandwidth they usedduring the discovery period.Remote Access ApplicationsProxy Applications98.59% Rsh (160.11 GB)0.70% RDP (1.13 GB)0.34% VNC (557.95 MB)0.33% TeamViewer (549.23 MB)0.02% GoToAssist (32.57 MB)0.02% Chrome.Remote.Desktop (25.44 MB)0.01% Others (13.06 MB)Top Social Media Applications89.62% OpenVPN (21.99 GB)10.30% Private.Internet.Access.VPN (2.53 GB)0.06% Proxy.HTTP (15.65 MB)0.01% PPTP (1.87 MB)0.00% KProxy (1,006.87 KB)0.00% Private.Tunnel (831.31 KB)0.00% Others (798.75 KB)Top Video/Audio Streaming Applications34.95% Instagram (18.25 GB)32.05% Facebook (16.74 GB)14.17% LinkedIn (7.40 GB)5.36% Sina.Services (2.80 GB)3.57% Sina.Weibo (1.87 GB)3.21% Reddit (1.68 GB)6.68% Others (3.49 GB)Top Gaming Applications56.81% RTSP (114.74 GB)28.94% YouTube (58.45 GB)7.97% HTTP.Video (16.10 GB)3.04% Twitch (6.14 GB)1.40% HTTP.Audio (2.82 GB)0.67% Netflix (1.36 GB)1.16% Others (2.35 GB)Top Peer to Peer Applications37.63% Pokemon.Go (42.27 MB)22.66% King.Glory (25.45 MB)12.19% Addicting.Games (13.69 MB)7.26% WeGame (8.15 MB)7.03% Clash.Of.Clans (7.89 MB)4.77% Apple.Game.Center (5.35 MB)8.47% Others (9.51 MB)Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-10571.93% PPTV (940.54 KB)24.58% BitTorrent (321.45 KB)2.76% Thunder.Xunlei (36.05 KB)0.50% Thunder.Xunlei.Kankan (6.54 KB)0.23% QVOD (2.97 KB)page 12 of 18
Web UsageWeb browsing habits can not only be indicative of inefficient use of corporate resources, but can also indicate an inefficientoptimization of web filtering policies. It can also give some insight into the general web browsing habits of corporate users andassist in defining corporate compliance guidelines.Top Web CategoriesURL CategoryUserCountBandwidthUnrated1481344.86 KBMalicious Websites1239101.00 KBInformation Technology1194395.69 KBWeb Hosting11562.92 MBSearch Engines and Portals19176.67 KBProxy Avoidance175979.66 KBReference17476.38 KBSports17373.88 KBNews and Media16856.26 KBBusiness167139.24 KBIn today’s network environments, many applications leverage HTTP for communications – even some you wouldn’t normally expect.The primary benefit of HTTP is that communication is ubiquitous, universally accepted and (generally) open on most firewalls. Formost business-related and whitelisted applications this typically augments communication, but some non-business applications alsouse HTTP in either unproductive or potentially nefarious ways.Top Web 0,0681.11 TBHTTP14,428,443825.80 GBHTTPS.BROWSER2,813,991124.73 GBYouTube31,58858.45 GBMS.Windows.Update18,87150.05 GBApple.Store82046.66 GBWget3,88135.78 GBSSL2,165,59730.54 GBApple.Services3,73425.20 GBHTTP.BROWSER803,10825.01 GBInstagram24,13318.25 GBFacebook72,24416.73 GBMicrosoft.Exchange.Server97,14316.44 GBHTTP.Video67,47415.89 GBAdobe.Web11,83312.13 GBGoogle.Services169,8349.94 GBGoogle.Play38,7778.28 GBApple.Software.Update697.75 GBLinkedIn19,5317.40 GBTwitch1,1456.14 GBHTTP.Segmented.Download3,6385.78 GBGoogle.Accounts59,1115.02 GBSamsung.Cloud4,5514.70 GBiCloud38,2654.36 GBAmazon.AWS35,4883.88 GBCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 13 of 18
Websites FrequentedWebsites browsed are strong indicators of how employees utilizing corporate resources and how applications communicate withspecific websites. Analyzing domains accessed can lead to changes in corporate infrastructure such as website blocking, deepapplication inspection of cloud-based apps and implementation of web traffic acceleration technologies.Most Visited Web s rated43www.facebook.comSocial ames41kproxy.comProxy Avoidance40npchurch.orgGlobal 6Estimated browsing times for individual websites can be useful when trying to get an accurate picture of popular websites. Typically,these represent internal web resources such as intranets, but they can occasionally be indicative of excessive behavior. Browsetimes can be employed to justify the implementation of web caching technologies or help shape organizational corporate usepolicies.Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 14 of 18
Top Websites by Browsing TimeSitesCategoryBrowsing .2.77Unrated00:11:5585.233.168.140Web Hosting00:11:24140.211.11.131Information 166.249.10News and Media00:10:4687.106.215.227Proxy 3.113.93Unrated00:09:40173.194.33.69Search Engines and Portals00:09:38109.200.4.26Information 4.170.0.216Information Technology00:08:10173.194.33.86Search Engines and tart.ruMalicious Web 01:49www.hostway.com.auWeb 58npchurch.orgGlobal Religion00:00:58www.facebook.comSocial Networking00:00:58123.125.115.75Information Technology00:00:56kproxy.comProxy Avoidance00:00:56hin.comHealth and 9.27.138Unrated00:00:51www.toyota.comPersonal Vehicles00:00:51www.thegreenestdollar.comPersonal Websites and Blogs00:00:50www.findaproperty.comReal Estate00:00:50www.carpenters310.orgGeneral Organizations00:00:47www.magic-mushrooms.netDrug Abuse00:00:46www.monster.caJob Search00:00:45www.dininginfrance.comRestaurant and Dining00:00:45www.itradecimb.comBrokerage and Trading00:00:44www.gmail.comWeb-based gle.comWeb-based meebo.comWeb Chat00:00:41www.yahoo.comSearch Engines and Portals00:00:40www.cnn.comNews and Media00:00:40www.literacycenter.netChild Education00:00:40141.101.115.20Web Hosting00:00:39Cyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 15 of 18
Network UtilizationBandwidthBy looking at bandwidth usage when distributed over an average day, administrators can better understand their organizational ISPconnection and interface speed requirements. Bandwidth can also be optimized on an application basis (using throttling), specificusers can be prioritized during peak traffic times, and updates can be rescheduled outside of working hours.Average Bandwidth by Hour10 TB8 TB6 TB4 TB2 :00:00200:000One of the most telling ways to analyze bandwidth is by looking at destinations and sources generating the most traffic. Commondestination sites (e.g. external websites), such as those for OS/firmware updates, can be throttled to allow prioritized, businesscritical traffic. Internally, high traffic hosts can be optimized through traffic shaping or corporate use policies.Top Bandwidth Consuming Sources/DestinationsHost NameBandwidthfortinet-ca2.fortinet.com8.37 GB96.45.33.732.55 GBr2---sn-5aanugx5h-t0ae.googlevideo.com1.30 GB96.45.33.641.09 GBr2---sn-uxa0n-t8gs.gvt1.com1,012.49 MBr3---sn-uxa0n-t8gz.gvt1.com907.15 MBsupport.fortinet.com780.48 MBr3---sn-5aanugx5h-t0ae.googlevideo.com704.17 MBwww.googleapis.com596.39 MBfilestore.fortinet.com554.23 MBCyber Threat Assessment (by admin) - FortiAnalyzer Host Name: FAZ3900E-105page 16 of 18
FortiGuard Security and ServicesKnowledge of the threat landscape combined with the ability to respond quickly at multiple levels is the foundation for providingeffective security. Hundreds of researchers at FortiGuard Labs scour the cyber landscape every day to discover emerging threats anddevelop effective countermeasures to protect organizations around the world. They are the reason FortiGuard is credited with over250 zero-day and vulnerability discoveries and why Fortinet security solutions score so high in real-world security effectiveness testsat NSS Labs, Virus Bulletin, AV Comparatives, and more.Next Generation Application Control & IPSApplication control and intrusion prevention (IPS) are foundational security technologies in a next generation firewall likethe FortiGate. Organizations worldwide use FortiGuard application control and IPS in the FortiGate platform to managetheir applications and block network intrusions (every minute of every day FortiGuard blocks 470,000 intrusionattempts). FortiGates running application control and IPS are tested for effectiveness in industry comparison tests by
s.VPN Proxy Client-Server 3 2.53 GB 124 Ultrasurf_9.6 Proxy Client-Server 2 6.76 KB 25 Hotspot.Shield Proxy Client-Server 4 126.59 KB 16 OKHTTP.Library.VPN Proxy Client-Server 1 6.64 KB 4 Setup.VPN Proxy Client-Server 1 45.02 KB 4 Psiphon Proxy Client-Server 1 7.90 KB 2 Rexec Remote.Access Client-Server 25 22.02 KB 561
