Professional Documents
Culture Documents
Application Risk and Control-2020-06-14-1325
Application Risk and Control-2020-06-14-1325
Executive Summary 3
High Risk Applications By Category 4
High Risk Applications 4
Application Risk Definition 5
Key Applications Crossing The Network 6
Application Categories 7
Web Applications 8
Web Categories In Use 9
Application Vulnerability Exploits 10
Malware: Viruses, Bots, Spyware/Adware 12
Zero-day Attacks Detected On The Network 13
Files/File Types Transferred by Applications 14
Recommended Actions 15
About FortiGuard Key Services 16
Starting with FortiOS 3.0, Fortinet has given our customers the power to manage the
content and applications used on their networks, regardless of port or protocol.
FortiGuard Labs is the driving force behind this protection. The culmination of years
worth of security research, FortiGuard’s team of hundreds of researchers and analysts
work tirelessly to identify new applications, research new threats as they appear and
develop solutions to protect your network twenty-four hours a day, seven days a week.
Your Fortinet devices have the ability to identify more applications than any other
vendor in the market, and allow you to selectively block application behavior to
minimize the risk of data loss, network compromise or other threats to your
network and employees. You have to power to determine a wealth of valuable
information, such as:
Traditional firewalls and perimeter gateway devices typically are unable to provide
this level of visibility - they can’t see the bigger or the smaller picture.
Complete Protection
Being able to accurately assess network risks requires you to have visibility to all of
the content traversing your network. Fortinet’s complete content protection goes
far beyond simply identifying applications and allowing or denying traffic. Using
application control along with identity-based policy enforcement of content
enables you to utilize all of the advanced features included in the FortiGate
platform:
Traffic Shaping
IPS
DLP
AntiVirus and AntiSpyware
Complete content protection protects your network against malicious content that
may be hidden within applications and data, even if that content is embedded
inside a trusted application or from a trusted source.
Below is a summary of the critical and high risk security events detected:
Application Visibility & Control
Proxy 3
Remote.Access 2
7
High Risk Apps
Botnet 2
Proxy 42.86%
Remote.Access 28.57% High Risk Apps
Botnet 28.57%
Figure 2: High risk applications (rating of 4 or 5) that are traversing the network.
Critical Malicious applications or the applications that can bypass security Applications in Botnet or Proxy category
High Applications that can cause data leakage or malware infection: often these Applications in P2P or Remote.Access category
applications
Medium Applications are used for personal communication or have known Applications in IM/Email/Storage.Backup category
vulnerabilities
100%
Percentage
80%
60%
40%
20%
0%
g
us
y
in
ox
io
el
pr
ic
nn
al
tu
Figure 4: Top applications that are consuming the most bandwidth, sorted by category and technology
The following section shows the application category breakdown of all the applications on the network, sorted by bandwidth. This
information helps network administrators to identify where the bandwidth is used, and how many applications use it. Armed with
this information, the administrators can effectively prioritize the applications based on the business needs: for example, allow
business applications but traffic shape the applications for personal use.
Web.Client 43.35%
Storage.Backup 23.72%
Network.Service 21.75%
Business 8.40%
Collaboration 2.02%
Update 0.62% App Categories
Unknown 0.13%
Remote.Access 0.01%
General.Interest 0.00%
Email 0.00%
Others 0.00%
Number of
# Application Category Number of Users Bandwidth Session
Applications
1 Web.Client 13 4,578 48.16 GB 315,345
2 Storage.Backup 1 4 26.35 GB 13
3 Network.Service 20 1,025 24.17 GB 117,812
4 Business 1 12 9.33 GB 332,407
5 Collaboration 4 9 2.24 GB 2,836
6 Update 5 10 700.37 MB 2,019
7 Unknown 19 3,977 151.95 MB 115,717
8 Remote.Access 2 12 15.47 MB 67
9 General.Interest 3 6 1.82 MB 135
10 Email 1 1 234.86 KB 33
11 Proxy 4 26 209.56 KB 65
12 Botnet 2 25 102.13 KB 32
13 Mobile 2 4 5.05 KB 4
14 Video/Audio 1 1 1.48 KB 4
The following section shows the top 25 web applications with their application risk ratings, sorted by bandwidth usage.
Fortinet’s proprietary web filtering database is developed by the FortiGuard research team. The database contains more than 47
million rated websites with real-time updates; the websites are categorized into 76 web categories to allow highly-granular web
filtering policies. For web filter categories see: http://www.fortiguard.com/webfilter
The following section shows the most commonly visited web categories with their respective bandwidth usage.
The FortiGuard research team analyses application traffic patterns and application vulnerabilities and then develops signatures
to prevent the vulnerability exploits. The FortiGuard Intrusion Prevention Service (IPS) provides Fortinet customers with the latest
defenses against stealthy network-level threats. It uses a customizable database of more than 5,100 known threats to stop
attacks that evade traditional firewall systems. It also provides behavior based heuristics analysis to enable the FortiGate
systems to recognize zero-day attacks. For Application Vulnerability and IPS see: http://www.fortiguard.com/intrusion
The section below shows application vulnerabilities discovered on the network, ranked by severity and count.
The FortiGuard AntiVirus Service employs advanced virus, spyware, and heuristic detection engines to enable FortiGate systems
to detect and prevent both new and evolving threats. For AntiVirus see:http://www.fortiguard.com/encyclopedia
The tables below show the common viruses discovered, the botnet C&C communications detected and the spyware/adware
found.
Figure 10: Common viruses, botnet C&C communications, spyware/adware, sorted by count
FortiGuard research team proactively monitors threat landscape and looks for zero-day vulnerabilities; once a zero-day
vulnerability is identified, an advanced signature(s) is developed and pushed out to the customers before a vendor’s patch
release is available. These signatures are unique to Fortinet and play an critical role in the fight against advanced persistent
threats (APTs).
The section below provides a summary of the files analyzed by FortiCloud Sandbox during the last period.
Figure 11: Zero-day malware detected on the network by the on-box AntiVirus scanning, sorted by count
The list below provides some examples of the malicious files detected by FortiCloud Sandbox.
The section below lists the most common files and file types along with the associated application.
Evasive Applications ( 0 )
Proxy applications are often used to conceal their activity and bypass the security control. This represents both business and
security risks to your organization. Implement the application policies to dictate the use of these applications.
Deploy a Fortinet Next Generation Firewall to Ensure Application Visibility and Control
Fortinet next-generation firewalls enable organizations to gain visibility on all application traffic and deliver scalable and secure
application control for enterprises. Deploying a Fortinet firewall in your organization and creating secure application policies to
ensure that your network is being used according to the organization’s priorities.
AntiVirus
The FortiGuard AntiVirus Service provides fully automated updates to ensure protection against the latest content level
threats. It employs advanced virus, spyware, and heuristic detection engines to enable FortiGate, FortiMail, and
FortiWiFi appliances, and FortiClient end point security agents, to prevent both new and evolving threats from gaining
access to your network and its valuable content and applications.
AntiSpam
The FortiGuard AntiSpam Service uses both a sender IP reputation database and a spam signature database, along
with sophisticated spam filtering tools on Fortinet appliances and agents, to detect and block a wide range of spam
messages.
Application Control
Application Control protects managed desktops and servers by allowing or denying network application usage based
on policies established by the network administrator. Enterprise applications, databases, web mail, social networking
applications, IM/P2P, and file transfer protocols can all be identified accurately by sophisticated detection signatures.
Application Control signature updates are provided via the global FortiGuard distribution network.
Intrusion Prevention
The FortiGuard Intrusion Prevention Service provides Fortinet customers with the latest defenses against stealthy
network-level threats. It uses a customizable database of more than 5,100 known threats to enable FortiGate and
FortiWiFi appliances to stop attacks that evade conventional firewall defenses. It also provides behavior-based
heuristics, enabling the system to recognize threats for which no signature has yet been developed. The combination
of known and unknown threat prevention enables FortiGate systems to stop the most damaging attacks at the network
border regardless of whether the network is wired or wireless, or whether it is at corporate headquarters or a branch
office.
FortiCloud
FortiCloud is a hosted Security Management and Log Retention service for the FortiGate® product line. It gives you a
centralized reporting, traffic analysis, configuration and log retention tool without the need for additional hardware
and software.
Cloud Sandbox
Identifies custom malware that is not controlled through traditional signatures by directly executing the files in a
cloudbased, virtualized sandbox environment. FortiCloud Sandbox observes and monitors malicious behaviors and
delivers the result to the customer. If the file is malicious, a signature is developed and delivered to the user
community.
IP Reputation
The FortiGuard IP Reputation Service aggregates data from locations and sources around the world that collaborate to
provide up to date information about threatening sources. With breaking intelligence from distributed network
gateways combined with world class research done from FortiGuard Labs, organizations can stay up to date and
proactively block attacks.
Web Filtering
Web Filtering Service provides URL filtering to block access to harmful, inappropriate, and dangerous websites that
may contain phishing/pharming attacks, malware such as spyware, or objectionable content that can expose
organizations to legal liability. Based on automatic research tools and targeted research analysis, real-time updates
enable you to apply highly-granular policies that filter web access based on more than 75 web content categories, and
more than 47 million rated websites - all continuously updated via the FortiGuard Network.