资源描述
PREPARED FOR
< fill in company name >
PREPARED BY
< fill in name and title here >
DATE
十月 1, 2024
REPORT ID
ID_1F357EF3-0B4A-4D1F-8D83-8B036FC18BCA
TABLE OF CONTENT
EXECUTIVE SUMMARY 3
ACCESS CONTROL & DATA PROTECTION FINDINGS 4
Web Security Events 4
Data Loss Events 8
THREAT PREVENTION FINDINGS 11
Bot Events 11
Virus Events 13
Advanced Threats 16
Intrusion & Attack Events 18
ENDPOINT SECURITY FINDINGS 19
COMPLIANCE SECURITY ANALYSIS 22
BANDWIDTH ANALYSIS 26
REMEDIATION RECOMMENDATIONS 28
SOFTWARE-DEFINED PROTECTION 37
ABOUT CHECK POINT SOFTWARE TECHNOLOGIES 41
EXECUTIVE SUMMARY
This document provides the findings of a recent security analysis of your infrastructure. The document represents a summary of these findings and presents a set of recommendations for addressing the detected events.
The analysis is based on data collected using the characteristics below:
The following is a summary of the main high and critical risk security events detected:
ACCESS CONTROL & DATA PROTECTION FINDINGS
WEB SECURITY EVENTS
Top High Risk Applications & Sites
Within the areas of web applications and websites, the following items are of the highest risk levels¹
¹ Risk level 5 indicates an application that can bypass security or hide identities (for example: Tor, VTunnel). Risk level 4 indicates an application that can cause data leakage or malware infection without user knowledge (for example: File Sharing, P2P uTorrent or P2P Kazaa). Remote Administration applications might be legitimate when used by admins and helpdesk.
High Risk Applications Compliant with Organizational Security Policy
High risk applications are applications that can bypass security, hide identities, cause data leakage or even malware infection without user knowledge. In most cases, use of such applications is against organizational security policy. However, in some cases specific applications can be made compliant with organizational policy. The following high risk applications were detected during the security analysis, but comply with organizational security policy.
Application
Organizational Security Policy
N/A
(to be filled in manually)
N/A
(to be filled in manually)
Top High Risk Applications Description
The following tables provide summary explanations of the top events found and their associated security or business risks:
Top Users of High Risk Applications
The following users were involved in the highest number of risky application and web usage events:
*Note: User names will be displayed in the above table only when Check Point Identity Awareness Software Blade is enabled and configured.
DATA LOSS EVENTS
Your company data is one of the the most valuable assets of your organization. Any intentional or unintentional loss can cause damage to your organization. The following represents the characteristics of the data loss events that were identified during the course of the anlysis.
Top Data Loss Events
The following list summarizes the identified data loss activity and the number of times that the specific type of event occurred.
Top Files Sent Outside of the Organization over HTTP
The following table presents files sent outside of the organization that may contain sensitive data.
Top Files Sent Outside of the Organization over SMTP
The following table presents files sent outside of the organization that may contain sensitive data.
Top Data Loss Events by Mail Sender
This chart shows data leakage by mail sender on your network.
THREAT PREVENTION FINDINGS
BOT EVENTS
A bot is malicious software that invades your computer. Bots allow criminals to remotely control computer systems and execute illegal activities without user’s awareness. These activities can include: stealing data, spreading spam, distributing malware, participating in Denial of Service attacks and more. Bots are often used as tools in targeted attacks known as Advanced Persistent Threats (APTs). A botnet is a collection of such compromised computer systems.
The following table summarizes the number of hosts infected with bots and their activities detected in your network.
Hosts with High and Critical Bot Events
During the security analysis, the Check Point solution identified a number of Malware-related events that indicate bot activity. This table shows a sample of hosts that experienced high risk events.
More details about malware identified in this report can be found by searching Check Point ThreatWiki, Check Point's public malware database at
VIRUS EVENTS
There are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open an infected file in an email attachment, download an infected file, or click on a link leading to a malicious site.
The following tables summarize malware downloads and access to malware-infested sites events, detected in your network.
During the security analysis, the Check Point solution identified a number of Malware-related events which indicate malicious file downloads, connections to malware-infested sites or emails with link to a malicious site.
Malicious File/Exploit Downloaded via HTTP
Malicious File/Exploit Downloaded via SMTP
Access to a Site Known to Contain Malware
Received Emails with a Link to Malicious Site
More details about malware identified in this report can be found by searching Check Point ThreatWiki, Check Point's public malware database at
ADVANCED THREATS
With cyber-threats becoming increasingly sophisticated, advanced threats often include new exploits that are spread almost daily and there are no existing protections. These exploits include zero-day attacks of new vulnerabilities and countless new malware variants.
This section summarizes advanced threats detected in your network. To receive a detailed malware analysis on specific event, please contact the local Check Point representative who conducted this report.
Top Advanced Threats Downloaded from Web
The following table summarizes advanced threats detected in web traffic:
Top Advanced Threats Sent via Email (SMTP)
The following table summarizes advanced threats detected in email attachment based on SMTP traffic:
INTRUSION & ATTACK EVENTS
Top Intrusion & Attack Events
During the security analysis, the Check Point solution identified a number of intrusion prevention-related events. Some of these events were categorized as high risk. The following chart shows the distribution of events according to severity:
*CVE (Common Vulnerabilities and Exposures) is a dictionary for publicly known security vulnerabilities. To find more information about a specific IPS event, search the CVE ID using National Vulnerability Database CVE search web page.
ENDPOINT SECURITY FINDINGS
This section of the report provides the security findings related to the hosts of your infrastructure. The section represents a summary of these findings and detailed information per security vector. The remediation section of this report presents a set of recommendations for addressing the detected events.
Endpoint Security Events Summary
Top Endpoints Running High Risk Applications
The following table presents top endpoint machines running high risk applications or that have accessed a high risk website:
Top Endpoints Intrusion & Attack Events
The following table presents top endpoint machines with intrusion prevention-related events.
Top Endpoints Involved in Data Loss Incidents
The following table present top endpoint machines with data loss related events
<Endpoint DLP>
Top Endpoints Involved in a Malware Incident
The following table presents top endpoint machines with Malware-related security events
COMPLIANCE SECURITY ANALYSIS
This section presents a detailed analysis of the security policies of your existing Check Point Network Security deployment.
The analysis was performed using Check Point Compliance Software Blade which utilizes an extensive library of hundreds of security best practices and recommendations for improving your organization’s network security
Security Policy Compliance
The Compliance Software Blade scanned the configuration of your Security Management, Gateways and installed Software Blades. The results have been compared with a sample of our security best practices. From our 76 recommended best practices, we found that 37 were fully compliant, while 39 were missing or not compliant. This results in an overall compliance level of 48%.
Security Best Practices Compliance Top Findings
The table below presents the most important security best practices that were detected to be missing or not correctly configured.
Best Practices Compliance by Security Software Blade
The table below shows the overall security status for each Software Blade.
For each Software Blade, Check Point recommends a set of best practices. A score of 100% means that all best practices for that blade were found to be securely configured. A score less than 100% indicates there are configurations that are not according to best practices and therefore pose potential security weaknesses in your environment.
Regulatory Compliance Summary
The following table shows your network security regulatory compliance level. The status is determined by analysing the relevant Check Point security best practices and summarizing them by regulation.
* The Compliance Status is based on the sample of Security Best Practices linked to each regulation
BANDWIDTH ANALYSIS
The following section summarizes the bandwidth usage and web browsing profile of your organization during the time of analysis.
Top Bandwidth Utilization by Applications & Websites
The following table presents the top detected web applications and websites sorted by consumed bandwidth
Top Web Categories
The following table shows the top 10 categories and number of hits associated with employee Internet browsing.
Social networking bandwidth (MB)
The use of social networking sites has become common at the workplace and at home. Many businesses leverage social networking technologies for their marketing and sales efforts, and their recruiting programs. During the course of this analysis, and consistent with over-all market trends, the following social networking sites consumed the most network bandwidth:
REMEDIATION RECOMMENDATIONS
ACCESS CONTROL & DATA PROTECTION RECOMMENDATIONS
This report addresses identified security events across multiple security areas and at varying levels of criticality. The table below reviews the most critical of these incidents and presents methods to mitigate their risks. Check Point provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the software blades into which the defenses are incorporated.
Web Security Events Remediation Recommendations
Click for more information about Check Point Application Control and URL Filtering Security Gateway Software Blades.
Data Loss Events Remediation Recommendations
Click for more information about Check Point DLP security gateway software blade.
THREAT PREVENTION RECOMMENDATIONS
Malware Threats Remediation Recommendations
Click for more information about Check Point Anti-Bot, Anti-Virus and Threat Emulation Security Gateway Software Blades.
Intrusions & Attacks Events Remediation Recommendations
Click for more information about Check Point IPS Security Gateway Software Blade.
ENDPOINT SECURITY REMEDIATION RECOMMENDATIONS
This section addresses identified endpoint security events across multiple security areas and at varying levels of criticality. The tables below review the most critical of these incidents and presents methods to mitigate their risks. Check Point provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the Endpoint Software Blades into which the defenses are incorporated.
Web Security Events - Endpoint Remediation Recommendations
Click for more information about the following Check Point Endpoint Security Software Blades:
· Program Control Endpoint Security Software Blade
· Compliance Check Endpoint Security Software Blade
· Firewall Endpoint Security Software Blade
Intrusion & Attack Events - Endpoint Remediation Recommendations
Click for more information about the following Check Point Endpoint Security Software Blades:
Firewall Endpoint Security Software Blade
Compliance Check Endpoint Security Software Blade
Data Loss Events - Endpoint Remediation Recommendations
Click for more information about the following Check Point Endpoint Security Software Blades:
· Full Disk Encryption Endpoint Security Software Blade
· Media Encryption Endpoint Security Software Blade
· Document Security Endpoint Security Software Blade
Malware Events - Endpoint Remediation Recommendations
Click for more information about the following Check Point Endpoint Security Software Blades:
· Anti-Malware Endpoint Security Software Blade
· Firewall & Compliance Check Endpoint Security Software Blade
Running Comprehensive Endpoint Security analysis report
To perform a more comprehensive analysis on your endpoints for the security posture and potential risks, run the Endpoint Security analysis report or contact your local Check Point representative.
COMPLIANCE BLADE REMEDIATION RECOMMENDATIONS
This report addresses identified security configuration requires attention across Check Point Software Blades. The table below reviews some items to address with guidance on how to improve security level.
SOFTWARE-DEFINED PROTECTION
In a world with high-demanding IT infrastructures and networks, where perimeters are no longer well defined, and where threats grow more intelligent every day, we need to define the right way to protect enterprises in the ever changing threat landscape.
There is a wide proliferation of point security products; however these products tend to be reactive and tactical in nature rather than architecturally oriented. Today’s corporations need a single architecture that combines high performance network security devices with real-time proactive protections.
A new paradigm is needed to protect organizations proactively.
Software-defined Protection is a new, pragmatic security architecture and methodology. It offers an infrastructure that is modular, agile and most importantly, SECURE.
Such architecture must protect organizations of all sizes at any l
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
