Sonicwall Capture Threat Assessment
Total Page:16
File Type:pdf, Size:1020Kb
SonicWall Capture Threat Assessment Prepared for: SonicWall Report on Firewall: C0EAE481ED96 Firewall Type: NSA 6600 SonicOS Version: 6.2.7.1-23n--HF182706-1n Collection Date: Jul 10 2017 08:03:53 -0800 Table of Contents Executive Briefing ............................................................................................................................................................................................................................................................................. 1-2 Summary .................................................................................................................................................................................................................................................................................................. 1-3 Threat Prevention Zero-day Malware Prevention ............................................................................................................................................................................................................................... 2-1 Top Exploitation Attempts .......................................................................................................................................................................................................................................... 2-2 App Intelligence, Control and Visualization ................................................................................................................................................................................................ 3-1 Top Apps by Risk Level .................................................................................................................................................................................................................................................... 3-2 Top Apps by Category .................................................................................................................................................................................................................................... 3-3 Top Apps by Bandwidth ................................................................................................................................................................................................................................................ 3-4 Network Traffic Top URL Categories ............................................................................................................................................................................................................................................................ 4-1 Top Application Categories by Bandwidth .......................................................................................................................................................................................... 4-2 Top Country by Traffic .................................................................................................................................................................................................................................................... 4-3 Top Session Usage by IP ............................................................................................................................................................................................................................................... 4-4 Top Traffic Usage by IP .................................................................................................................................................................................................................................................. 4-5 Top User Sessions .................................................................................................................................................................................................................................................................. 4-6 Top User Traffic ......................................................................................................................................................................................................................................................................... 4-7 Report Report Configuration ........................................................................................................................................................................................................................................................ 5-1 Enable Reports ........................................................................................................................................................................................................................................................................... 5-2 Appendices Appendix 1: Risk Definitions .................................................................................................................................................................................................................................... 6-1 Appendix 2: Vulnerability Descriptions .................................................................................................................................................................................................... 6-2 Appendix 3: Application Descriptions ........................................................................................................................................................................................................ 6-3 Appendix 4: Applications ............................................................................................................................................................................................................................................. 6-4 Generated Jul 28 2017 16:51:12 PDT 1-1 Copyright © 2016 - 2017 SonicWall All rights reserved. F:0.00 R:2.0.0 P:0.00 Executive Briefing SonicWall network security appliances detect and block sophisticated attacks that legacy stateful inspection firewalls simply cannot. Our next-generation firewalls integrate a patented Reassembly-Free Deep Packet Inspection (RFDPI) firewall engine with a comprehensive array of automated and dynamic security features. These features include advanced anti-evasion intrusion prevention, cloud-updated gateway anti-malware, SSL decryption and inspection (DPI-SSL), application control, content filtering and much more. All of this is delivered on a single high-performance platform that is easy to license, deploy, manage and maintain. In addition, SonicWall bundles together a set of powerful security and management tools on a single physical device with an easy-to-understand licensing structure. For your auditing needs, local logs are kept by your SonicWall device. In providing a high-level overview of your network, this report will: Identify vulnerabilities detected and Highlight top high-bandwidth blocked applications found Vulnerability descriptions Risk definitions In-use application description Application List Present traffic distribution statistics by List high-risk applications and Generated Jul 28 2017 16:51:12 PDT 1-2 Copyright © 2016 - 2017 SonicWall All rights reserved. F:0.00 R:2.0.0 P:0.00 Summary The SonicWall Capture Threat Assessment report is a snapshot in time of the different threats that have been identified and blocked by your SonicWall next-generation firewall appliance. This report also provides application and user based data that includes top application traffic, top users, top URL categories and session counts to give insight into the traffic mix on your network. Threat Index Low Elevated High Severe This rating is an average score of No discernible network Potentially illegitimate Some applications on Some applications are the risk level of all applications incident activity and no applications or threats the network may affecting network identified on your network, and malicious code activity. were identified on the impact performance or performance, and are is an indicator of the threat network. provide a service to known promoters of posed to your network. circumvent policy. malicious activity. Threat Endpoint Highest Traffic Protection 312 Botnet Events 262 Events from top 101 IPs 1. United States 2587 Virus Events 2. Russian Federation 1 Spyware Events 3. Ireland 30086 IPS Events Company Name SonicWall Device SonicOS Version SonicWall NSA 6600 6.2.7.1-23n--HF182706-1n Subscription Services Collection Period App Control, GAV, IPS, SPY, CFS, GeoIP, Botnet 5 Days Generated Jul 28 2017 16:51:12 PDT 1-3 Copyright © 2016 - 2017 SonicWall All rights reserved. F:0.00 R:2.0.0 P:0.00 Zero-day Malware Prevention SonicWall Capture ATP revolutionizes advanced threat detection and sandboxing with a multi-engine approach to stopping unknown and zero-day attacks at the gateway. This report highlights key metrics, charts sandboxing activity over the collection period, and lists the most recently scanned files and their status. 766 1.04 MB 1.5 ms 630 Total Number of Average File Size Average Total Malware Uploaded Files Processing Time Found Top Malicious Files Status Date Filename Source Destination bad 07/06/2017 b1749324.exe 200.7.96.11:80 192.168.104.11:49714 bad 07/06/2017 android33277.exe 119.36.192.16:80 192.168.104.11:53908 AdobeIllustratorCS6@133_157 bad 07/06/2017 114.55.188.114:80 192.168.104.11:44136 48.exe bad 07/06/2017 eShield.exe 198.70.67.26:80 192.168.104.11:55510 bad 07/06/2017 instantsupport.exe