Beruflich Dokumente
Kultur Dokumente
Prepared for
Prepared by
© Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
EXECUTIVE SUMMARY
To assess risk, network traffic was 11.9K
inspected by Check Point to detect a
variety of security threats, including:
communications
with C&C* sites
0 Zero-days
downloaded
malware infections, usage of high risk
web applications, intrusion attempts, * C&C - Command and Control. Zero-days downloaded present a unique
loss of sensitive data, and more. If proxy is deployed, there might be count of old or new malware variant with Indicates potential attacks on computers
additional infected computers. un-known anti-virus signature. on your network.
0 17 248 31
potential data loss high risk web high risk web sites cloud applications
incidents applications
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 2
TABLE OF CONTENTS
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & AT T ACKS
HIGH RISK WEB ACCESS
DAT A LOSS
BANDWIDT H ANALYSIS
MOBILE T HREAT S
ENDPOINT S
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 3
Key Findings
KEY FINDINGS MALWARE AND ATTACKS
Pre Inf ect ion * Scanned Servers – these servers were scanned from the internet for first understanding of open ports and services
1. Reconnaissance
2. Delivery Post Inf ection
11.9K 39 12
3. Exploitation
4. Installation
Post Inf ect ion malicious connections to C&C machines are infected different malware families were
servers found
1. Command and Control
2. Propagation
1.4K 2.5K 2.1K 2K 2.2K 1.8K 1.2K 918 1.1K 762 818 1K 915 617 1.5K 488
Mar 2 3 , 2 0 2 0 M ar 27, 2020 M ar 31, 2020 Apr 4, 2020 Apr 8, 2020 Apr 12, 2020 Apr 16, 2020 Apr 20, 2020
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 5
KEY FINDINGS MALWARE AND ATTACKS
MACHINES INFECTED WITH MALWARES & BOTS
Bot is a malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data,
spreading spam, distributing malware and participating in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks known as
Advanced Persistent Threats (APTs). The following table summarizes the bot families and number of infected computers detected in your network.
scope
zs United States
Conficker_A.TC.alp Netherlands
DNS Reputation
ad United States 172.31.13.61
Conficker_A.TC.aliz
DNS Reputation United States 0B 500KB 1M B 1.5M B 2M B
a Traffic Sent Bytes
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** Amount of malicious traffic from end-point.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 6
KEY FINDINGS MALWARE AND ATTACKS
MALWARE DOWNLOADS (KNOWN MALWARE)
With the increase in sophistication of cyber threats, many targeted attacks begin with exploiting software vulnerabilities in downloaded files and email attachments.
During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes
downloads of known malware files detected in your network and the number of the downloading computers. Known malware refers to malware for which
signatures exists and therefore should be blocked by an anti-virus system.
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com [12 | 92%]
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 7
KEY FINDINGS MALWARE AND ATTACKS
Infected File Name User Machine Name Malware Action Downloaded by MD5*
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 8
KEY FINDINGS MALWARE AND ATTACKS
ACCESS TO SITES KNOWN TO CONTAIN MALWARE
Organizations can get infected with malware by accessing malicious web sites while browsing the internet, or by clicking on malicious links embedded in received
email. The following summarizes events related to sites known to contain malware.
Top connect ions t o malicious sit es Top 5 sources accessed malicious sit es
Malware Family Domain Protection T ype Hits
Source
clickid=4a61cusm7k252vrfea&c Impresora (192.168.6.106)
ampaign=56
SendPay http://download1710.mediafire.
com/77f6reeituag/m21t7hxj49s Signature 2
73u1/FF+MR+SANT.rar
Host_172.31.1.140 (172....
Asparnet Signature 1
Malware-url http://minisrclink.cool/1e40c8b
URL Reputation 1
d4601a5a5a4.js
UNKNOWN Signature 1 172.31.104.20
Webcompanion http://webcompanion.com/nan
o_download.php? URL Reputation 1
partner=JD180501
0 20 40
T otal: 10 Families 3 Protection T ypes 104 Hits
* You can analyze suspicious URLs by copying and pasting them into VirusTotal online service at www.virustotal.com
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 9
KEY FINDINGS MALWARE AND ATTACKS
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes all events with known industrial
reference.
Top at t acks and exploit ed soft ware vulnerabilit ies Top t arg et ed end-point s
Attacked Industry
Attack / Exploit Attack Source Events
Destination Reference
External_Navegacion (172.16.10...
Multiple Vendor ICMP CVE-2004-0790
External_Navegacio Connection Reset host_172.31.4.119 269 XC-99AF12 (192.168.5.75)
Destination
n (172.16.100.14) Denial of Service (172.31.4.119)
51.161.115.191
T otal: 1 Exploit 1 Reference 1 Source 269
Host_172.31.1.140 24 94.242.62.212
(172.31.1.140)
0 100 200
T otal: 1 Exploit 1 Reference 2 Sources 102 Number of attacks
* You can learn more about the vulnerability that IPS detected by copying and pasting the CVE into 0 50 100 150 200 250
Check Point ThreatPortal online service at https://threatpoint.checkpoint.com/ThreatPortal/ Number of attacks
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 10
KEY FINDINGS MALWARE AND ATTACKS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 11
KEY FINDINGS MALWARE AND ATTACKS
SCANNED SERVERS
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts,
malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes these events.
172.31.8.96 172.31.1.82
Brute Force Scanning of CIFS Ports 64
Host_172.31.1.140 (172.31.1.140)
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 12
KEY FINDINGS MALWARE AND ATTACKS
172.31.8.30 172.31.1.82
Brute Force Scanning of CIFS Ports 57
Host_172.31.1.140 (172.31.1.140)
172.31.8.1 172.31.1.82
Brute Force Scanning of CIFS Ports 46
Host_172.31.1.140 (172.31.1.140)
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 13
KEY FINDINGS MALWARE AND ATTACKS
172.31.8.56 172.31.1.82
Brute Force Scanning of CIFS Ports 16
Host_172.31.1.140 (172.31.1.140)
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 14
KEY FINDINGS MALWARE AND ATTACKS
172.31.8.95 172.31.1.82
Brute Force Scanning of CIFS Ports 6
Host_172.31.1.140 (172.31.1.140)
172.31.8.45 172.31.1.82
Brute Force Scanning of CIFS Ports 6
Host_172.31.1.140 (172.31.1.140)
172.31.8.43 172.31.1.82
Brute Force Scanning of CIFS Ports 6
Host_172.31.1.140 (172.31.1.140)
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 15
KEY FINDINGS HIGH RISK WEB ACCESS
USAGE OF HIGH RISK WEB APPLICATIONS
Web applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration
applications might be legitimate when used by admins and the help-desk, but please note that some remote access tools can be used for cyber-attacks as well.
The following risky web applications were detected in your network, sorted by category, risk level and number of users.
8.3GB
Top hig h risk web applicat ions
Application Application
Application Name Source T raffic
Categ ory Risk* T otal high risk web applications traffic
File Storage and Admon_UCB (192.168.5.45)
Sharing fdma58 (192.168.5.82)
Top 5 hig h risk app sources
Fabrica2-PC (192.168.6.116)
Mega High 7.4GB
Revision3 (192.168.6.124) High Critical
192.168.6.175
8 more Sources
fdma07 (192.168.5.86) 192.168.9.48
BAD_ADDRESS (192.168.6.107)
Revision3 (192.168.6.124)
Dropbox High 864.9MB
DESKTOP-UNAU6RA (192.168.6…
Revision3 (192.168.6.124)
DMSWiFi.cse.gob.ni (192.168.9…
Source
11 more Sources
T otal: 2
25 Sources Hig h 8.3G B 192.168.9.42
Applications
Remote 172.31.1.111
Administration 192.168.6.174
HUAWEI_Y7.cse.gob.ni (...
192.168.16.201
AnyDesk High 37.8MB
192.168.16.250
192.168.70.8
12 more Sources android-b93de0812471...
android-
TeamViewer 1e37178f332eb58c.cse.gob.ni High 5.6MB
(192.168.70.103) 0B 2GB 4GB
Traffic
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 16
KEY FINDINGS HIGH RISK WEB ACCESS
192.168.9.51
192.168.9.52
ANAGABRIELA.cse.gob.ni (192.168.70.38)
UC browser Critical 1.8MB
JYK-PC.cse.gob.ni (192.168.70.45)
android-6fcdd6c41ea45e99.cse.gob.ni (192.168.7…
1 more Source
MCHOW-PC (172.31.4.50)
Avira Phantom VPN Critical 724.0KB
DESKTOP-T6U1V9G (172.31.4.139)
android-8ddb640eb1391426.cse.gob.ni
ZenMate Critical 376.1KB
(192.168.70.100)
Ultrasurf Admon_UCB (192.168.5.45) Critical 329.5KB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 17
KEY FINDINGS HIGH RISK WEB ACCESS
Spam tracker.trackerfix.com/announc
Admon_UCB (192.168.5.45) High 21.5KB
e
T otal: 1 Application 1 Source Hig h 21.5KB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 18
KEY FINDINGS HIGH RISK WEB ACCESS
ACCESS TO HIGH RISK WEB SITES
Web use is ubiquitous in business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult to protect and enforce web usage in a
corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs and applications as well.
Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category, number of users, then
number of hits.
Hig h risk web sit es cat eg ories Hig h risk web sit es by cat eg ory
Website Categ ory Hits
Site category
Suspicious Content 169
Suspicious Content
T otal: 5 Categ ories 2.4 K Hits
Sex
Phishing
Top hig h risk web sit es (t op 10 per cat eg ory)
Site Categ ory Site Users Hits 0 500 1K
Hits
184.168.131.241
1dapp.news
205.185.216.10 DESKTOP-6GK346U…
64p3am9x95ct.com Access t o quest ionable sit es
host_172.31.4.119 (…
69.175.41.2 Browse
DESKTOP-6UD7IPG…
Spam a3jenhkmqwnl.com 1.2K Categ ory T ime T raffic
blf_172.31.10.101 (1…
adexmedias.com (hh:mm:ss)
adobviewe.club fdma48 (192.168.5…
138 more Users Sex 14h 56m 55s 144.0MB
advinci.co
agafurretor.com Illegal / Questionable 20h 31m 00s 86.7MB
152 more Sites
Gambling 36h 55m 32s 28.9MB
7 2h 23m
T otal: 3 Categ ories 259.5MB
27 s
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 19
KEY FINDINGS HIGH RISK WEB ACCESS
104.211.96.15
108.174.10.14
157.185.172.22 172.31.1.111
162.247.242.19 host_172.31.4.96 (172.31.4.96)
170.178.168.203
ConsejoSupremoE (172.31.4.103)
Spyware / Malicious Sites 174.137.133.18 941
DELL_10 (172.31.4.123)
174.137.133.48
18.232.28.189 BLF_172.31.10.20 (172.31.10.20)
185.151.204.12 140 more Users
188.72.202.2
53 more Sites
216.21.13.15
69.16.175.10
69.16.175.42 host_172.31.4.119 (172.31.4.119)
adsco.re CYC-10 (192.168.6.69)
bigdata.adfuture.cn
usuarionuevo-PC_30 (192.168.6.9…
Suspicious Content cs.tekblue.net 169
BAD_ADDRESS (192.168.6.107)
files.downloadnow.com
islatively.com Revision3 (192.168.6.124)
n.adsco.re 52 more Users
rtmark.net
5 more Sites
exdynsrv.com
exosrv.com host_172.31.4.6 (172.31.4.6)
main.exdynsrv.com MCHOW-PC (172.31.4.50)
ravom.space
Sex host_172.31.4.223 (172.31.4.223) 64
static.exdynsrv.com
DESKTOP-J800TL0 (172.31.4.240)
static.exosrv.com
syndication.exdynsrv.com android-8ddb640eb1391426.cse…
syndication.exdynsrv.com/splash.php
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 20
KEY FINDINGS HIGH RISK WEB ACCESS
Host_172.31.1.140 (172.31.1.140)
108.174.10.14 Registro_Arles (192.168.6.96)
37.48.82.67/updates/apu/diffs
usuarionuevo-PC_30 (192.168.6.9…
Phishing client_monitor.isnssdk.com 44
Revision1 (192.168.6.138)
get.cryptobrowser.site
ultramaxtestoenhancer.com DESKTOP-MF05GEJ (192.168.6.14…
6 more Users
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 21
KEY FINDINGS DATA LOSS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 22
KEY FINDINGS BANDWIDTH ANALYSIS
BANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITES
Organization's network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Applications that use a lot of bandwidth, for
example, streaming media, can limit the bandwidth that is available for important business applications. It is important to understand what is hogging the network's
bandwidth in order to limit bandwidth consumption of non business related usage. The following summarizes the bandwidth usage of your organization sorted by
consumed bandwidth.
1.4TB
Top applicat ions/sit es
Application / Site Categ ory Risk Level Sources T raffic
WhatsApp IM AP-SSL
Messenger-file Media Sharing Medium 147 Sources 9.3GB
transfer echo-request
gvt1.com Computers /
Unknown 198 Sources 8.7GB
Internet 0B 500GB 1TB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 23
KEY FINDINGS BANDWIDTH ANALYSIS
T otal: 607 0 Applications / Sites 68 Categ ories 6 Risks 353 Sources 1.4 T B
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 24
KEY FINDINGS SCADA PROTOCOLS
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels so as to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
13 10 7 10
Sources Destinations Commands Ports
Cygnet 3 1.6KB
Totalflow Protocol 3 1.6KB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 25
KEY FINDINGS MOBILE THREATS ANALYSIS
The following section focuses on mobile threats and uncovers where your
Mobile Devices
organization is exposed to them, and offers recommendations to address these
29 iOS devices
of high risk mobile apps, download of malicious mobile applications, outdated
mobile operating systems, and more.
Cloud Mobile Apps Hig h Risk Apps Access to Hig h Risk Sites Malware
4 cloud base
mobile apps 1 high risk mobile
apps 37 high risk web
sites 9 downloads of
malicious apps
and malware
59.3MB traffic
290.2KB traffic 129 hits 1 infected devices
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 26
KEY FINDINGS MOBILE MALWARE AND ATTACKS
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search the malware name on
www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 27
KEY FINDINGS MOBILE MALWARE AND ATTACKS
MCHOW-PC …
scribdpremium.apk 08cad57273c0045fdd0ba288f6772eb1 4 http://www.scribd.cu.ma/images/scribdpremium.apk
HUAWEI_P20…
Click_me_to_install_SnapTub 192.168.9.52
7bc0a3710fd042f850f4cfcb770abf96 2
e_tube_uptd_as.apk 192.168.70.1…
android-
8ddb640eb13914 ed2a46dc72671b1dad1e5909982facc
FrpBypass.apk 1
26.cse.gob.ni 2
(192.168.70.100)
android-
Minecraft-v1.16.0.53- 8ddb640eb13914 d9ab5f523cc1c1dbd0e5c481cfee807
1
TechBigs.Com.apk 26.cse.gob.ni e
(192.168.70.100)
Snaptube-VIP-
MCHOW-PC fde466e26557801eef2efbfdce11e7a
v4.85.0.4851810_build_4851 1
(172.31.4.50) d
810_Downloadly.ir.apk
T otal: 5 Files 5 Sources 5 Files MD5 9
* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.com
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 28
KEY FINDINGS MOBILE MALWARE AND ATTACKS
http://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-
Infecting URL.RS.TC.gfpy 192.168.70.120 2
83f93492d89f
http://istepuleto.com/rnd/shopper?
Hiddad.RS.TC.fp 192.168.70.120 1
tesc=1pXZYTjNTsHEYzHcYxdaGA%3D%3D
http://sok.apperstap.com/autumn/bpc?
vvid=60873301&logid=logId5e95bdb2e4b0416193c7e36f&gaid=515
1c6a4-2419-4caa-aff8-
0abc947486de&appid=50844&sid=156608&aid=302861cfd6840e21
&fid=60873306&mcc=710&token=dG9rZW46O2FuaWQ6MzAyODYx
Hiddad.RS.TC.ey 192.168.70.142 1
Y2ZkNjg0MGUyMTtnb2lkOjUxNTFjNmE0LTI0MTktNGNhYS1hZmY4L
TBhYmM5NDc0ODZkZQ==&info=RSB_39DF52D9BDC896E6C8C72D
10F13D179B0F45FF719CEF40DEFBF13DBF722AB8392030CAB914B14
4E235488D03F255AF3FDEBA36440D9CEFCD7F9DA37CC5A1E610CA13
AD68F1CACA1C_logId5e95bdb2e4b0416193c7e36f
T otal: 3 Protections 0 Families 2 Mobile users 4
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 29
KEY FINDINGS HIGH RISK MOBILE APPS AND WEB SITES
Anonymizer 192.168.9.51
192.168.9.52 Spam
ANAGABRIELA.…
UC browser Critical 290.2KB
JYK-PC.cse.gob…
android-6fcdd…
1 more Source
Spyware / M alicious Sites
T otal: 1 Application 6 Sources Critical 290.2KB
Spam 192.168.70.22
JYK-PC.cse.gob…
android-36a08…
samsungmax.com High 3.1MB Anonymizer
HUAWEI_P9_lit…
Galaxy-J2-Pro.c…
4 more Sources
192.168.9.51
Phishing
starhalo.mobi 192.168.9.52 High 589.4KB
JYK-PC.cse.gob…
192.168.9.52
tracking.lenzmx.com/click High 24.0KB
192.168.70.138
0 50
T otal: 27 Applications 20 Sources Hig h 4 .3MB Hits
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 30
KEY FINDINGS HIGH RISK MOBILE APPS AND WEB SITES
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 31
KEY FINDINGS DATA LOSS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 32
KEY FINDINGS OUTDATED ANDROID VERSIONS
Other: 1051069902/2.20 Dalvik/2.1.0 (Linux; U; Android 6.0.1; SM-J700M Build/MMB29K) IGGSDK/1.10.0 3 Sources
Other: Dalvik/2.1.0 (Linux; U; Android 5.1.1; SM-J111M Build/LMY47V) 2 Sources
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 33
KEY FINDINGS OUTDATED ANDROID VERSIONS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 34
KEY FINDINGS ENDPOINTS
Endpoints Involved in Hig h Risk Web Access and Endpoints Involved in Malware and Attack Incidents
Data Loss Incidents
56 209 39 11 0
running high risk accessed high risk web infected with malware malwares downloaded received email
applications sites containing link to
malicious site
134 0 26 39 86
users accessed users involved in accessed a site known attacked sources attacked destinations
questionable, potential data loss to contain malware (Source IP addresses of IPS events) (Destination IP addresses of IPS events)
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 35
Check Point Infinity
CHECK POINT INFINITY
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 37
CHECK POINT INFINITY
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 38
CHECK POINT INFINITY
Check Point was an industry pioneer with our Our products and services are sold to enterprises,
FireWall-1 and our patented Stateful Inspection service providers, small and medium sized
technology. Check Point has extended its IT businesses and consumers. Our Open Platform
security innovation with the development of our for Security (OPSEC) framework allows customers
Software Blade architecture. The dynamic Software to extend the capabilities of our products and
Blade architecture delivers secure, flexible and services with third-party hardware and security
simple solutions that can be customized to meet software applications. Our products are sold,
the security needs of any organization or integrated and serviced by a network of partners
environment. worldwide. Check Point customers include tens of
thousands of businesses and organizations of all
Check Point develops markets and supports a sizes including all Fortune 100 companies. Check
wide range of software, as well as combined Point's award-winning ZoneAlarm solutions protect
hardware and software products and services for millions of consumers from hackers, spyware and
IT security. We offer our customers an extensive identity theft.
portfolio of network and gateway security
solutions, data and endpoint security solutions www.checkpoint.com
and management solutions. Our solutions operate
under a unified
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] O NLY for designated groups and individuals Security Checkup - Threat Analysis Report 39