WIXLIB

NGFWAssessment ReportPrepared ForInformata CollegePrepared ByJohn SmithFortinetReport DateMay 3, 2019

Executive SummaryWe aggregated key findings from our NGFW assessment within the Executive Summary below. While the highlights are listedbelow, a more detailed view of each section follows. Be sure to review the Recommended Actions page at the end of thisreport for actionable steps your organization can take to mitigate inbound threats, implement corporate use policies, and avertcapacity planning issues.Security11,1261317ApplicationVulnerability AttacksDetectedMalware and/orBotnets DiscoveredHigh RiskApplicationsDetectedNote that any threats observed within this report have effectively bypassed your existing network security gateway, so theyshould be considered active and may lead to increased risk (such as a data breach).Productivity33057Total ApplicationsDetectedTotal ProxyApplicationsDetectedTotal Peer to PeerApplicationsApplication usage should have a strong influence on your network architecture. Understanding which types of applications arebeing used can affect corporate use policies, controls on segmented networks, and utilization of cloud-based serviceplatforms.Utilization40.5GB12.558.0%Total BandwidthUsedAverage Log Rateper SecondPercentage of SSLEncrypted TrafficIn addition to individual applications, understanding overall utilization can help with capacity planning and streamliningnetwork traffic over time.NGFW Assessment ReportPage 1 of 12

SecurityQuick Stats50 application vulnerability attacks detected1 known botnet detected125 malicious websites detected17 high risk applications detected1 phishing websites detected13 known malware detected8,190 files analyzed by sandbox36 suspicious files detected by sandboxTop Application Vulnerability Exploits DetectedApplication vulnerabilities can be exploited to compromise the security of your network. The FortiGuard research team analyzesthese vulnerabilities and then develops signatures to detect them. FortiGuard currently leverages a database of more than5,800 known application threats to detect attacks that evade traditional firewall systems. For more information on applicationvulnerabilities, please refer to FortiGuard at: http://www.fortiguard.com/intrusion.#12Risk Threat Parameter.SQL.InjectionSQL InjectionVictims Sources verflowOS Command Injectio 8nBuffer Buffer t.Code.Execution Code de Injection3011838IISadmin.ISM.DLL.AccessInformation Disclosure 2911699GameSiteScript.Index.PHP.SQL.InjectionSQL Injection30116910OTE.Header.PHP.File.InclusionCode Injection301163Top Malware, Botnets and Spyware/Adware DetectedThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to openan infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During thesecurity assessment, Fortinet identified a number of malware and botnet-related events which indicate malicious filedownloads or connections to botnet command and control sites.#12345678910Malware NameEICAR TEST FILEEICAR TEST FILEAsprox.BotnetAdware/TEST FILEETDB TEST ansom.583D!trW32/NGVCKAdware/TEST FILENGFW Assessment ReportTypeVirusVirusBotnet 405400395384379Page 2 of 12

SecurityHigh Risk ApplicationsThe FortiGuard research team assigns a risk rating of 1 to 5 to an application based on the application behavioralcharacteristics. The risk rating can help administrators to identify the high risk applications quickly and make a better decisionon the application control policy. Applications listed below were assigned a risk rating of 4 or higher.#1Risk ient-ServerUsers1Bandwidth1.74 0 MB4573Onavo.ProtectProxyClient-Server11.78 KB94Hotspot.ShieldProxyClient-Server2203.99 KB85SkyfireProxyClient-Server327.20 KB36RshRemote.AccessClient-Server679.82 GB302,2377BitTorrentP2PPeer-to-Peer81.79 MB5,0968TelnetRemote.AccessClient-Server937.81 MB6819RDPRemote.AccessClient-Server149.89 MB4810TeamViewerRemote.AccessClient-Server221.13 MB38At-Risk Devices and HostsBased on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client.This client reputation is based on key factors such as websites browsed, applications used and inbound/outbounddestinations utilized. Ultimately, we can create an overall threat score by looking at the aggregated activity used by eachindividual 9,7000500 K1M1.5 MAdd partner Call To Action HereNGFW Assessment ReportPage 3 of 12

SecurityUnknown MalwareToday’s increasingly sophisticated threats can mask their maliciousness and bypass traditional antimalware security.Conventional antimalware engines are, in the time afforded and to the certainty required, often unable to classify certainpayloads as either good or bad; in fact, their intent is unknown. Sandboxing helps solve this problem – it entices unknownfiles to execute in a protected environment, observes its resultant behavior and classifies its risk based on that behavior. Withthis functionality enabled for your assessment, we have taken a closer look at files traversing your EE5B.vscService RiskSuspicious BehaviorsHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfThis file checked registry for anti-virtualization or anti-debugHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionHTTPMalicious Threat IntelligenceThe executable tries to inject a PE image to other processessExecutable deleted itself after executionExecutable dropped a copy of itselfCount1111111Malicious and Suspicious FilesAdd PartnerCallTo ActionHereThe resultsof behavioralanalysisare usuallycategorized in oneof three ways: clean, suspicious, or malicious. A designation ofclean means that no abnormal behaviors were observed andthe file can be considered safe. Suspicious activities arepotentially dangerous and may warrant further attention – forinstance, a high suspicion file may try to replicate itself whereasa low suspicion file may only create abnormal registry settings.A malicious designation should be considered a legitimatethreat to your network and requires immediate attention. Thechart rendered here shows malicious and suspicious files (e.g.it does not include files designated as clean).NGFW Assessment Report63.9% Low (23)19.4% Malicious (7)11.1% Medium (4)5.6% High (2)Page 4 of 12

ProductivityQuick Stats330 total applications detected5 total proxy applications detected7 peer to peer applications detected6 remote access applications detectedSSL is the top used applicationNetwork.Service is the most used application category567 total websites visitedca.archive.ubuntu.com is the most visited websiteCloud Usage (SaaS)IT managers are often unaware of how many cloud-basedservices are in use within their organization. Sometimes, theseapplications can be used to circumvent or even replacecorporate infrastructure already available to users in lieu of easeof use. Unfortunately, a potential side effect of this is that yoursensitive corporate information could be transferred to thecloud. Accordingly, your data could be exposed if the cloudprovider's security infrastructure is breached.75.1% YouTube (827.4 MB)9.5% Skype (104.2 MB)5.9% Facebook (65.1 MB)1.6% Gmail (17.4 MB)1% Google.Plus (10.9 MB)1% Prezi (10.7 MB)6% Others (65.9 MB)Cloud Usage (IaaS)The adoption of "infrastructure as a service" (IaaS) platforms ispopular and can be very useful when compute resources arelimited or have specialized requirements. That said, theeffective outsourcing of your infrastructure must be wellregulated to prevent misuse. The occasional auditing of IaaS68.6% Amazon.AWS (6.5 MB)applications can be a useful exercise not only for security18.9% Godaddy (1.8 MB)7.4% Meraki.Cloud.Controller (713.8 KB) purposes, but also to minimize organizational costs associatedwith pay per use models or recurring subscription fees.2.8% Fortiguard.Search (273.2 KB)2.4% AT&T.Synaptic (229.1 KB)NGFW Assessment ReportPage 5 of 12

ProductivityProxy ApplicationsRemote Access ApplicationsProxy.HTTPRSH7.1 MBHotspot.ShieldVNC204 KBCisco.VPN.Client9.8 GB2.1 GBTELNET200.1 KB30.9 MBRDPSkyfire27.2 KBOnavo.ProtectTelnet1.8 KBPPTP9.9 MB7 MBTeamViewer158 B1.1 MBOthers02.9 MB5.7 MB8.6 MBTop Peer to Peer Applications03.7 GB7.5 GBClash.Of.Clans1.8 MB309.8 KB1.1 MBApple.Game.Center728 KBArmor.Games675.7 KBXboxFileGuri18.5 KB455.2 KBMadden.NFL.Mobile25.8 KBMinecraftThunder.Xunlei.Kankan6 KB0683.6 KB1.3 MBTop Video/Audio Streaming Applications2 MB238.4 MBNGFW Assessment Report9.4 MBInstagram3.2 MBPinterest1.4 MBOthers24.3 MB010.9 MBTwitter8.1 MBOthers21.5 MBGoogle.Plus11.4 MBFlowplayer476.8 MB715.3 MB1.2 MB65.1 MBSnapchat249.2 MBOoyala732.4 KBFacebook380.3 MBPlex.TV244.1 KBTop Social Media Applications416.6 MBiTunes192 B0827.4 MBHTTP.Video3 KBOthersYouTube11.2 GBTop Gaming ApplicationsBitTorrentFlashGet54.1 KB953.7 MB4.3 MB019.1 MB38.1 MB57.2 MB76.3 MBPage 6 of 12

ProductivityTop Web ApplicationsIn today’s network environments, many applications leverage HTTP for communications – even some you wouldn’t normallyexpect. The primary benefit of HTTP is that communication is ubiquitous, universally accepted and (generally) open on mostfirewalls. For most business-related and whitelisted applications this typically augments communication, but some nonbusiness applications also use HTTP in either unproductive or potentially nefarious 395322981807,33825Bandwidth6.28 GB4.41 GB2.99 GB853.75 MB806.89 MB507.46 MB415.62 MB380.32 MB372.21 MB241.61 MBTop Websites by Browsing TimeEstimated browsing times for individual websites can be useful when trying to get an accurate picture of popular websites.Typically, these represent internal web resources such as intranets, but they can occasionally be indicative of excessivebehavior. Browse times can be employed to justify the implementation of web caching technologies or help shapeorganizational corporate use om17.154.66.47109.200.4.26NGFW Assessment ReportCategorySearch Engines and PortalsWeb-based EmailInformation Technology, Web HostingInformation TechnologySearch Engines and ing Time 00:10:3500:10:2500:10:2400:09:5300:09:48Page 7 of 12