WIXLIB

Secure SD-WANAssessment ReportPrepared ForInformata CollegePrepared ByJohn SmithFortinetReport DateAug 28, 2019

Executive SummaryWe aggregated key findings from our Secure SD-WAN assessment within the Executive Summary below. While the highlightsare listed below, a more detailed view of each section follows. Be sure to review the Recommended Actions page at the end ofthis report as well for actionable steps your organization can take to optimize your network for Direct Internet Access, protectyour organization from external/branch office threats, and ultimately save money.Applications14322.8%5.8%External (PotentialDIA) ApplicationsPercentage ofCloud IT TrafficPercentage ofVoIP/Audio/VideoTrafficApplication usage should have a strong influence on your network architecture. Understanding which types of applications areused and specifically business application performance can improve user experience and ility AttacksDetectedMalware and/orBotnets DiscoveredHigh RiskApplicationsDetectedMaintaining a full security stack at the WAN edge is critical in any SD-WAN deployment where public Internet circuits areleveraged. Note that any threats observed within this report have effectively bypassed your existing network security gateway,so they should be considered active and may lead to increased risk (such as a data breach).Utilization40.5GB23.5%58.0%Total BandwidthUsedPercentage of NonBusiness TrafficPercentage of SSLEncrypted TrafficIn addition to individual applications, understanding overall utilization can help with capacity planning, circuit selection, andstreamlining network traffic over time. This awareness can also help reduce operational costs associated with backhaulingtraffic over more expensive WAN links (such as MPLS).Secure SD-WAN Assessment ReportPage 1 of 11

ApplicationsQuick Stats143 external (potential DIA) applications43.1% percentage of external traffic22.8% percentage of Cloud IT traffic5.8% percentage of VoIP/Audio/Video trafficSSL is the most used external applicationNetwork.Service is the top application categoryInternal vs. External Traffic56.9% Internal (23.1 GB)43.1% External (17.4 GB)43.1%56.9%Before setting up an SD-WAN architecture, it's useful tounderstand high-level traffic flows. By examining applicationsthat are communicating externally, you can begin to calculatecosts associated with WAN links (such as typically more costlyMPLS lines). Network traffic with either a source or destinationaddress to an external IP address can generally be consideredexternal traffic which is how we've calculated the chart to theleft. External traffic can benefit greatly from utilizing broadbandcircuits for Direct Internet Access.External Traffic BreakoutBy categorizing internal hosts communicating with externalservers, you can get a general sense for bandwidthrequirements and how you may want to prioritize Direct InternetAccess (DIA) applications within an SD-WAN deployment.Business applications that communicate directly with theInternet could be routed through a broadband circuit instead ofbackhauling to the datacenter through a dedicated link such asMPLS. This can result in significant savings not to mentionincreased throughput and lower latency. Non-business andnetwork applications communicating externally can similarly beprioritized and routed.Secure SD-WAN Assessment Report26.9%53.8% Business (9.4 GB)19.4% Non-Business (3.4 GB)26.9% Network Service (4.7 GB)53.8%19.4%Page 2 of 11

ApplicationsPotentially DIA Business ApplicationsThis chart illustrates a breakout of important business applications specific to your network as ranked by bandwidth andgrouped by the top five application categories. It does not include non-business (such as YouTube, Spotify, etc.) or NetworkService (such as DNS, NTP, etc.) applications which could impact overall bandwidth. Instead, these are applications which canbe prioritized by leveraging SD-WAN application steering strategies and Service Level Agreements (SLAs) in order to engineertheir optimal path to the Internet.Apple.Services (243.4 MB)Google.Search (63.7 MB)MS.Windows.Update (177.8 MB)Google.Accounts (54.4 MB)HTTP.Download.Accelerator (50.5 MB)General.Interest Others (28.8 MB)Google.Services (16.9 MB)Apple.Store (10.2 MB)Yahoo.Services (10 MB)General.Interest (478 MB)Apple.Software.Update (129.5 MB)Ubuntu.Update (118.4 MB)Microsoft.Portal (164.9 MB)External (1.3 GB)Update (451.6 MB)Kaspersky.Update (12.1 MB)Yum.Tool (9.3 MB)Root.Certificate.URL (1.7 MB)Update Others (1.9 MB)Apt-Get (1015.2 KB)Skype (101.2 MB)Collaboration (300.4 MB)Remote.Access (32.4 MB)Email (29 MB)Secure SD-WAN Assessment ReportPrezi (10.7 MB)Collaboration Others (10.4 MB)Trello (5.2 MB)Google.Docs (3.6 MB)Google.Hangouts (2.2 MB)Microsoft.CDN (2.2 MB)Rsh (28.7 MB)RDP (2.6 MB)TeamViewer (1.1 MB)LogMeIn (48.8 KB)Gmail (17.4 MB)Yahoo.Mail (7.6 MB)Microsoft.Outlook (2.8 MB)Mailchimp (1 MB)Mail.Ru (49.2 KB)Mailjet (24.3 KB)Page 3 of 11

ApplicationsTop Business ApplicationsTop Cloud IT ApplicationsApple.Services243.4 dy164.9 MBApple.Software.Update118.4 MBSkype382.5 MB0143.1 MB286.1 MBFortiguard.Search273.2 KBAT&T.Synaptic229.1 KB429.2 MBTop Storage Backup Applications0Microsoft.Portal5.7 MBiCloud35.4 KB5.2 MBGoogle.Docs3.6 MB2.2 MBBarracuda3.2 KBGoogle.HangoutsOthers4.6 KBOthers4.8 MBTop VoIP/Audio/Video Applications7.2 MB11.4 MBOthers24 MB0238.4 MB21.5 MBGoogle.Plus10.9 MBTwitter9.4 MBInstagram249.2 MBOoyala65.1 MBSnapchat380.3 MBPlex.TV3.2 MBPinterest1.4 MBOthers476.8 MBSecure SD-WAN Assessment Report715.3 MB95.4 MB 143.1 MB 190.7 MBFacebook416.6 MBiTunes47.7 MBTop Social Media Applications507.5 MBHTTP.Video12.9 MB0827.4 MBHTTP.Audio10.7 MBTrello155.1 KBYouTube7.2 MB104.2 MBPrezi444.5 KB2.4 MB4.8 MB164.9 MBSkype4.5 MB02.4 MBTop Collaboration ApplicationsDropboxAcrobat.Cloud713.8 KB101.2 MBOthersGoogle.Drive1.8 MBMeraki.Cloud.Controller129.5 MBUbuntu.UpdateOneDrive6.5 MB177.8 MB953.7 MB4.3 MB019.1 MB38.1 MB57.2 MB76.3 MBPage 4 of 11

SecurityQuick Stats50 application vulnerability attacks detected1 known botnet detected125 malicious websites detected17 high risk applications detected1 phishing websites detected13 known malware detected8,190 files analyzed by sandbox36 suspicious files detected by sandboxHigh Risk ApplicationsThe FortiGuard research team assigns a risk rating of 1 to 5 to an application based on the application behavioralcharacteristics. The risk rating can help administrators to identify the high risk applications quickly and make a better decisionon the application control policy. Applications listed below were assigned a risk rating of 4 or higher.#1Risk ient-ServerUsers1Bandwidth1.74 0 MB4573Hotspot.ShieldProxyClient-Server2203.99 KB84SkyfireProxyClient-Server327.20 KB35RshRemote.AccessClient-Server679.82 GB302,2376BitTorrentP2PPeer-to-Peer81.79 MB5,0967TelnetRemote.AccessClient-Server937.81 MB6818RDPRemote.AccessClient-Server149.89 MB489TeamViewerRemote.AccessClient-Server221.13 MB3810FlashGetP2PPeer-to-Peer3309.78 KB37Top Application Vulnerability Exploits DetectedThe performance gains and cost savings from leveraging public Internet circuits in an SD-WAN deployment need to beprotected by a full security stack at the WAN edge. Application vulnerabilities at the branch can be exploited to compromisethe security of your entire network. The FortiGuard research team analyzes these vulnerabilities and then develops signatures todetect them. FortiGuard currently leverages a database of more than 5,800 known application threats to detect attacks thatevade traditional firewall systems. For more information on application vulnerabilities, please refer to FortiGuard at:http://www.fortiguard.com/intrusion.#12Risk Threat Parameter.SQL.InjectionSQL InjectionVictims Sources verflowOS Command Injectio 8nBuffer Buffer t.Code.Execution Code de Injection3011838IISadmin.ISM.DLL.AccessInformation Disclosure 2911699GameSiteScript.Index.PHP.SQL.InjectionSQL Injection30116910OTE.Header.PHP.File.InclusionCode Injection301163Secure SD-WAN Assessment ReportPage 5 of 11

SecurityTop Malware, Botnets and Spyware/Adware DetectedThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to openan infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During thesecurity assessment, Fortinet identified a number of malware and botnet-related events which indicate malicious filedownloads or connections to botnet command and control sites.#12345678910Malware NameEICAR TEST FILEEICAR TEST FILEAsprox.BotnetAdware/TEST FILEETDB TEST ansom.583D!trW32/NGVCKAdware/TEST FILETypeVirusVirusBotnet 405400395384379At-Risk Devices and HostsBased on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client.This client reputation is based on key factors such as websites browsed, applications used and inbound/outbounddestinations utilized. Ultimately, we can create an overall threat score by looking at the aggregated activity used by eachindividual 9,7000Secure SD-WAN Assessment Report500 K1M1.5 MPage 6 of 11

SecurityUnknown MalwareToday’s increasingly sophisticated threats can mask their maliciousness and bypass traditional antimalware security.Conventional antimalware engines are, in the time afforded and to the certainty required, often unable to classify certainpayloads as either good or bad; in fact, their intent is unknown. Sandboxing helps solve this problem – it entices unknownfiles to execute in a protected environment, observes its resultant behavior and classifies its risk based on that behavior. Withthis functionality enabled for your assessment, we have taken a closer look at files traversing your EE5B.vscService RiskSuspicious BehaviorsHTTPMalicious Threat IntelligenceHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugThis file checked devices for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionCount1111111Malicious and Suspicious FilesThe results of behavioral analysis are usually categorized in oneof three ways: clean, suspicious, or malicious. A designation ofclean means that no abnormal behaviors were observed andthe file can be considered safe. Suspicious activities arepotentially dangerous and may warrant further attention – forinstance, a high suspicion file may try to replicate itself whereasa low suspicion file may only create abnormal registry settings.A malicious designation should be considered a legitimatethreat to your network and requires immediate attention. Thechart rendered here shows malicious and suspicious files (e.g.it does not include files designated as clean).Secure SD-WAN Assessment Report63.9% Low (23)19.4% Malicious (7)11.1% Medium (4)5.6% High (2)Page 7 of 11