SECURITY LIFECYCLE REVIEW
EXECUTIVE SUMMARY FOR Robbinsville Board Of Education
Key Findings: 390 390 total applications are in use, presenting potential business APPLICATIONS and security challenges. As critical functions move outside of an IN USE organization’s control, employees use non-work-related applications, or cyberattackers use them to deliver threats and steal data. 91 91 high-risk applications were observed, including those that HIGH RISK can introduce or hide malicious activity, transfer files outside the APPLICATIONS network, or establish unauthorized communication. 161,032 total threats were found on your network, including vulnerability exploits, known and unknown malware, and 161,032 outbound command and control activity. TOTAL THREATS
The Security Lifecycle Review summarizes the business and 160,431 security risks facing Robbinsville Board of Education. The data VULNERABILITY used for this analysis was gathered by Palo Alto Networks during EXPLOITS the report time period. The report provides actionable intelligence around the applications, URL traffic, types of content, and threats traversing the network, including recommendations that can be 9 employed to reduce the organization’s overall risk exposure. KNOWN MALWARE
592 UNKNOWN MALWARE
Report Period: 7 Days Start: Mon, Feb 15, 2016 End: Mon, Feb 22, 2016
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 2 Applications at a Glance Applications can introduce risk, such as delivering threats, potentially allowing data to leave the network, enabling unauthorized access, lowering productivity, or consuming corporate bandwidth. This section will provide visibility into the applications in use, allowing you to make an informed decision on potential risk versus business benefit.
Key Findings: High-risk applications such as file-sharing, social-networking and email were observed on the network, which should be investigated due to their potential for abuse. 390 total applications were seen on the network across 28 sub-categories, as opposed to an industry average of 362 total applications seen in other Lower Education organizations. 2.75TB was used by all applications, including media with 1.13TB, compared to an industry average of 7.23TB in similar organizations.
High-Risk Applications file-sharing 34 INDUSTRY AVERAGE 28 The first step to managing security and business social-networking 34 INDUSTRY AVERAGE 30 risk is identifying which applications can be email 14 abused to cause the most harm. We recommend INDUSTRY AVERAGE 14 closely evaluating applications in these encrypted-tunnel 9 INDUSTRY AVERAGE 10 categories to ensure they are not introducing remote-access 7 unnecessary compliance, operational, or cyber INDUSTRY AVERAGE 9 security risk.
Number of Applications on Network Bandwidth Consumed by Applications
COMPANY 390 COMPANY 2.75 TB INDUSTRY AVERAGE 362 INDUSTRY AVERAGE 7.23 TB ALL ORGANIZATIONS 114 ALL ORGANIZATIONS 21.26 TB
Categories with the Most Applications Categories Consuming the Most Bandwidth The following categories have the most Bandwidth consumed by application category applications variants, and should be reviewed for shows where application usage is heaviest, and business relevance. where you could reduce operational resources.
collaboration 103 media 1.13 TB INDUSTRY AVERAGE 89 INDUSTRY AVERAGE 1.80 TB business-systems 88 general-internet 766.49 GB INDUSTRY AVERAGE 83 INDUSTRY AVERAGE 2.04 TB media 85 networking 597.88 GB INDUSTRY AVERAGE 76 INDUSTRY AVERAGE 2.25 TB general-internet 78 collaboration 170.59 GB INDUSTRY AVERAGE 66 INDUSTRY AVERAGE 349.79 GB networking 36 business-systems 104.78 GB INDUSTRY AVERAGE 48 INDUSTRY AVERAGE 811.89 GB
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 3 Applications that Introduce Risk
The top applications (sorted by bandwidth consumed) for application subcategories RISK LEVEL that introduce risk are displayed below, including industry benchmarks on the 5 4 number of variants across other Lower Education organizations. This data can be 3 used to more effectively prioritize your application enablement efforts. 2 1
Key Findings: A total of 390 applications were seen in your organization, compared to an industry average of 362 in other Lower Education organizations. The most common types of application subcategories are photo-video, internet- utility and file-sharing. The application subcategories consuming the most bandwidth are photo-video, internet-utility and encrypted-tunnel.
Email - 13.59GB 14 14 Remote-Access - 459.19MB 7 9 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP EMAIL APPS TOP REMOTE-ACCESS APPS gmail-base 5.77 GB bomgar 382.86 MB smtp 2.42 GB ms-rdp 68.93 MB
yahoo-mail 1.63 GB teamviewer-sharing 3.31 MB
aim-mail 1.35 GB teamviewer-base 3.29 MB icloud-mail 1.09 GB splashtop-remote 581.87 KB
pop3 643.39 MB logmein 176.19 KB
outlook-web-online 458.33 MB airdroid 70.80 KB optimum-webmail 138.14 MB
File-Sharing - 8.5GB 34 28 Encrypted-Tunnel - 418.34GB 9 10 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP FILE-SHARING APPS TOP ENCRYPTED-TUNNEL APPS dropbox 2.85 GB ssl 413.01 GB google-drive-web 1.65 GB ipsec-esp-udp 4.84 GB
wetransfer 1.53 GB ssh 302.26 MB
bittorrent 1008.75 MB ciscovpn 162.25 MB amazon-cloud-drive-base 817.85 MB open-vpn 24.05 MB
ms-onedrive-base 253.99 MB ike 4.05 MB
qq-download 90.97 MB hola-unblocker 1012.44 KB ftp 65.55 MB tor 69.08 KB
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 4 Applications that Introduce Risk (Continued)
Instant-Messaging - 1.85GB 16 16 Social-Networking - 153.73GB 34 30 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP INSTANT-MESSAGING APPS TOP SOCIAL-NETWORKING APPS snapchat 1012.59 MB twitter-base 82.86 GB
whatsapp-base 400.52 MB tumblr-base 31.15 GB
kik 236.12 MB facebook-base 30.28 GB
facebook-chat 112.80 MB vine-base 3.59 GB jabber 85.33 MB pinterest-base 3.05 GB
wechat-base 20.30 MB google-plus-base 1.56 GB
telegram 9.31 MB google-classroom 568.88 MB qq-base 5.20 MB tinder 284.28 MB
Photo-Video - 883.49GB 50 45 Proxy - 60.31MB 3 5 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP PHOTO-VIDEO APPS TOP PROXY APPS youtube-base 357.96 GB http-proxy 59.70 MB netflix-streaming 203.71 GB freegate 581.47 KB ultrasurf 41.14 KB http-video 140.39 GB
instagram-base 89.78 GB facebook-video 36.90 GB
twitch 14.98 GB
imgur-base 4.92 GB hulu-base 4.70 GB
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 5 Applications that Introduce Risk — Detail
Risk Application Category Sub Category Technology Bytes Sessions 4 gmail-base collaboration email browser-based 5.77GB 132226
5 smtp collaboration email client-server 2.42GB 44677
3 yahoo-mail collaboration email browser-based 1.63GB 22963
4 aim-mail collaboration email browser-based 1.35GB 12948
2 icloud-mail collaboration email client-server 1.09GB 26083
4 pop3 collaboration email client-server 643.39MB 4969
3 outlook-web-online collaboration email browser-based 458.33MB 17296
3 optimum-webmail collaboration email browser-based 138.14MB 1795
4 ssl networking encrypted-tunnel browser-based 413.01GB 4523169
2 ipsec-esp-udp networking encrypted-tunnel client-server 4.84GB 2631
4 ssh networking encrypted-tunnel client-server 302.26MB 108
3 ciscovpn networking encrypted-tunnel client-server 162.25MB 1002
3 open-vpn networking encrypted-tunnel client-server 24.05MB 1
2 ike networking encrypted-tunnel client-server 4.05MB 3438
4 hola-unblocker networking encrypted-tunnel client-server 1012.44KB 107
4 tor networking encrypted-tunnel client-server 69.08KB 1
4 dropbox general-internet file-sharing client-server 2.85GB 12691
5 google-drive-web general-internet file-sharing browser-based 1.65GB 15125
3 wetransfer general-internet file-sharing browser-based 1.53GB 60
5 bittorrent general-internet file-sharing peer-to-peer 1008.75MB 346723
4 amazon-cloud-drive-base general-internet file-sharing browser-based 817.85MB 1
4 ms-onedrive-base general-internet file-sharing client-server 253.99MB 6165
4 qq-download general-internet file-sharing peer-to-peer 90.97MB 38
5 ftp general-internet file-sharing client-server 65.55MB 683
2 snapchat collaboration instant-messaging client-server 1012.59MB 53006
Notes:
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 6 Risk Application Category Sub Category Technology Bytes Sessions 1 whatsapp-base collaboration instant-messaging client-server 400.52MB 6753
2 kik collaboration instant-messaging client-server 236.12MB 9993
3 facebook-chat collaboration instant-messaging browser-based 112.8MB 2792
5 jabber collaboration instant-messaging client-server 85.33MB 1030
2 wechat-base collaboration instant-messaging client-server 20.3MB 6106
2 telegram collaboration instant-messaging client-server 9.31MB 323
4 qq-base collaboration instant-messaging client-server 5.2MB 660
4 youtube-base media photo-video browser-based 357.96GB 261614
3 netflix-streaming media photo-video browser-based 203.71GB 41305
5 http-video media photo-video browser-based 140.39GB 68557
2 instagram-base media photo-video client-server 89.78GB 243073
4 facebook-video media photo-video browser-based 36.9GB 13528
4 twitch media photo-video browser-based 14.98GB 8630
4 imgur-base media photo-video browser-based 4.92GB 11996
2 hulu-base media photo-video browser-based 4.7GB 2453
5 http-proxy networking proxy browser-based 59.7MB 7411
4 freegate networking proxy client-server 581.47KB 10
4 ultrasurf networking proxy client-server 41.14KB 7
4 bomgar networking remote-access client-server 382.86MB 63
4 ms-rdp networking remote-access client-server 68.93MB 15
2 teamviewer-sharing networking remote-access client-server 3.31MB 1
3 teamviewer-base networking remote-access client-server 3.29MB 76
1 splashtop-remote networking remote-access client-server 581.87KB 99
4 logmein networking remote-access client-server 176.19KB 38
3 airdroid networking remote-access browser-based 70.8KB 20
Notes:
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 7 Risk Application Category Sub Category Technology Bytes Sessions 2 twitter-base collaboration social-networking browser-based 82.86GB 334820
2 tumblr-base collaboration social-networking browser-based 31.15GB 65403
4 facebook-base collaboration social-networking browser-based 30.28GB 464547
1 vine-base collaboration social-networking client-server 3.59GB 9086
2 pinterest-base collaboration social-networking browser-based 3.05GB 40003
2 google-plus-base collaboration social-networking browser-based 1.56GB 38082
2 google-classroom collaboration social-networking browser-based 568.88MB 8287
1 tinder collaboration social-networking client-server 284.28MB 1980
Notes:
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 8 SaaS Applications
SaaS–based application services continue to redefine the network perimeter. Often labeled “shadow IT,” most of these services are adopted directly by individual users, business teams, or even entire departments. In order to minimize data security risks you need control over SaaS applications used your network .
Key Findings Your SaaS application usage is more than your industry peers and more than most Palo Alto Networks customers. File-sharing subcategory has the most number of unique SaaS applications. In terms of data movement, google-docs-base is the most used SaaS application in your organization.
SaaS Applications by Numbers Review the applications being used in your organization. To maintain administrative control, adopt SaaS applications that will be managed by your IT team
NUMBER OF SAAS APPLICATIONS
COMPANY 96 INDUSTRY AVERAGE 81
390 ALL ORGANIZATIONS 18 total apps 96 SaaS apps PERCENTAGE OF ALL APPLICATIONS
COMPANY 24.62% INDUSTRY AVERAGE 22.38% ALL ORGANIZATIONS 15.79%
SaaS Application Bandwidth Monitor the volume of data movement to and from SaaS applications. Understand the nature of the applications and how they are being used
SAAS APPLICATION BANDWIDTH
COMPANY 44.43 GB INDUSTRY AVERAGE 299.60 GB
2.75TB ALL ORGANIZATIONS 105.00 GB total data flow 44.43GB for SaaS apps PERCENTAGE OF ALL BANDWIDTH
COMPANY 1.58% INDUSTRY AVERAGE 4.05% ALL ORGANIZATIONS 0.48%
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 9 TOP SAAS APPLICATION SUBCATEGORIES
The following displays the number of applications in each application subcategory. This allows you to assess the most used applications organization.
Top SaaS application subcategories by total number of applications
file-sharing 20 general-business 10 office-programs 9 email 7
The following shows the top used applications by data movement within the subcategories identified above.
File-Sharing - 7.26GB 20 28 General-Business - 1.15GB 10 15 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP FILE-SHARING APPS TOP GENERAL-BUSINESS APPS dropbox 2.85 GB windows-azure-base 553.54 MB google-drive-web 1.65 GB paloalto-wildfire-cloud 538.60 MB
wetransfer 1.53 GB constant-contact 64.02 MB
amazon-cloud-drive-base 817.85 MB zendesk 18.52 MB ms-onedrive-base 253.99 MB eventbrite 4.21 MB
slideshare-base 52.25 MB workday 1.60 MB
mega-base 39.25 MB liveperson 891.56 KB google-cloud-storage-base 33.74 MB concur 420.01 KB
Office-Programs - 17.86GB 9 10 Email - 10.52GB 7 14 APPLICATION VARIANTS APPLICATION VARIANTS VS INDUSTRY AVERAGE VS INDUSTRY AVERAGE TOP OFFICE-PROGRAMS APPS TOP EMAIL APPS google-docs-base 17.69 GB gmail-base 5.77 GB
yahoo-calendar 55.94 MB yahoo-mail 1.63 GB
ms-office365-base 38.71 MB aim-mail 1.35 GB
office-on-demand 35.12 MB icloud-mail 1.09 GB prezi 27.10 MB outlook-web-online 458.33 MB
docusign 16.00 MB optimum-webmail 138.14 MB
evernote-base 2.86 MB comcast-webmail 106.46 MB google-calendar-base 511.86 KB
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 10 TOP SAAS APPLICATIONS
The following displays the top 10 SaaS applications used in your organization and the application usage comparison against your industry peers and all other Palo Alto Networks customers.
Top SaaS Applications by Data Movement
Google-Docs-Base 17.69 GB INDUSTRY AVERAGE 98.46 GB 98.46 GB
Gmail-Base 5.77 GB INDUSTRY AVERAGE 24.70 GB 98.46 GB
Icloud-Base 5.43 GB INDUSTRY AVERAGE 15.67 GB 98.46 GB
Dropbox 2.85 GB INDUSTRY AVERAGE 28.25 GB 98.46 GB
Google-Drive-Web 1.65 GB INDUSTRY AVERAGE 15.10 GB 98.46 GB
Yahoo-Mail 1.63 GB INDUSTRY AVERAGE 2.66 GB 98.46 GB
Wetransfer 1.53 GB INDUSTRY AVERAGE 576.97 MB 98.46 GB
Aim-Mail 1.35 GB INDUSTRY AVERAGE 772.29 MB 98.46 GB
Icloud-Mail 1.09 GB INDUSTRY AVERAGE 2.98 GB 98.46 GB
Amazon-Cloud-Drive-Base 817.85 MB INDUSTRY AVERAGE 443.66 MB 98.46 GB
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 11 URL Activity Uncontrolled Web surfing exposes organizations to security and business risks, including exposure to potential threat propagation, data loss, or compliance violations. The most common URL categories visited by users on the network are shown below.
Key Findings: High-risk URL categories were observed on the network, including computer-and-internet-info, web- advertisements and search-engines. Users visited a total of 13,854,329 URLs during the report time period across 59 categories. There was a variety of personal and work-related Web activity present, including visits to potentially risky websites.
High-Risk URL Categories unknown 94,160 INDUSTRY AVERAGE 333,085 The Web is a primary infection vector for private-ip-addresses 835 INDUSTRY AVERAGE 268,049 attackers, with high-risk URL categories proxy-avoidance-and-anonymizers 142 posing an outsized risk to the INDUSTRY AVERAGE 38,244 dynamic-dns 48 organization. Solutions should allow for INDUSTRY AVERAGE 240 fast blocking of undesired or malicious sites, as well as support quick categorization and investigation of unknowns.
High-Traffic URL Categories Commonly Used URL Categories The top 5 commonly visited URL categories, The top 20 most commonly visited URL along with industry benchmarks across your peer categories are shown below. group, are shown below.
BUSINESS-AND-ECONOMY 678,901 ONLINE-STORAGE-AND-BACKUP 633,552 COMPUTER-AND-INTERNET-INFO 2,716,021 EDUCATIONAL-INSTITUTIONS 611,380 INDUSTRY AVERAGE 5,439,855 STREAMING-MEDIA 611,220 WEB-ADVERTISEMENTS 2,607,627 MUSIC 292,420 INDUSTRY AVERAGE 4,319,023 INTERNET-COMMUNICATIONS-AND-TELEPHONY 287,211 TRAINING-AND-TOOLS 264,274 SEARCH-ENGINES 1,390,706 WEB-BASED-EMAIL 235,704 INDUSTRY AVERAGE 1,919,268 SHOPPING 232,000 SOCIAL-NETWORKING 1,132,151 GAMES 200,340 INDUSTRY AVERAGE 1,365,115 REFERENCE-AND-RESEARCH 173,071 INTERNET-PORTALS 150,886 CONTENT-DELIVERY-NETWORKS 909,836 NEWS 117,235 INDUSTRY AVERAGE 1,855,998 PERSONAL-SITES-AND-BLOGS 103,576 UNKNOWN 94,160 ENTERTAINMENT-AND-ARTS 84,860 SPORTS 45,992 FINANCIAL-SERVICES 39,861 GOVERNMENT 30,026 HEALTH-AND-MEDICINE 26,183
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 12 File Transfer Analysis Applications that can transfer files serve an important business function, but they also potentially allow for sensitive data to leave the network or cyber threats to be delivered. Within your organization, 308 unique file types were observed, across 51 different file types, delivered via a total of 81 total applications. The image below correlates the applications most commonly used to transfer files, along with the most prevalent file and content types observed.
Applications File Types
INSTAGRAM-BASE 98,221 MP4 120,985
HTTP-VIDEO 31,206 ZIP 8,895 MP3 60 MPEG 12 FLASH 521 SHOCKWAVE 1 MSOFFICE 4 WORD 6 WEB-BROWSING 334 PDF 45 GZIP 42 POWERPOINT 24 OFFICE 2007 PPT 236 SMTP 109 OFFICE 2007 XLS 61 EXCEL 11 ENCRYPTED PDF 9
81 51 transferred Applications File Types
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 13 Threats at a Glance Understanding your risk exposure, and how to adjust your security posture to prevent attacks, requires intelligence on the type and volume of threats used against your organization. This section details the application vulnerabilities, known and unknown malware, and command and control activity observed on your network.
Key Findings: 160,431 total vulnerability exploits were observed in your organization, including info-leak, brute-force and code-execution. 601 malware events were observed, versus an industry average of 305,953 across your peer group. 1,574 total command and control requests were identified, indicating attempts by malware to communicate with attackers to download additional malware, receive instructions, or exfiltrate data.
84% 28% 25% 136,212: info-leak 72% 75% 160,431 12,185: brute-force Vulnerability 8,328: code-execution 16% Exploits 5,276: Other Robbinsville INDUSTRY ALL Board AVERAGE ORGANIZATIONS of Education
98% 11% 7% 89% 93%
601 592: Unknown Malware Malware 9: Known Malware 2% Detections Robbinsville INDUSTRY ALL Board AVERAGE ORGANIZATIONS of Education
1,574 Command and 1,574: Known Connections Control Detections
Files Leaving the Network Transferring files is a required and common part of doing business, but you via must maintain visibility into what content 28 is leaving the network via which different applications applications, in order to limit your 76,838 organization’s exposure to data loss. files potentially leaving the network
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 14 High-Risk and Malicious File Type Analysis Today’s cyber attackers use a variety of file types to deliver malware and exploits, often focusing on content from common business applications present in most enterprise networks. The majority of commodity threats are delivered via executable files, with more targeted and advanced attacks often using other content to compromise networks.
Key Findings: A variety of file-types were used to deliver threats, and prevention strategies should cover all major content types. You can reduce your attack surface by proactively blocking high-risk file-types, such as blocking executable files downloaded from the Internet, or disallowing RTF files or LNK files, which are not needed in daily business.
High-Risk File Types The file types shown represent a greater risk to the organization due to a combination of new vulnerabilities being discovered, existing and unpatched flaws, and prevalence of use in attacks.
Shockwave 25.37% INDUSTRY AVERAGE 31.77% MP4 15.63% 4.49% 47.88% INDUSTRY AVERAGE MP3 6.31% of all files INDUSTRY AVERAGE 12.54% Email Link 3.03% are ZIP INDUSTRY AVERAGE 8.44% GZIP 1.78% INDUSTRY AVERAGE 2.38%
Files Delivering Unknown Malware We recommend investigating the files that may be used to deliver threats both within your organization, and across your peer group. Together, these trends allow you to take preventive action such as blocking high-risk file types across different user groups.
91.72% Microsoft Word 97 - 2003 Document 7.77% INDUSTRY AVERAGE 12.87% of all files PE 0.51% INDUSTRY AVERAGE 19.97% are Microsoft Word
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 15 Application Vulnerabilities Application vulnerabilities allow attackers to exploit vulnerable, often unpatched, applications to infect systems, which often represent one of the first steps in a breach. This page details the top five application vulnerabilities attackers attempted to exploit within your organization, allowing you to determine which applications represent the largest attack surface.
Key Findings: 72 total applications were observed delivering exploits to your environment. 160,431 total vulnerability exploits were observed across the following top three applications: unknown-tcp, web-browsing and ssl. 88 unique vulnerability exploits were found, meaning attackers continued to attempt to exploit the same vulnerability multiple times.
Applications delivering Total vulnerability Unique vulnerability exploits exploits exploits
COMPANY 72 160,431 88 INDUSTRY AVERAGE 33 1,364,646 157 ALL ORGANIZATIONS 24 4,044,540 300
Vulnerability Exploits per Application (top 5 applications with most detections)
DETECTIONS APPLICATION & VULNERABILITY EXPLOITS SEVERITY THREAT TYPE CVE ID 75,579 unknown-tcp
2,382 HTTP GET Requests Long URI Anomaly Low overflow CVE-2006-5850;CVE- 2007-0774;CVE-2002- 1310;CVE-2006-5850 18 Suspicious Abnormal HTTP Response Found Low code-execution 73,179 HTTP Non RFC-Compliant Response Found Info info-leak CVE-2010-2561
37,505 web-browsing
7 Exploit Kit Related Injected Javascripts Detection Critical code-execution 4 Sweet-Orange Exploit Kit Detection Critical exploit-kit 3 IBM Rational Quality Manager and Test Lab Manager Remote Code Critical code-execution CVE-2010-4094 Execution Vulnerability 7 Wavelink Emulation License Server HTTP Header Processing Critical brute-force Buffer Overflow Vulnerability 6 HTTP Cross Site Scripting Vulnerability Critical code-execution 91 Microsoft IIS Escaped Characters Decoding Command Execution Critical code-execution CVE-2001-0333 Vulnerability 563 HTTP Unauthorized Brute-force Attack High brute-force 16 Generic HTTP Cross Site Scripting Attempt High code-execution 65 HTTP /etc/passwd Access Attempt High info-leak 254 Microsoft Windows win.ini access attempt High info-leak
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 16 DETECTIONS APPLICATION & VULNERABILITY EXPLOITS SEVERITY THREAT TYPE CVE ID 32,486 ssl
3 GnuTLS Server Hello Session ID Memory Corruption Vulnerability High overflow CVE-2014-3466 23,774 POODLE Bites Vulnerability Info info-leak CVE-2014-8730 8,704 Use of insecure SSLv3.0 Found in Server Response Info info-leak CVE-2014-3566 5 OpenSSL TLS Heartbeat Found Info info-leak
4,545 google-base
149 HTTP GET Requests Long URI Anomaly Low overflow CVE-2006-5850;CVE- 2007-0774;CVE-2002- 1310;CVE-2006-5850 3,319 POODLE Bites Vulnerability Info info-leak CVE-2014-8730 934 Abnormal URI and long headers Info info-leak CVE-2015-4059 106 Use of insecure SSLv3.0 Found in Server Response Info info-leak CVE-2014-3566 21 HTTP OPTIONS Method Info info-leak 8 Microsoft ASP.NET Remote Unauthenticated Denial of Service Info brute-force CVE-2009-1536 Vulnerability 8 WebDav Option Request Info info-leak
2,428 sip
2,387 SIP Register Request Attempt Low brute-force 24 Microsoft Communicator INVITE Flood Denial of Service Info brute-force CVE-2008-5180 Vulnerability 17 SIP Bye Request Attempt Info brute-force
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 17 Known and Unknown Malware Applications are the primary vectors used to deliver malware and infect organizations, communicate outbound, or exfiltrate data. Adversaries’ tactics have evolved to use the applications commonly found on the network into which traditional security solutions have little or no visibility.
Key Findings: 2 total applications were observed delivering malware to your organization, out of 390 total applications on the network. Many applications delivering malware are required to run your business, which means you need a solution that can prevent threats, while still enabling the applications. While most malware is delivered over HTTP or SMTP, advanced attacks will often use other applications, including those on non-standard ports or employing other evasive behavior.
KNOWN MALWARE UNKNOWN MALWARE
8 SMTP 592 2100 INDUSTRY AVERAGE 12049
KNOWN MALWARE UNKNOWN MALWARE
1 FLASH 458 INDUSTRY AVERAGE 17
2 applications found delivering malware
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 18 Command and Control Analysis Command-and-control (CnC) activity could indicates a host in the network has been infected by malware, and may be attempting to connect outside of the network to malicious actors, reconnaissance attempts from outside, or other command-and-control traffic. Understanding and preventing this activity is critical, as attackers use CnC to deliver additional malware, provide instruction, or exfiltrate data.
Key Findings: 2 total applications were used for command-and-control communication. 1,574 total command-and-control requests were seen on your network. 4 total suspicious DNS queries were observed.
COMMAND AND CONTROL Spyware Phone Home: 1,570 ACTIVITY BY APPLICATION This image below represents compromised hosts attempting to connect external malicious CnC servers.
delfiles.Gen Command And Control Traffic 1 Suspicious user-agent strings 1,569
WEB-BROWSING - 1,570 Suspicious DNS Queries: 4 While DNS is a common and necessary application, it is also commonly used to hide outbound CnC communication, as shown in the chart below.
None:ubdjoe.com 1 None:uafmpabkrsb.net 1 None:kydmac.com 1 generic:mafiawantsyouqq.com 1
DNS - 4
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 19 Summary: Robbinsville Board of Education
The analysis determined that a wide range of applications and cyber attacks were present on the network. This activity represents potential business and security risks to Robbinsville Board of 390 Education, but also an ideal opportunity to implement safe application enablement policies that, APPLICATIONS not only allow business to continue growing, but reduce the overall risk exposure of the IN USE organization.
Highlights Include: 91 High-risk applications such as file-sharing, social-networking and email were observed on HIGH RISK the network, which should be investigated due to their potential for abuse. 390 total applications were seen on the network across 28 sub-categories, as opposed to an APPLICATIONS industry average of 362 total applications seen in other Lower Education organizations. 160,431 total vulnerability exploits were observed across the following top three applications: unknown-tcp, web-browsing and ssl. 161,032 601 malware events were observed, versus an industry average of 305,953 across your peer TOTAL THREATS group. 2 total applications were used for command and control communication. 160,431 VULNERABILITY EXPLOITS
9 KNOWN MALWARE
592 UNKNOWN MALWARE
Recommendations: Implement safe application enablement polices, by only allowing the applications needed for business, and applying granular control to all others. Address high-risk applications with the potential for abuse, such as remote access, file sharing, or encrypted tunnels. Deploy a security solution that can detect and prevent threats, both known and unknown, to mitigate risk from attackers. Use a solution that can automatically re-program itself, creating new protections for emerging threats, sourced from a global community of other enterprise users.
SECURITY LIFECYCLE REVIEW | PALO ALTO NETWORKS 20