©2010-2026 宁波自信网络信息技术有限公司 版权所有
客服电话:0574-28810668 投诉电话:18658249818
浙ICP备2021020529号-1 | 浙B2-20240490
关注我们 :
1、 PREPARED FOR < fill in company name > PREPARED BY < fill in name and title here > DATE 十月 1, 2024 REPORT ID ID_1F357EF3-0B4A-4D1F-8D83-8B036FC18BCA TABLE OF CONTENT EXECUTIVE SUMMARY 3 ACCESS CONTROL & DATA PROT
2、ECTION FINDINGS 4 Web Security Events 4 Data Loss Events 8 THREAT PREVENTION FINDINGS 11 Bot Events 11 Virus Events 13 Advanced Threats 16 Intrusion & Attack Events 18 ENDPOINT SECURITY FINDINGS 19 COMPLIANCE SECURITY ANALYSIS 22 BANDWIDTH ANALYSIS 26 REMEDIATION RECOMMENDATIONS 28 SOFTW
3、ARE-DEFINED PROTECTION 37 ABOUT CHECK POINT SOFTWARE TECHNOLOGIES 41 EXECUTIVE SUMMARY This document provides the findings of a recent security analysis of your infrastructure. The document represents a summary of these findings and presents a set of recommendations for addressing the dete
4、cted events. The analysis is based on data collected using the characteristics below: The following is a summary of the main high and critical risk security events detected: ACCESS CONTROL & DATA PROTECTION FINDINGS WEB SECURITY EVENTS Top High Risk Applications
5、 Sites Within the areas of web applications and websites, the following items are of the highest risk levels¹ ¹ Risk level 5 indicates an application that can bypass security or hide identities (for example: Tor, VTunnel). Risk level 4 indicates an application that can cause data leakage or
6、malware infection without user knowledge (for example: File Sharing, P2P uTorrent or P2P Kazaa). Remote Administration applications might be legitimate when used by admins and helpdesk. High Risk Applications Compliant with Organizational Security Policy High risk applications are applications
7、that can bypass security, hide identities, cause data leakage or even malware infection without user knowledge. In most cases, use of such applications is against organizational security policy. However, in some cases specific applications can be made compliant with organizational policy. The follow
8、ing high risk applications were detected during the security analysis, but comply with organizational security policy. Application Organizational Security Policy N/A (to be filled in manually) N/A (to be filled in manually) Top High Risk Applications Description The following tables provi
9、de summary explanations of the top events found and their associated security or business risks: Top Users of High Risk Applications The following users were involved in the highest number of risky application and web usage events: *Note: User names will be displayed in the above table onl
10、y when Check Point Identity Awareness Software Blade is enabled and configured. DATA LOSS EVENTS Your company data is one of the the most valuable assets of your organization. Any intentional or unintentional loss can cause damage to your organization. The following represents the characteris
11、tics of the data loss events that were identified during the course of the anlysis. Top Data Loss Events The following list summarizes the identified data loss activity and the number of times that the specific type of event occurred. Top Files Sent Outside of the Organization over HTTP Th
12、e following table presents files sent outside of the organization that may contain sensitive data. Top Files Sent Outside of the Organization over SMTP The following table presents files sent outside of the organization that may contain sensitive data. Top Data Loss Events by Mail Sender
13、This chart shows data leakage by mail sender on your network. THREAT PREVENTION FINDINGS BOT EVENTS A bot is malicious software that invades your computer. Bots allow criminals to remotely control computer systems and execute illegal activities without user’s awareness. These activi
14、ties can include: stealing data, spreading spam, distributing malware, participating in Denial of Service attacks and more. Bots are often used as tools in targeted attacks known as Advanced Persistent Threats (APTs). A botnet is a collection of such compromised computer systems. The following tabl
15、e summarizes the number of hosts infected with bots and their activities detected in your network. Hosts with High and Critical Bot Events During the security analysis, the Check Point solution identified a number of Malware-related events that indicate bot activity. This table shows a sample
16、 of hosts that experienced high risk events. More details about malware identified in this report can be found by searching Check Point ThreatWiki, Check Point's public malware database at VIRUS EVENTS There are numerous channels that cybercriminals use to distribute malwa
17、re. Most common methods motivate users to open an infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. The following tables summarize malware downloads and access to malware-infested sites events, detected in your network. During th
18、e security analysis, the Check Point solution identified a number of Malware-related events which indicate malicious file downloads, connections to malware-infested sites or emails with link to a malicious site. Malicious File/Exploit Downloaded via HTTP Malicious File/Exploit Downloaded via
19、 SMTP Access to a Site Known to Contain Malware Received Emails with a Link to Malicious Site More details about malware identified in this report can be found by searching Check Point ThreatWiki, Check Point's public malware database at ADVANCED THREATS With cyber-threat
20、s becoming increasingly sophisticated, advanced threats often include new exploits that are spread almost daily and there are no existing protections. These exploits include zero-day attacks of new vulnerabilities and countless new malware variants. This section summarizes advanced threats detected
21、 in your network. To receive a detailed malware analysis on specific event, please contact the local Check Point representative who conducted this report. Top Advanced Threats Downloaded from Web The following table summarizes advanced threats detected in web traffic: Top Adv
22、anced Threats Sent via Email (SMTP) The following table summarizes advanced threats detected in email attachment based on SMTP traffic: INTRUSION & ATTACK EVENTS Top Intrusion & Attack Events During the security analysis, the Check Point solution identified a number of intrusion preven
23、tion-related events. Some of these events were categorized as high risk. The following chart shows the distribution of events according to severity: *CVE (Common Vulnerabilities and Exposures) is a dictionary for publicly known security vulnerabilities. To find more information about a specific
24、 IPS event, search the CVE ID using National Vulnerability Database CVE search web page. ENDPOINT SECURITY FINDINGS This section of the report provides the security findings related to the hosts of your infrastructure. The section represents a summary of these findings and detailed
25、information per security vector. The remediation section of this report presents a set of recommendations for addressing the detected events. Endpoint Security Events Summary Top Endpoints Running High Risk Applications The following table presents top endpoint machines runn
26、ing high risk applications or that have accessed a high risk website: Top Endpoints Intrusion & Attack Events The following table presents top endpoint machines with intrusion prevention-related events. Top Endpoints Involved in Data Loss Incidents The following table present top endp
27、oint machines with data loss related events
28、icies of your existing Check Point Network Security deployment. The analysis was performed using Check Point Compliance Software Blade which utilizes an extensive library of hundreds of security best practices and recommendations for improving your organization’s network security Security Polic
29、y Compliance The Compliance Software Blade scanned the configuration of your Security Management, Gateways and installed Software Blades. The results have been compared with a sample of our security best practices. From our 76 recommended best practices, we found that 37 were fully compliant, while
30、 39 were missing or not compliant. This results in an overall compliance level of 48%. Security Best Practices Compliance Top Findings The table below presents the most important security best practices that were detected to be missing or not correctly configured. Best Practices Com
31、pliance by Security Software Blade The table below shows the overall security status for each Software Blade. For each Software Blade, Check Point recommends a set of best practices. A score of 100% means that all best practices for that blade were found to be securely configured. A score less tha
32、n 100% indicates there are configurations that are not according to best practices and therefore pose potential security weaknesses in your environment. Regulatory Compliance Summary The following table shows your network security regulatory compliance level. The status is determined by an
33、alysing the relevant Check Point security best practices and summarizing them by regulation. * The Compliance Status is based on the sample of Security Best Practices linked to each regulation BANDWIDTH ANALYSIS The following section summarizes the bandwidth usage and web browsing prof
34、ile of your organization during the time of analysis. Top Bandwidth Utilization by Applications & Websites The following table presents the top detected web applications and websites sorted by consumed bandwidth Top Web Categories The following table shows the top 10 categories and number of
35、hits associated with employee Internet browsing. Social networking bandwidth (MB) The use of social networking sites has become common at the workplace and at home. Many businesses leverage social networking technologies for their marketing and sales efforts, and their recruiting programs. Dur
36、ing the course of this analysis, and consistent with over-all market trends, the following social networking sites consumed the most network bandwidth: REMEDIATION RECOMMENDATIONS ACCESS CONTROL & DATA PROTECTION RECOMMENDATIONS This report addresses identified security events acro
37、ss multiple security areas and at varying levels of criticality. The table below reviews the most critical of these incidents and presents methods to mitigate their risks. Check Point provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event,
38、with the software blades into which the defenses are incorporated. Web Security Events Remediation Recommendations Click for more information about Check Point Application Control and URL Filtering Security Gateway Software Blades. Data Loss Events Remediation Recommendations
39、 Click for more information about Check Point DLP security gateway software blade. THREAT PREVENTION RECOMMENDATIONS Malware Threats Remediation Recommendations Click for more information about Check Point Anti-Bot, Anti-Virus and Threat Emulation Security Gateway Software Bl
40、ades. Intrusions & Attacks Events Remediation Recommendations Click for more information about Check Point IPS Security Gateway Software Blade. ENDPOINT SECURITY REMEDIATION RECOMMENDATIONS This section addresses identified endpoint security events across multiple sec
41、urity areas and at varying levels of criticality. The tables below review the most critical of these incidents and presents methods to mitigate their risks. Check Point provides multiple methods for addressing these threats and concerns. Relevant protections are noted for each event, with the Endpoi
42、nt Software Blades into which the defenses are incorporated. Web Security Events - Endpoint Remediation Recommendations Click for more information about the following Check Point Endpoint Security Software Blades: · Program Control Endpoint Security Software Blade · Compliance Check E
43、ndpoint Security Software Blade · Firewall Endpoint Security Software Blade Intrusion & Attack Events - Endpoint Remediation Recommendations Click for more information about the following Check Point Endpoint Security Software Blades: Firewall Endpoint Security Software Blade Compliance Ch
44、eck Endpoint Security Software Blade Data Loss Events - Endpoint Remediation Recommendations Click for more information about the following Check Point Endpoint Security Software Blades: · Full Disk Encryption Endpoint Security Software Blade · Media Encryption Endpoint Security Software Bl
45、ade · Document Security Endpoint Security Software Blade Malware Events - Endpoint Remediation Recommendations Click for more information about the following Check Point Endpoint Security Software Blades: · Anti-Malware Endpoint Security Software Blade · Firewall & Compliance Ch
46、eck Endpoint Security Software Blade Running Comprehensive Endpoint Security analysis report To perform a more comprehensive analysis on your endpoints for the security posture and potential risks, run the Endpoint Security analysis report or contact your local Check Point representative.
47、 COMPLIANCE BLADE REMEDIATION RECOMMENDATIONS This report addresses identified security configuration requires attention across Check Point Software Blades. The table below reviews some items to address with guidance on how to improve security level. SOFTWARE-DEFINED PROTECTION In a worl
48、d with high-demanding IT infrastructures and networks, where perimeters are no longer well defined, and where threats grow more intelligent every day, we need to define the right way to protect enterprises in the ever changing threat landscape. There is a wide proliferation of point security produc
49、ts; however these products tend to be reactive and tactical in nature rather than architecturally oriented. Today’s corporations need a single architecture that combines high performance network security devices with real-time proactive protections. A new paradigm is needed to protect organizations proactively. Software-defined Protection is a new, pragmatic security architecture and methodology. It offers an infrastructure that is modular, agile and most importantly, SECURE. Such architecture must protect organizations of all sizes at any l
©2010-2026 宁波自信网络信息技术有限公司 版权所有
客服电话:0574-28810668 投诉电话:18658249818
浙ICP备2021020529号-1 | 浙B2-20240490
关注我们 :
