WIXLIB

Application and NetworkRisk ReportJuniper Networks SRXforCompany Inc.Powered byPrepared by: OneConfigDevice: SRX1500-example coModel: srx1500From: 2016-09-22 To: 2016-09-29

Why choose Juniper Networks SRX Series Gateways?High performance security with advanced, integrated threat intelligence, delivered on the industry's mostscalable and resilient platform. SRX Series Gateways set new benchmarks with faster interfaces and featureExpress Path technology, which enables incredible performance.Juniper’s SRX Series Gateway delivers the following advantages:Provides advanced, next-generation defense, with a comprehensive suite of layeredsecurity services. All SRX Series gateways are built for resiliency, scalability, andavailability to secure your data center or enterprise edge against the broadestspectrum of threatsSupports fast, secure, and highly available data center and enterprise edgeoperations, with unmatched performance and scalability, massive session volumes,and flexible large scale connectivity, with ultra low latency performance of up to 1Tbps.Delivers continuous uptime through in-service hardware and software upgrades,redundant components, and carrier-class hardware for resiliency. The high-end SRXSeries gateways deliver six nines reliability for nonstop business continuity andapplication availability.Provides outstanding value for high speed, highly effective security services—evenwith multiple services enabled. The system’s flexible, modular approach protects yourinvestment by scaling for future network growth.

Top ApplicationsAppSecure is a suite of security capabilities that identifies applications for greater visibility, enforcement,control, and protection of the network.This section of the report shows details from Juniper’s AppSecure AppTrack feature. It analyses applicationdata and classifies it based on risk level and category. It helps you understand what applications are utilizingthe network by listing the top 10 applications based on data volumes. It shows details of the sessions, bytes,categories and risk rating for each application listed.How does this help?With this knowledge you can decide whether you need to investigate high-risk or high dataconsuming applications, and whether to take further action to deny or limited specificapplications’ access to the network.Total AppSecure Data: 0.7 TB (top 10: 0.5 TB, others: 194 GB)Application NameSessions BytesOFFICE365-CREATE-CONVERSATION 595427159 GBCategoryRisk (1 low, 5 high)Web4SSL1120819 79 GBInfrastructure1LCP68879 GBInfrastructure2GOOGLE10558446 GBWeb3HTTP1364767 43 GBWeb5PPTP22057238 GBWeb4FACEBOOK-VIDEO-STREAM2217524 GBWeb2FACEBOOK-ACCESS10202320 GBWeb5OUTLOOK5383316 GBWeb3SPOTIFY1757816 GBMultimedia2Top SSLLCPGOOGLEHTTPPPTP11.1%FACEBOOK-VIDEO-STRE FACEBOOK-ACCESS11%6.1% 6.4%OUTLOOKSPOTIFYother* Inconclusive typically refers to applications wherea matching signature cannot be found e.g. customdeveloped apps

Top Web ApplicationsThis is a more specific view of application data showing the WebApps that were detected by AppSecure. Thisincludes application name, number of sessions observed, amount of traffic and risk rating.How does this help?With this knowledge you can decide whether you need to investigate high-risk or high dataconsuming web applications, and whether to take further action to deny or limited specificapplications’ access to the network. This information is also useful when combined with Juniper'sEnhanced Web Filtering features.Total Web App Data: 461 GB (top 25: 423 GB, others: 37 GB)Application NameSessionsBytesRisk (1 low, 5 high)OFFICE365-CREATE-CONVERSATION595427159 GB4GOOGLE10558446 GB3HTTP136476743 GB5FACEBOOK-VIDEO-STREAM2217524 GB2FACEBOOK-ACCESS10202320 GB5OUTLOOK5383316 GB3TWITTER7936015 GB2YOUTUBE1347310 GB2MICROSOFT-LIVE-SERVICES1315049 GB5YAHOO757379 GB2NETFLIX-STREAM14639 GB2DROPBOX114069 GB2AMAZON-AWS1175488.9 GB2AKAMAI-SSL114755.7 GB1GOOGLE-PLUS-SSL1069585.4 GB2PANDORA147443.4 GB2YAHOO-MAIL84733.4 GB2HTTP-VIDEO16553.3 GB2APPLE-IOS-UPDATE-SSL284873.3 GB3FLICKR86473.2 GB2FASTLY152692.9 GB2ITUNES75822.7 GB3CLOUDFLARE261522.4 GB2CNN177022.3 GB2AMAZON206142.1 GB5

GeoIPThis section of the report provides a graphical illustration of the locations by country of the source anddestination of traffic on your network. The information also includes volume of traffic by country.How does this help?Understanding your traffic flows can help identify issues of network/resource misuse orcompromised systems.358,096,939597,952,775,089Bytes per countryCountryDataUnited States0.5 TBPrivate IP98 GBIreland42 GBCanada26 GBEurope4.8 GBBrazil2.5 GBNetherlands1.4 GBGermany0.8 GBUnited Kingdom0.6 GBSingapore341 MBother0.7 GB

Sky ATPSky Advanced Threat Prevention is a cloud-based service that is integrated with Juniper SRX Series firewalls. Itdelivers a dynamic anti-malware solution that adapts to an ever-changing threat landscape.How does this help?You can use this information to understand the type, frequency and severity of the attacksdetected and mitigated by Juniper Sky ATP. It identifies compromised hosts within your network,allowing you to investigate further and take any necessary action.Sky ATP statisticsStatisticCountStatisticCountFile CategoriesSession Interested12743Session Processed8487Session Ignored0Session Permitted12634Session Blocked0Total HTTP SessionProcessed6985Total HTTPS SessionProcessed3738File Send to CloudSuccessfully8File Send to Cloud Failed196File Not Send to Cloud14015100%File Send to Cloud Partially 0Blacklist Hit0Whitelist Hit0Fallback Permit215Fallback Block0executableTreat LevelsFile Equal or Above Verdict0ThresholdFile Under VerdictThreshold100%8N/ASky ATP te.comCount Verdict Action1N/ACategoryPERMIT executable

Web FilteringThis service is delivered using Juniper’s Enhanced Web Filtering service, which redirects web requests to anexternal service to check and verify their safety. This section of the report lists the number of web requestshandled by the Juniper SRX and the number of requests blocked.How does this help?You can use this information to understand how many requests are being inspected and howmany are being blocked. You can use this information to decide whether you need to investigatehigh levels of blocked requests.Total Web Requests : 470Top IPs: BlockSource IP (count)172.18.6.106 (41)Destination IP (count)CategoryURL89.34.106.16 (41)Enhanced Adult Contentvideo.bzi.ro52.22.65.58 (9)Enhanced Gamblingfree.sportsinsights.com52.0.161.134 (6)Enhanced Gamblingcdn.sportsinsights.com54.230.5.64 (4)Enhanced 3 (3)Enhanced Gamblingwww.fantasyfeud.com52.85.202.98 (4)Enhanced Gamblingcloudfront.sportsinsights.com65.18.174.166 (21)Enhanced Gamblingwww.footballlocks.com172.18.6.115 (8)104.20.26.3 (8)Enhanced Gambling104.20.26.3172.18.10.119 (8)104.20.27.3 (8)Enhanced Gambling104.20.27.331.222.48.70 (6)Enhanced Gamblingwww.ladbrokes.com31.222.48.61 (1)Enhanced Gamblingsports.ladbrokes.com104.20.26.3 (6)Enhanced Gambling104.20.26.352.22.65.58 (4)Enhanced Gamblingfree.sportsinsights.com107.154.106.8 (1)Enhanced Gamblingliveatthebike.com192.0.79.33 (1)Enhanced Adult Contenttheberry.com162.208.117.11 (1)Enhanced Adult Contenthorizon.theberry.com172.18.14.134 (2)104.16.120.62 (2)Enhanced Adult Content104.16.120.62172.16.200.24 (1)139.162.26.87 (1)Enhanced Adult Contentlinksredirect.com192.168.200.101 (1)162.208.117.10 (1)Enhanced Adult Contentlink.playboy.com172.18.10.108 (1)165.189.157.173 (1)Enhanced Gamblingwww.wilottery.com172.18.9.109 (26)172.18.13.102 (21)172.18.10.105 (7)172.18.10.104 (6)172.18.9.112 (5)172.18.9.117 (2)

Anti-virusAnti-Virus uses an integrated scanning engine and virus signature databases to protect against viruses, trojans,rootkits, worms, and other types of malicious code from reaching devices on your network. This section of thereport lists the number of items scanned, viruses found, cleaned and associated host IP addresses.How does this help?You can use this information to understand the volume of threats scanned, mitigated and cleaned.You can track the hosts within your network that are transmitting these files in order to takefurther action.Anti-Virus eat-found 39Fallback421Anti-Virus hpM/T/en/C2/Zbot-AAnti-Virus FGGHGFHBGCHEGPFHHGGAnti-Virus L201.P.LINK.SOPHOS.COM/T/en/Mal/HTMLGenA

Security IntelligenceThe Spotlight Security Intelligence service identifies hosts that initiate contact with a possible Command andControl (CC) server on the Internet.How does this help?You can use this information to understand the type, frequency and severity of the attacksdetected and mitigated by Juniper Sky ATP. It identifies compromised hosts within your network,allowing you to investigate further and take any necessary action.Total Sessions : 0Block drop : 0Block close : 0Close redirect : 0

Top Intrusion Detection and Prevention ActivityThis section of the report describes the top Intrusion Detection and Prevention (IDP) activity as seen by theJuniper SRX on your network. IDP lets you selectively enforce various attack detection and preventiontechniques on the network traffic passing through your the SRX device.How does this help?You can use this information to understand the type, frequency and severity of the attacksdetected and mitigated by the Juniper SRX. You can then decide whether to investigate further.Attack NameAttack Detailed NameHits SeverityHTTP:TOO-MANYPARAMETERSHTTP: Too many parametersThis protocol anomaly is triggered when it detects an HTTP requestwith the number of parameters above the pre-set threshold. Thisthreshold can be adjusted in via NSM.4HTTP:XSS:HTML-SCRIPT-INPOSTHTTP: HTML Script Tag Embedded in Post SubmissionThis signature detects attempts at cross-site scripting attacks.Attackers can create a malicious Web site that includes HTMLembedded in the hyperlinks, which can violate site security settings.This signature can false positive on valid submissions containingscripts.21 MinorHTTP:APACHE:STRUTS-URLDOSHTTP: Apache Struts URLValidator Denial of ServiceThis signature detects attempts to exploit a known vulnerabilityagainst Apache Struts. Successful attack can result in a denial-ofservice situation.6MinorHTTP:REQERR:POSTMISSING-DATAHTTP: POST Submission Missing DataThis signature detects a POST submission that does not include thePOST data in the first packet payload. This may be an indication of a3Denial of Service (DoS) using the 'Slowloris' technique. It also may be anon-malicious submission with a low MTU.MinorMajorHTTP: IIS Single Encoding (1)This signature detects a single digit encoded in a URL. MicrosoftHTTP:IIS:ENCODING:SINGLEInternet Information Services (IIS) uses special techniques to decodeDIG-1URLs. Attackers can be attempting to exploit these IIS techniques toevade detection by IDP.2MinorHTTP:PHP:WP-INCLUDESACCESS1MinorHTTP: WordPress "wp-includes" Path Remote Access

Top TalkersThese are the most active clients in the network, by volume of data.How does this help?With this knowledge you can decide whether you need to investigate high data consuming clientsor users and related high-risk behavior (applications or GeoIP), and whether to take further actionto deny or limited specific applications’ access to the network.Top IP: 172.18.8.105PPTP:UNKNOWN 1.3 GBHTTP:APPSTORE 4.4 MBSSL:FACEBOOK-VIDEO-STREAM 353 kBSSL:GOOGLE-STATIC 200 kBHTTP:ANDROID-MARKETPLACE- SSL:FACEBOOK-ACCESS 268 kBHTTP:GOOGLE-STATIC 169 kBHTTP:BING 464 kBSSL:SOUNDCLOUD 239 kBSSL:YAHOO-MAIL 160 kBother172.18.8.1050400,000,000GeoIP data for 172.18.8.105UnitedStates 7.6GBCanada 156MBIreland 84MBGermany 0

Top IP: 45.58.75.165UNSPECIFIED-ENCRYPTED:UNKNOWN 1 GBSSL:UNKNOWN 436 kBother45.58.75.1650300,000,000GeoIP data for 45.58.75.165Private IP 1GB100%600,000,000900,000,0001,200,000,000