WIXLIB

Rediscover Your Network with the FortinetCyber Threat Assessment ProgramGauge Your Current Security, Productivity and Utilization With No RiskAre you concerned that your current security infrastructure may not accurately detect today’s sophisticated attacks? Do you havethe operational visibility to understand how applications (traditional and web-based) are truly being utilized on your network? Is yourcurrent security solution able to sustain present-day throughput demands despite increased traffic volume (perhaps due to cloudbased storage, big data analytics or increased web usage)? If you are asking any of these questions, the Cyber Threat AssessmentProgram is for you!Validate your network’s security effectiveness, user productivity, and utilization by enlisting expert guidance. A Fortinet expert will usea FortiGate to monitor key indicators within your network. After several days of gathering information, you will receive a Cyber ThreatAssessment Report which is divided into three primary sections:nnSecurityand Threat Prevention – How effective isyour current network security solution? Learn more aboutapplication vulnerabilities are attacking your network,which malware/botnets were detected and even pinpoint“at risk” devices within your network. Make sure yourexisting security solution isn’t letting anything slip throughthe cracks by leveraging FortiGuard Labs’ award-winningcontent security.nnUserProductivity – How are applications and webresources used within your network? Discover howcloud-based IaaS/SaaS, peer to peer, gaming, and otherapplication subcategories are being utilized within yournetwork. Verify that usage of your traditional client-serverand web-based applications are operating in accordancewith your corporate use policies.nnNetworkUtilization and Performance – Howshould your network security solution be optimized forperformance? Find out more about your throughput,session and bandwidth requirements during peak hours.Ensure your security solution is sized and optimizedproperly based on your actual usage.Obtaining a Cyber Threat Assessment Report will give youunmatched insight into your current security posture andnetwork activity. Learn more about your network by registeringfor an assessment today!Terms and Conditions: All Fortinet Products provided to you under this promotion are subject to Fortinet’s End User License Agreement (EULA), located at: http://www.fortinet.com/doc/legal/EULA.pdf.By using Fortinet Products under this promotion, you acknowledge that you understand the EULA and agree to be bound by the EULA.Copyright 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registeredand/or common law trademarks of Fortinet.

NGFWAssessment ReportPrepared ForInformata CollegePrepared ByJohn SmithFortinetReport DateMay 3, 2019

Executive SummaryWe aggregated key findings from our NGFW assessment within the Executive Summary below. While the highlights are listedbelow, a more detailed view of each section follows. Be sure to review the Recommended Actions page at the end of thisreport for actionable steps your organization can take to mitigate inbound threats, implement corporate use policies, and avertcapacity planning issues.Security11,1261317ApplicationVulnerability AttacksDetectedMalware and/orBotnets DiscoveredHigh RiskApplicationsDetectedNote that any threats observed within this report have effectively bypassed your existing network security gateway, so theyshould be considered active and may lead to increased risk (such as a data breach).Productivity33057Total ApplicationsDetectedTotal ProxyApplicationsDetectedTotal Peer to PeerApplicationsApplication usage should have a strong influence on your network architecture. Understanding which types of applications arebeing used can affect corporate use policies, controls on segmented networks, and utilization of cloud-based serviceplatforms.Utilization40.5GB12.558.0%Total BandwidthUsedAverage Log Rateper SecondPercentage of SSLEncrypted TrafficIn addition to individual applications, understanding overall utilization can help with capacity planning and streamliningnetwork traffic over time.NGFW Assessment ReportPage 1 of 12

SecurityQuick Stats50 application vulnerability attacks detected1 known botnet detected125 malicious websites detected17 high risk applications detected1 phishing websites detected13 known malware detected8,190 files analyzed by sandbox36 suspicious files detected by sandboxTop Application Vulnerability Exploits DetectedApplication vulnerabilities can be exploited to compromise the security of your network. The FortiGuard research team analyzesthese vulnerabilities and then develops signatures to detect them. FortiGuard currently leverages a database of more than5,800 known application threats to detect attacks that evade traditional firewall systems. For more information on applicationvulnerabilities, please refer to FortiGuard at: http://www.fortiguard.com/intrusion.# Risk Threat e.Parameter.SQL.InjectionSQL InjectionVictims Sources verflowOS Command Injectio 8nBuffer Buffer t.Code.Execution Code de Injection3011838IISadmin.ISM.DLL.AccessInformation Disclosure 2911699GameSiteScript.Index.PHP.SQL.InjectionSQL Injection30116910OTE.Header.PHP.File.InclusionCode Injection301163Top Malware, Botnets and Spyware/Adware DetectedThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to openan infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During thesecurity assessment, Fortinet identified a number of malware and botnet-related events which indicate malicious filedownloads or connections to botnet command and control sites.#12345678910Malware NameEICAR TEST FILEEICAR TEST FILEAsprox.BotnetAdware/TEST FILEETDB TEST ansom.583D!trW32/NGVCKAdware/TEST FILENGFW Assessment ReportTypeVirusVirusBotnet 405400395384379Page 2 of 12

SecurityHigh Risk ApplicationsThe FortiGuard research team assigns a risk rating of 1 to 5 to an application based on the application behavioralcharacteristics. The risk rating can help administrators to identify the high risk applications quickly and make a better decisionon the application control policy. Applications listed below were assigned a risk rating of 4 or higher.#1Risk ient-ServerUsers1Bandwidth1.74 0 MB4573Onavo.ProtectProxyClient-Server11.78 KB94Hotspot.ShieldProxyClient-Server2203.99 KB85SkyfireProxyClient-Server327.20 KB36RshRemote.AccessClient-Server679.82 GB302,2377BitTorrentP2PPeer-to-Peer81.79 MB5,0968TelnetRemote.AccessClient-Server937.81 MB6819RDPRemote.AccessClient-Server149.89 MB4810TeamViewerRemote.AccessClient-Server221.13 MB38At-Risk Devices and HostsBased on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client.This client reputation is based on key factors such as websites browsed, applications used and inbound/outbounddestinations utilized. Ultimately, we can create an overall threat score by looking at the aggregated activity used by eachindividual 9,7000NGFW Assessment Report500 K1M1.5 MPage 3 of 12

SecurityUnknown MalwareToday’s increasingly sophisticated threats can mask their maliciousness and bypass traditional antimalware security.Conventional antimalware engines are, in the time afforded and to the certainty required, often unable to classify certainpayloads as either good or bad; in fact, their intent is unknown. Sandboxing helps solve this problem – it entices unknownfiles to execute in a protected environment, observes its resultant behavior and classifies its risk based on that behavior. Withthis functionality enabled for your assessment, we have taken a closer look at files traversing your network.# Filename1 c51D46A1FA.vsc61D46A601.vXE71D46EE5B.vscService RiskSuspicious BehaviorsHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfCount1111111Malicious and Suspicious FilesThe results of behavioral analysis are usually categorized in oneof three ways: clean, suspicious, or malicious. A designation ofclean means that no abnormal behaviors were observed andthe file can be considered safe. Suspicious activities arepotentially dangerous and may warrant further attention – forinstance, a high suspicion file may try to replicate itself whereasa low suspicion file may only create abnormal registry settings.A malicious designation should be considered a legitimatethreat to your network and requires immediate attention. Thechart rendered here shows malicious and suspicious files (e.g.it does not include files designated as clean).NGFW Assessment Report63.9% Low (23)19.4% Malicious (7)11.1% Medium (4)5.6% High (2)Page 4 of 12

ProductivityQuick Stats330 total applications detected5 total proxy applications detected7 peer to peer applications detected6 remote access applications detectedSSL is the top used applicationNetwork.Service is the most used application category567 total websites visitedca.archive.ubuntu.com is the most visited websiteCloud Usage (SaaS)IT managers are often unaware of how many cloud-basedservices are in use within their organization. Sometimes, theseapplications can be used to circumvent or even replacecorporate infrastructure already available to users in lieu of easeof use. Unfortunately, a potential side effect of this is that yoursensitive corporate information could be transferred to thecloud. Accordingly, your data could be exposed if the cloudprovider's security infrastructure is breached.75.1% YouTube (827.4 MB)9.5% Skype (104.2 MB)5.9% Facebook (65.1 MB)1.6% Gmail (17.4 MB)1% Google.Plus (10.9 MB)1% Prezi (10.7 MB)6% Others (65.9 MB)Cloud Usage (IaaS)The adoption of "infrastructure as a service" (IaaS) platforms ispopular and can be very useful when compute resources arelimited or have specialized requirements. That said, theeffective outsourcing of your infrastructure must be wellregulated to prevent misuse. The occasional auditing of IaaS68.6% Amazon.AWS (6.5 MB)applications can be a useful exercise not only for security18.9% Godaddy (1.8 MB)7.4% Meraki.Cloud.Controller (713.8 KB) purposes, but also to minimize organizational costs associatedwith pay per use models or recurring subscription fees.2.8% Fortiguard.Search (273.2 KB)2.4% AT&T.Synaptic (229.1 KB)NGFW Assessment ReportPage 5 of 12