EP--APCL--URLF--IPS--DLP--AV--AB--TE--COMPLIANCE.doc

《EP--APCL--URLF--IPS--DLP--AV--AB--TE--COMPLIANCE.doc》由会员分享，可在线阅读，更多相关《EP--APCL--URLF--IPS--DLP--AV--AB--TE--COMPLIANCE.doc（41页珍藏版）》请在咨信网上搜索。

1、PREPARED FORPREPARED BYDATE 十月 1, 2024REPORT IDID_1F357EF3-0B4A-4D1F-8D83-8B036FC18BCATABLE OF CONTENTEXECUTIVE SUMMARY3ACCESS CONTROL & DATA PROTECTION FINDINGS4Web Security Events4Data Loss Events8THREAT PREVENTION FINDINGS11Bot Events11Virus Events13Advanced Threats16Intrusion & Attack Events18EN

2、DPOINT SECURITY FINDINGS19COMPLIANCE SECURITY ANALYSIS22BANDWIDTH ANALYSIS26REMEDIATION RECOMMENDATIONS28SOFTWARE-DEFINED PROTECTION37ABOUT CHECK POINT SOFTWARE TECHNOLOGIES41 EXECUTIVE SUMMARYThis document provides the findings of a recent security analysis of your infrastructure. The document repr

3、esents a summary of these findings and presents a set of recommendations for addressing the detected events. The analysis is based on data collected using the characteristics below:The following is a summary of the main high and critical risk security events detected: ACCESS CONTROL & DATA PROTECTIO

4、N FINDINGSWEB SECURITY EVENTSTop High Risk Applications & SitesWithin the areas of web applications and websites, the following items are of the highest risk levels Risk level 5 indicates an application that can bypass security or hide identities (for example: Tor, VTunnel). Risk level 4 indicates a

5、n application that can cause data leakage or malware infection without user knowledge (for example: File Sharing, P2P uTorrent or P2P Kazaa). Remote Administration applications might be legitimate when used by admins and helpdesk. High Risk Applications Compliant with Organizational Security Policy

6、High risk applications are applications that can bypass security, hide identities, cause data leakage or even malware infection without user knowledge. In most cases, use of such applications is against organizational security policy. However, in some cases specific applications can be made complian

7、t with organizational policy. The following high risk applications were detected during the security analysis, but comply with organizational security policy.Application Organizational Security PolicyN/A (to be filled in manually)N/A (to be filled in manually)Top High Risk Applications DescriptionTh

8、e following tables provide summary explanations of the top events found and their associated security or business risks:Top Users of High Risk Applications The following users were involved in the highest number of risky application and web usage events:*Note: User names will be displayed in the abo

9、ve table only when Check Point Identity Awareness Software Blade is enabled and configured. DATA LOSS EVENTSYour company data is one of the the most valuable assets of your organization. Any intentional or unintentional loss can cause damage to your organization. The following represents the charact

10、eristics of the data loss events that were identified during the course of the anlysis.Top Data Loss EventsThe following list summarizes the identified data loss activity and the number of times that the specific type of event occurred.Top Files Sent Outside of the Organization over HTTPThe followin

11、g table presents files sent outside of the organization that may contain sensitive data.Top Files Sent Outside of the Organization over SMTP The following table presents files sent outside of the organization that may contain sensitive data.Top Data Loss Events by Mail SenderThis chart shows data le

12、akage by mail sender on your network.THREAT PREVENTION FINDINGSBOT EVENTSA bot is malicious software that invades your computer. Bots allow criminals to remotely control computer systems and execute illegal activities without users awareness. These activities can include: stealing data, spreading sp

13、am, distributing malware, participating in Denial of Service attacks and more. Bots are often used as tools in targeted attacks known as Advanced Persistent Threats (APTs). A botnet is a collection of such compromised computer systems.The following table summarizes the number of hosts infected with

14、bots and their activities detected in your network. Hosts with High and Critical Bot EventsDuring the security analysis, the Check Point solution identified a number of Malware-related events that indicate bot activity. This table shows a sample of hosts that experienced high risk events.More detail

15、s about malware identified in this report can be found by searching Check Point ThreatWiki, Check Points public malware database at VIRUS EVENTSThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open an infected file in an email attachmen

16、t, download an infected file, or click on a link leading to a malicious site.The following tables summarize malware downloads and access to malware-infested sites events, detected in your network.During the security analysis, the Check Point solution identified a number of Malware-related events whi

17、ch indicate malicious file downloads, connections to malware-infested sites or emails with link to a malicious site. Malicious File/Exploit Downloaded via HTTP Malicious File/Exploit Downloaded via SMTPAccess to a Site Known to Contain MalwareReceived Emails with a Link to Malicious Site More detail

18、s about malware identified in this report can be found by searching Check Point ThreatWiki, Check Points public malware database at ADVANCED THREATSWith cyber-threats becoming increasingly sophisticated, advanced threats often include new exploits that are spread almost daily and there are no existi

19、ng protections. These exploits include zero-day attacks of new vulnerabilities and countless new malware variants.This section summarizes advanced threats detected in your network. To receive a detailed malware analysis on specific event, please contact the local Check Point representative who condu

20、cted this report. Top Advanced Threats Downloaded from Web The following table summarizes advanced threats detected in web traffic:Top Advanced Threats Sent via Email (SMTP)The following table summarizes advanced threats detected in email attachment based on SMTP traffic:INTRUSION & ATTACK EVENTSTop

21、 Intrusion & Attack EventsDuring the security analysis, the Check Point solution identified a number of intrusion prevention-related events. Some of these events were categorized as high risk. The following chart shows the distribution of events according to severity:*CVE (Common Vulnerabilities and

22、 Exposures) is a dictionary for publicly known security vulnerabilities. To find more information about a specific IPS event, search the CVE ID using National Vulnerability Database CVE search web page. ENDPOINT SECURITY FINDINGS This section of the report provides the security findings related to t

23、he hosts of your infrastructure. The section represents a summary of these findings and detailed information per security vector. The remediation section of this report presents a set of recommendations for addressing the detected events. Endpoint Security Events Summary Top Endpoints Running High R

24、isk Applications The following table presents top endpoint machines running high risk applications or that have accessed a high risk website:Top Endpoints Intrusion & Attack EventsThe following table presents top endpoint machines with intrusion prevention-related events. Top Endpoints Involved in D

25、ata Loss IncidentsThe following table present top endpoint machines with data loss related eventsTop Endpoints Involved in a Malware IncidentThe following table presents top endpoint machines with Malware-related security events COMPLIANCE SECURITY ANALYSISThis section presents a detailed analysis o

26、f the security policies of your existing Check Point Network Security deployment. The analysis was performed using Check Point Compliance Software Blade which utilizes an extensive library of hundreds of security best practices and recommendations for improving your organizations network securitySec

27、urity Policy ComplianceThe Compliance Software Blade scanned the configuration of your Security Management, Gateways and installed Software Blades. The results have been compared with a sample of our security best practices. From our 76 recommended best practices, we found that 37 were fully complia

28、nt, while 39 were missing or not compliant. This results in an overall compliance level of 48%. Security Best Practices Compliance Top FindingsThe table below presents the most important security best practices that were detected to be missing or not correctly configured.Best Practices Compliance by

29、 Security Software BladeThe table below shows the overall security status for each Software Blade.For each Software Blade, Check Point recommends a set of best practices. A score of 100% means that all best practices for that blade were found to be securely configured. A score less than 100% indicat

30、es there are configurations that are not according to best practices and therefore pose potential security weaknesses in your environment.Regulatory Compliance SummaryThe following table shows your network security regulatory compliance level. The status is determined by analysing the relevant Check

31、 Point security best practices and summarizing them by regulation.* The Compliance Status is based on the sample of Security Best Practices linked to each regulation BANDWIDTH ANALYSISThe following section summarizes the bandwidth usage and web browsing profile of your organization during the time o

32、f analysis.Top Bandwidth Utilization by Applications & Websites The following table presents the top detected web applications and websites sorted by consumed bandwidth Top Web Categories The following table shows the top 10 categories and number of hits associated with employee Internet browsing.So

33、cial networking bandwidth (MB)The use of social networking sites has become common at the workplace and at home. Many businesses leverage social networking technologies for their marketing and sales efforts, and their recruiting programs. During the course of this analysis, and consistent with over-

34、all market trends, the following social networking sites consumed the most network bandwidth:REMEDIATION RECOMMENDATIONSACCESS CONTROL & DATA PROTECTION RECOMMENDATIONS This report addresses identified security events across multiple security areas and at varying levels of criticality. The table bel

35、ow reviews the most critical of these incidents and presents methods to mitigate their risks. Check Point provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the software blades into which the defenses are incorporated.Web Security

36、 Events Remediation Recommendations Click for more information about Check Point Application Control and URL Filtering Security Gateway Software Blades.Data Loss Events Remediation RecommendationsClick for more information about Check Point DLP security gateway software blade.THREAT PREVENTION RECOM

37、MENDATIONSMalware Threats Remediation Recommendations Click for more information about Check Point Anti-Bot, Anti-Virus and Threat Emulation Security Gateway Software Blades.Intrusions & Attacks Events Remediation Recommendations Click for more information about Check Point IPS Security Gateway Soft

38、ware Blade.ENDPOINT SECURITY REMEDIATION RECOMMENDATIONSThis section addresses identified endpoint security events across multiple security areas and at varying levels of criticality. The tables below review the most critical of these incidents and presents methods to mitigate their risks. Check Poi

39、nt provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the Endpoint Software Blades into which the defenses are incorporated.Web Security Events - Endpoint Remediation Recommendations Click for more information about the following

40、Check Point Endpoint Security Software Blades: Program Control Endpoint Security Software Blade Compliance Check Endpoint Security Software Blade Firewall Endpoint Security Software BladeIntrusion & Attack Events - Endpoint Remediation RecommendationsClick for more information about the following Ch

41、eck Point Endpoint Security Software Blades:Firewall Endpoint Security Software Blade Compliance Check Endpoint Security Software BladeData Loss Events - Endpoint Remediation RecommendationsClick for more information about the following Check Point Endpoint Security Software Blades: Full Disk Encryp

42、tion Endpoint Security Software Blade Media Encryption Endpoint Security Software Blade Document Security Endpoint Security Software BladeMalware Events - Endpoint Remediation Recommendations Click for more information about the following Check Point Endpoint Security Software Blades: Anti-Malware E

43、ndpoint Security Software Blade Firewall & Compliance Check Endpoint Security Software BladeRunning Comprehensive Endpoint Security analysis reportTo perform a more comprehensive analysis on your endpoints for the security posture and potential risks, run the Endpoint Security analysis report or con

44、tact your local Check Point representative.COMPLIANCE BLADE REMEDIATION RECOMMENDATIONSThis report addresses identified security configuration requires attention across Check Point Software Blades. The table below reviews some items to address with guidance on how to improve security level. SOFTWARE

45、-DEFINED PROTECTIONIn a world with high-demanding IT infrastructures and networks, where perimeters are no longer well defined, and where threats grow more intelligent every day, we need to define the right way to protect enterprises in the ever changing threat landscape.There is a wide proliferatio

46、n of point security products; however these products tend to be reactive and tactical in nature rather than architecturally oriented. Todays corporations need a single architecture that combines high performance network security devices with real-time proactive protections.A new paradigm is needed to protect organizations proactively.Software-defined Protection is a new, pragmatic security architecture and methodology. It offers an infrastructure that is modular, agile and most importantly, SECURE.Such architecture must protect organizations of all sizes at any l