Beruflich Dokumente
Kultur Dokumente
International School Yangon
PREPARED BY:
VSS
Palo Alto Networks
www.paloaltonetworks.com
The Security Lifecycle Review summarizes the threat exposure and security risks
facing International School Yangon and the customers connecting to their networks.
The data used for this analysis was gathered by Palo Alto Networks during the report
time period. The report provides actionable intelligence and risk assessment around the
applications, URL traffic, and types of content that are traversing the International
School Yangon network as well as volume and types of threats and vulnerabilities that
are observed. Recommendations are provided that can be employed to reduce the
overall risk exposure for both the network operator and their customers.
3 Executive Summary
4 Applications
Applications at a Glance
Applications that Introduce Risk
Applications that Introduce Risk — Detail
SaaS Applications
16 URL Activity
URL Activity
17 Threats
Threats at a Glance
Application Vulnerabilities
Command and Control Analysis
20 Summary
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 2
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
EXECUTIVE SUMMARY FOR International School Yangon
The Security Lifecycle Review summarizes the business and security risks facing International School Yangon. The data used for this analysis was
gathered by Palo Alto Networks during the report time period. The report provides actionable intelligence around the applications, URL traffic, types of
content, and threats traversing the network, including recommendations that can be employed to reduce the organization’s overall risk exposure.
Confidential Information - Do Not Redistribute
KY FINDING
368 67 96
APPLICATIONS IN USE HIGH RISK APPLICATIONS SAAS APPLICATIONS
368 total applications are in use, presenting 67 high-risk applications were observed, 96 SaaS applications were observed in your
potential business and security challenges. As including those that can introduce or hide network. To maintain administrative control,
critical functions move outside of an malicious activity, transfer files outside the adopt SaaS applications that will be managed
organization’s control, employees use non- network, or establish unauthorized by your IT team.
work-related applications, or cyberattackers communication.
use them to deliver threats and steal data.
2,756,455 2,763,055
VULNERABILITY EXPLOITS TOTAL THREATS
2,756,455 total vulnerability exploits were 2,763,055 total threats were found on your
observed in your organization, including network, including vulnerability exploits,
brute-force, info-leak and code-execution. malware, and outbound command and control
activity.
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 3
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
Applications at a Glance
Applications can introduce risk, such as delivering threats, potentially allowing data to leave the network, enabling unauthorized access, lowering
productivity, or consuming corporate bandwidth. This section will provide visibility into the applications in use, allowing you to make an informed decision
on potential risk versus business benefit.
KY FINDING
High-risk applications such as photo-video, file-sharing and internet-utility were observed on the network, which should be investigated due to their
potential for abuse.
368 total applications were seen on the network across 29 sub-categories, as opposed to an industry average of 363 total applications seen in other
Higher Education organizations.
1.31 TB was used by all applications, including networking with 597.43 GB, compared to an industry average of 7.46 TB in similar organizations.
HIGH-RISK APPLICATIONS 13
photo-video 12
The first step to managing security and business risk is identifying which
11
applications can be abused to cause the most harm. We recommend file-sharing 11
closely evaluating applications in these categories to ensure they are not
7
introducing unnecessary compliance, operational, or cyber security risk. internet-utility 7
6
email
7
6
social-networking 5
Company Industry Average
NUMBER OF APPLICATIONS ON NETWORK BANDWIDTH CONSUMED BY APPLICATIONS
CATEGORIES WITH THE MOST APPLICATIONS CATEGORIES CONSUMING THE MOST BANDWIDTH
The following categories have the most applications variants, and should Bandwidth consumed by application category shows where application
be reviewed for business relevance. usage is heaviest, and where you could reduce operational resources.
106 597.43 GB
business-systems 102
networking 2.84 TB
82 314.29 GB
collaboration 70
media 1.32 TB
69 187.80 GB
general-internet 68
collaboration 1.39 TB
60 140.52 GB
media general-internet
55 930.35 GB
51 74.51 GB
networking 69
business-systems 965.03 GB
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 4
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
11 12 9 12
Email 10.68 G Remote-Access 1.05 G
TOP EMAIL APPS TOP REMOTE-ACCESS APPS
gmail-base ms-rdp
9.89 G 1.04 G
outlook-web-online anydesk
538.74 M 3.99 M
yahoo-mail-base teamviewer-base
173.41 M 2.47 M
icloud-mail chrome-remote-desktop
66.10 M 2.02 M
smtp teamviewer-web
6.77 M 45.54 K
zoho-mail splashtop-remote
3.70 M 8.37 K
gmx-mail citrix
1.68 M 2.67 K
hotmail pcanywhere-base
1.41 M 1.66 K
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 5
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
26 27 12 10
File-Sharing 13.38 G Encrypted-Tunnel 301.68 G
TOP FILE-SHARING APPS TOP ENCRYPTED-TUNNEL APPS
mega-base ssl
8.84 G 291.50 G
google-drive-web open-vpn
1.96 G 8.85 G
bittorrent ipsec-esp-udp
791.03 M 1.33 G
ms-onedrive-base ssh
580.90 M 10.13 M
whatsapp-file-transfer hola-unblocker
553.91 M 589.94 K
dropbox-base panos-global-protect
277.65 M 103.34 K
google-cloud-storage-download ike
235.02 M 85.30 K
kakaotalk-file-transfer hotspot-shield
91.10 M 57.47 K
19 16 21 19
Instant-Messaging 3.48 G Social-Networking 168.83 G
TOP INSTANT-MESSAGING APPS TOP SOCIAL-NETWORKING APPS
snapchat facebook-base
1.95 G 162.93 G
whatsapp-base reddit-base
566.11 M 2.19 G
facebook-chat twitter-base
452.93 M 1.32 G
whatsapp-web pinterest-base
230.21 M 1.20 G
qq-base google-classroom
141.97 M 781.80 M
kakaotalk-base quora-base
62.52 M 189.21 M
wechat-base linkedin-base
31.25 M 104.31 M
imo tumblr-base
17.36 M 104.22 M
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 6
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
32 30 3 3
Photo-Video 215.01 G Proxy 7.02 M
TOP PHOTO-VIDEO APPS TOP PROXY APPS
facebook-video http-proxy
124.19 G 6.72 M
netflix-base psiphon
38.67 G 243.13 K
youtube-base ultrasurf
23.51 G 64.11 K
instagram-base
13.22 G
http-video
6.18 G
rtcp
2.81 G
twitch
1.92 G
tiktok
1.58 G
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 7
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
Notes:
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 8
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
Notes:
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 9
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
Notes:
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 10
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
SaaS Applications
SaaS–based application services continue to redefine the network perimeter. Often labeled “shadow IT,” most of these services are adopted directly by
individual users, business teams, or even entire departments. In order to minimize data security risks you need control over SaaS applications used your
network .
KY FINDING
File-Sharing subcategory has the most number of unique SaaS applications.
In terms of data movement, gmail-base is the most used SaaS application in your organization.
SAAS APPLICATIONS BY NUMBERS
Review the applications being used in your organization. To maintain administrative control, adopt SaaS applications that will be managed by your IT team
NUMR OF AA APPLICATION
Company 96
INDUSTRY AVERAGE 78
368
ALL ORGANIZATIONS 51
total apps
96 PRCNTAG OF ALL APPLICATION
SaaS apps
Company 26.09%
INDUSTRY AVERAGE 21.49%
ALL ORGANIZATIONS 22.47%
SAAS APPLICATION BANDWIDTH
Monitor the volume of data movement to and from SaaS applications. Understand the nature of the applications and how they are being used
AA APPLICATION ANDWIDTH
Company 35.85 GB
INDUSTRY AVERAGE 213.05 GB
1.31 T
ALL ORGANIZATIONS 202.35 GB
total data flow
35.85 G PRCNTAG OF ALL ANDWIDTH
for SaaS apps
Company 2.73%
INDUSTRY AVERAGE 2.86%
ALL ORGANIZATIONS 3.16%
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 11
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
TOP SAAS APPLICATION SUBCATEGORIES
The following displays the number of applications in each application subcategory. This allows you to assess the most used applications organization.
TOP AA APPLICATION UCATGORI Y TOTAL NUMR OF APPLICATION
file-sharing 14
management 14
office-programs 11
internet-utility 7
14 27 14 27
File-Sharing 11.91 G Management 189.97 M
TOP FILE-SHARING APPS TOP MANAGEMENT APPS
mega-base new-relic
8.84 G 99.84 M
google-drive-web github-base
1.96 G 54.47 M
ms-onedrive-base jamf
580.90 M 16.37 M
dropbox-base trello-base
277.65 M 8.42 M
google-cloud-storage-download service-now-base
235.02 M 4.39 M
weiyun-base datadog
2.84 M 2.06 M
sourceforge-base workable
2.70 M 1.50 M
slideshare-base gist
765.77 K 1.24 M
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 12
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
11 11 7 40
Office-Programs 3.59 G Internet-Utility 5.32 G
TOP OFFICE-PROGRAMS APPS TOP INTERNET-UTILITY APPS
google-docs-base learnosity
3.31 G 3.01 G
lucidchart icloud-base
70.18 M 1.47 G
ms-teams grammarly
68.55 M 647.41 M
evernote-base kami
58.46 M 190.01 M
ms-office365-base yunpan-base
52.69 M 4.27 M
lucidpress-base google-keep
15.84 M 143.59 K
prezi-base adobe-echosign
9.96 M 100.15 K
ms-delve
5.10 M
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 13
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
TOP SAAS APPLICATIONS
The following displays the top 10 SaaS applications used in your organization and the application usage comparison against your industry peers and all
other Palo Alto Networks customers.
TOP AA APPLICATION Y DATA MOVMNT
9.89 GB
Gmail-Base
8.83 GB
8.84 GB
Mega-Base
3.53 GB
3.31 GB
Google-Docs-Base
11.86 GB
3.01 GB
Learnosity
0 Byte
1.96 GB
Google-Drive-Web
11.34 GB
1.47 GB
Icloud-Base
6.21 GB
976.78 MB
Zoom-Meeting
106.63 MB
781.80 MB
Google-Classroom
397.44 MB
752.01 MB
Flipgrid
642.35 KB
647.41 MB
Grammarly
157.41 MB
Company Industry Average
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 14
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
SAAS APPLICATIONS BY HOSTING RISK
Based on your SaaS usage, it is imperative to regularly review SaaS applications being accessed, who is accessing them, and how they are being used.
The following chart displays the number of applications by each hosting risk characteristic.
Poor Terms of Service 32
Data Breaches 5
No Certifications 43
Poor Financial Viability 5
The following charts display the top applications by bandwidth for each hosting risk characteristic.
10.67 G 9.03 G
Apps With Poor Terms Of Service Apps With Data Breaches
mega-base mega-base
8.84 G 8.84 G
flipgrid yahoo-mail-base
752.01 M 173.41 M
viber-base mailchimp
452.03 M 9.51 M
kami onelogin
190.01 M 5.17 M
yahoo-mail-base yahoo-calendar
173.41 M 1.47 M
new-relic
99.84 M
acronis-cloud-backup
69.40 M
viber-voice
22.00 M
19.41 G 192.33 M
Apps With No Certifications Apps With Poor Financial Viability
mega-base kami
8.84 G 190.01 M
learnosity gmx-mail
3.01 G 1.68 M
google-drive-web helpscout
1.96 G 591.51 K
icloud-base classin
1.47 G 27.23 K
google-classroom dochub-base
781.80 M 15.64 K
flipgrid
752.01 M
grammarly
647.41 M
ms-onedrive-base
580.90 M
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 15
URL Activity
Uncontrolled Web surfing exposes organizations to security and business risks, including exposure to potential threat propagation, data loss, or
compliance violations. The most common URL categories visited by users on the network are shown below.
KY FINDING
High-traffic URL categories were observed on the network, including computer-and-internet-info, Sanctioned Search and web-based-email.
Users visited a total of 74,698 URLs during the report time period across 40 categories.
There was a variety of personal and work-related Web activity present, including visits to potentially risky websites.
HIGH-RISK URL CATEGORIES 16
unknown 83,339
The Web is a primary infection vector for attackers, with
8
high-risk URL categories posing an outsized risk to the malware 6,019
organization. Solutions should allow for fast blocking of
3
undesired or malicious sites, as well as support quick private-ip-addresses 281,990
categorization and investigation of unknowns.
Company Industry Average
HIGH-TRAFFIC URL CATEGORIES COMMONLY USED URL CATEGORIES
The top 5 commonly visited URL categories, along with industry The top 20 most commonly visited URL categories are shown below.
benchmarks across your peer group, are shown below.
online-storage-and-backup 1,821
business-and-economy 1,414
34,548
computer-and-internet-info music 1,412
2,868,769
training-and-tools 1,395
15,731 internet-communications-and-telephony 1,342
Sanctioned Search 0 web-advertisements 1,137
financial-services 1,013
4,253
web-based-email reference-and-research 866
69,502
games 674
3,914 internet-portals 673
social-networking
1,770,643 streaming-media 508
news 358
2,194
content-delivery-networks insufficient-content 278
544,463
questionable 233
dating 149
Company Industry Average entertainment-and-arts 117
educational-institutions 109
personal-sites-and-blogs 98
travel 95
shareware-and-freeware 66
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 16
EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY THREATS SUMMARY
Threats at a Glance
Understanding your risk exposure, and how to adjust your security posture to prevent attacks, requires intelligence on the type and volume of threats used
against your organization. This section details the application vulnerabilities, known and unknown malware, and command and control activity observed on
your network.
KY FINDING
2,756,455 total vulnerability exploits were observed in your organization, including brute-force, info-leak and code-execution.
0 malware events were observed, versus an industry average of 2,630 across your peer group.
6,600 total command and control requests were identified, indicating attempts by malware to communicate with attackers to download additional
malware, receive instructions, or exfiltrate data.
6,600
Known Connections 6,600
Command and
Control Detection(s)
FILES LEAVING THE NETWORK
Transferring files is a required and common part of doing business, but you must maintain visibility into what content is leaving the network via which
applications, in order to limit your organization’s exposure to data loss.
via
0
different
application(s)
0
file(s) potentially
leaving the network
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 17
Application Vulnerabilities
Application vulnerabilities allow attackers to exploit vulnerable, often unpatched, applications to infect systems, which often represent one of the first steps
in a breach. This page details the top five application vulnerabilities attackers attempted to exploit within your organization, allowing you to determine which
applications represent the largest attack surface.
KY FINDING
8 total applications were observed delivering exploits to your environment.
2,756,455 total vulnerability exploits were observed across the following top three applications: ms-ds-smbv1, ms-ds-smbv3 and ms-ds-smbv2.
13 unique vulnerability exploits were found, meaning attackers continued to attempt to exploit the same vulnerability multiple times.
8 2,756,455 13
13 3,846,232 35
14 3,023,264 35
VULNRAILITY XPLOIT PR APPLICATION
(TOP 5 APPLICATIONS WITH MOST DETECTIONS)
2,754,867 Ms-Ds-Smbv1
2,754,867 SMB: User Password Brute Force Attempt HIGH
1,266 Ms-Ds-Smbv3
1,266 SMB: User Password Brute Force Attempt HIGH
145 Ms-Ds-Smbv2
145 SMB: User Password Brute Force Attempt HIGH
106 Web-Browsing
6 Netgear DGN Device Remote Command Execution Vulnerability CRITICAL
7 PHP CGI Query String Parameter Handling Information Disclosure Vulne MEDIUM
rability
65 Portmapper
65 RPC Portmapper DUMP Request Detected MEDIUM
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 18
KY FINDING
2 total applications were used for command-and-control communication.
6,600 total command-and-control requests were seen on your network.
6,600 total suspicious DNS queries were observed.
web-browsing: 1
6,600 2
CnC Request(s) Application(s)
were seen on your network. were used for
Command-and-Control
communication.
dns: 6,599
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 19
Summary: International School Yangon
The analysis determined that a wide range of applications and cyber attacks were present on the network. This activity represents potential business and
security risks to International School Yangon, but also an ideal opportunity to implement safe application enablement policies that, not only allow business
to continue growing, but reduce the overall risk exposure of the organization.
HIGHLIGHTS INCLUDE:
High-risk applications such as photo-video, file-sharing and internet-utility were observed on the network, which should be investigated due to their
potential for abuse.
368 total applications were seen on the network across 29 sub-categories, as opposed to an industry average of 363 total applications seen in other
Higher Education organizations.
2,756,455 total vulnerability exploits were observed across the following top three applications: ms-ds-smbv1, ms-ds-smbv3 and ms-ds-smbv2.
0 malware events were observed, versus an industry average of 2,630 across your peer group.
2 total applications were used for command and control communication.
KY FINDING
368 67 96
APPLICATIONS IN USE HIGH RISK APPLICATIONS SAAS APPLICATIONS
2,756,455 2,763,055
VULNERABILITY EXPLOITS TOTAL THREATS
RCOMMNDATION
Implement safe application enablement polices, by only allowing the applications needed for business, and applying granular control to all others.
Address high-risk applications with the potential for abuse, such as remote access, file sharing, or encrypted tunnels.
Address command and control communication by examining the network or host source. Detection and response or logging solutions may provide an
indication of what occurred.
Deploy a security solution that can detect and prevent threats, both known and unknown, to mitigate risk from attackers.
Use a solution that can automatically re-program itself and other security products, creating and coordinating new protections for emerging threats,
sourced from a global community of other enterprise users.
INTERNATIONAL SCHOOL YANGON | SECURITY LIFECYCLE REVIEW Report Period: 8 DAYS 20