Documento Evaluacion de Seguridad

-DQXDU\ 15, 201
Prepared by Solution Center, Check Point Software Technologies
Prepared for ABC Corp Analysis duration 7 days 7UDɝFLQVSHFWHGE\WKHIROORZLQJ

Industry Finance Analysis network Internal network Check Point Software Blades:
Company size 500 - 1000 Employees Security gateway version R80 Application Control, URL Filtering,
Country USA Security device Check Point Appliance 00 IPS, Anti-Bot, Anti-Virus,
Threat Emulation, DLP
TABLE OF CONTENTS
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & ATTACKS
HIGH RISK WEB ACCESS
DATA LOSS
02%Ζ/(7+5($76
ENDPOINTS
BANDWIDTH ANALYSIS
&+(&.32Ζ17Ζ1)Ζ1Ζ7<
CHECK POINT Ζ1)Ζ1Ζ7<
ABOUT CHECK POINT
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
EXECUTIVE SUMMARY 2
The following Security Checkup report Malware and Attacks

SUHVHQWVWKHILQGLQJVRIDVHFXULW\DVVHVVPHQW

conducted in your network.
known malware
The report uncovers where your organization
LVH[SRVHGWRVHFXULW\WKUHDWVDQGRIIHUV computers infected downloaded by unique software
vulnerabilities were
recommendations to address these risks.
7RDVVHVVULVNQHWZRUNWUDIILFZDVLQVSHFWHG
with bots
users attempted to be exploited
by Check Point to detect a variety of security

downloaded
threats, including: malware infections, usage
communications new malware
of high risk web applications, intrusion
with C&C* sites
attempts, loss of sensitive data, and more.
* C&C - Command and Control. New malware variant is a zero-day attack or Indicates potential attacks on computers on
If proxy is deployed, there might be additional malicious code with no known anti-virus signature. your network.
infected computers.
Data Loss High Risk Web Access
114 18 22 15
potential data high risk web high risk web cloud
loss incidents applications sites applications
6 96.2GB 409 hits 12.5GB

sensitive data
categories
Potential risks: opens a backdoor to your Potential risks: Exposure to web-based threats Risk of data loss and compliance violations.
Indicated information sent outside the company network, hides user activity, causes data leakage and network infection. Examples: Spam, malicious, Examples: Dropbox, Google Drive, OneDrive.
or to unauthorized internal users. Information or malware infections. phishing web sites.
that might be sensitive.
©Check
©CheckPoint
PointSoftware
SoftwareTechnologies
TechnologiesLtd.
Ltd.AllAllrights
rightsreserved.
reserved. Classification: [Restricted][Restricted]
Classification: ONLY for designated groups andgroups
ONLY for designated individuals
and individuals Security
Security Checkup
Checkup - Threat
- Threat Analysis
Analysis Report
Report
Key Findings
:-+8!!" +-(:%%;!
'5"/ ' # 4"+#& #

#
)URPHDUO\
WR 2 &

# 4 72
#

LPSURYHQ &
4 @ A # B #
4"+#& # #
<& (

=& #
>& -2 4+#& #

?&
4 +#& #

5
<&
=&
#
6"&& ##$ #&$#$37 #8 #6#$966#$## #:
= F = = > ? = C = > ? < > > G <
$ 8== =? =C =D >E 1 = 9 ?
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
' +1(-+10('%(+% (-;2%-
# & 2# 3
3 #@*A &
# @A& &
%7< !" ##!" %7 #&$< #===

+#&$
!"0< 5 !"1<= 4" #% 57
'<76"==
<F=&<D&>F&<>
<F=&<D&E&=
(-& !
<F=&<D&E&><
<F=&<D&>F&F
<F=&<H&G&>?
3KLVKLQJ & !
<F=&<H&==&<ED
<F=&<D&==&=C
I &9>=&I
<F=&<D&<CE&?E
&
<F=&<H&G&>?
3KLVKLQJ & # <F=&<D&>F&F !

(-&2 7 <F=&<D&==&=C ! <F=&<H&G&=D
(-& # <F=&<H&G&=D !

<F=&<H&==&<ED
5RXJKWHG ( &J2 <F=&<D&>F&<> !
4" #
% >0< ? !" V '<76" <F=&<D&E&><
% 57
<F=&<D&<CE&?E
<F=&<D&E&=
E GEE <: <&G: =:

4 K # L M&L M&L M&L#M8 3
&, &
44 @ A &
444 , &
$ % &# & '( )* !%+ # , (
KEY FINDINGS MALWARE & ATTACKS
EXTENDED MALWARE INCIDENTS (CHECK POINT THREATCLOUD INTELLISTORE)

Malware threats were detected by extended security intelligence feeds (via Check Point ThreatCloud IntelliStore*).
Top Threats by Feed Feeds by Severity

Feed Detection
Feed Threat Severity Source High Medium
Engine
Mnemonic Malicious domain.bqzei High 52 Sources Anti-Bot

C&C domain.utqzy High 43 Sources Anti-Bot Mnemonic
Vendor & Seveity

Adware domain.qzf High 20 Sources Anti-Bot
Adware domain.qaf High 17 Sources Anti-Bot MalwarePatrol
C&C domain.uteuu High 25 Sources Anti-Bot
C&C domain.vaoek High 19 Sources Anti-Bot ID

Malicious domain.bqtmg High 7 Sources Anti-Bot
C&C domain.uxqcw High 10 Sources Anti-Bot 0 50 100 150 200
C&C domain.umzgw High 3 Sources Anti-Bot Events
Adware domain.qbm High 2 Sources Anti-Bot
Total: 10 Threats High 198 Sources 1 Engine
MalwarePatrol URL hosting a malware High 57 Sources Anti-Bot

executable file.dkgoh
Anti-Virus
Total: 1 Threat High 57 Sources 2 Engines
ID ExploitKit Nuclear.lkfo High 24 Sources Anti-Virus
ExploitKit Nuclear.rqdx High 32 Sources Anti-Virus
MalwareDownload Medium 15 Sources Anti-Virus

Generic.bpkp
ExploitKit Angler.bcncr Medium 7 Sources Anti-Virus
Total: 4 Threats High 78 Sources 1 Engine
Total: 3 Feeds 15 Threats High 333 Sources 2 Engine
* For more information on Check Point ThreatCloud IntelliStore please refer to http://www.checkpoint.com/products/threatcloud-intellistore/
MACHINES INFECTED WITH ADWARE AND TOOLBARS

Adware and toolbars are potentially unwanted programs designed to display advertisements, redirect search requests to advertising websites, and collect
marketing-type data about the user in order to display customized advertising on the computer. Computers infected with these programs should be diagnosed
as they may be exposed to follow-up infections of higher-risk malware. The following table summarizes the adware and toolbar malware families and the
number of infected computers detected in your network.
Top Malware Families
Adware Name* Infected Computers**
Adware domain.pzf 3 Computers
Adware domain.qaf 2 Computers
Adware domain.qbm 1 Computer
Adware.Win32.MyWay.A 1 Computer
Adware.Win32.Staser.A 1 Computer
Adware domain.iqp 1 Computer
Total: 6 Adware Computers
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers
:-+8!!" 1%*/1%1"!
'<7 #3@"5 !"#$@"5+# $#

=EE

<GE
<EE
GE
E
- 7 A? =<3=E<F =>3=E<F =G3=E<F =F3=E<F =H3=E<F 2A? *>3=E<F *G3=E<F
'<7 #3/#!# !"

?
>

=
#4
<
E
- 7 A? =<3=E<F =>3=E<F =G3=E<F =F3=E<F =H3=E<F 2A? *>3=E<F *G3=E<F
4
%7 7#
-(
<>
<G
=
G
C
E = ? C D <E <= <? <C <D =E == =? =C

$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
(212-8/121(:
9 3 2 # &
3 , # &
&:
2 ,# &
!"$!# $B"7 %76"$!# $$< !"

+#&$0 1< *" !# $$5 = +# $#'6#
QRDH[H 8VHU <E&D&E&=<? FDDDDDGFDEI

=
H <E&D&E&=<?
LQVWDOOBIODVKBSOD\HUH[H 8VHU <E&D&E&=G IEEGFDIDHEEDGD

< <E&D&E&>
H
% >0 8VHUV -6" 0 <E&D&E&=G
E < =
!"$!# $B"<7 !# $57"

*"
+#&$0 1< !# $$5 = +# $#'6#
(<
O/**! DF <E&D&E&> >< EEFD >H FD>CH

< '<M=GN)
GDHEF<P*=E<F8 HE?<C
&&
% >0 8VHU -6" 0
4 + J1G 0 #&# &
'>MFGN)
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
212-201((,+1%-8*1/121(:
9 , 3 # # 2 3
Q Q& @ A2 3 ## 2 3 2
& 7# 2 # # &
3 , # & #
&
6$!# $57"
/

@ 2 A
'<N)
!# $&#!< !"B" #

+#&$ 6
7 &RQILGHQFH !# $ = 4"
0 1< B
#
! FG >> =E <? GH<G>?
@
=E<F,<E,E< <F=&<F&E&> == > DGHE>> DC<FCFHC ?E H
"&1%9( ;
, =&F <H 81G
-&ED>DA 'HHN)
#
! H<&=?>&<FG&<G EH GC E <GG>C <?GFE G ?
@
=E<F,<E,E= <==&<C?&=>C&< =E =G <CCF EE== < ECH> F >
"&1%9( ;
, =&F <F=&<F&E&> <G 81G %7< 6& 57
-&EG><A
16<"&
# 0 % 57 !# $
! =FD< D FF?>F== E?>=C<= 0
@
=E<F,<E,E= <F=&<F&E&> <H =< H=?E = FH?>?=E> ?<=
"&1%9( ; F ><F8 G=C
, >&F <> 81G
-&E EA
D8 <<
?8 <<

R F8 H
?8 G
4 + J1G 0 #&# &
2 =8 ?
% >

0
% 57 !# $
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
+#&$0
7 6 B '#& $# !# $ = 4"
1<
# =< H=?E = FH?>?=E> ?<= DD=

! =E<F,
<F=&<F&E&> @ ; <C H>?GC? =D < G<DDH=CHEH <>
<E,E=,<&F
"&1%9(-&=>GA H 81G
# GG?EH=CFEF= EF >>FH=CCGFGE<
! =E<F, <E>&GD&<??&=<
@ ; <G =GHG=G GCF ECEH <CGFG F==
<E,E<,<&F <F=&<F&E&>
"&1%9(-&CDA <> 81G
# ? D =H F<GG E C=G HDH F
! =E<F,
<F=&<F&E&> @ ; H >F DD?FHG>=> <> DDGC
<E,E<, >&F
"&1%9(-&?EA G 81G
CC&<C>&<DC&==H
F?&C&<=H&=<?
DWWDFKPHQW
F?&C&<=H&==H
; F )(%')($($('&%)
F?&C&<>>&=<C
KVJGRF
F?&C&<>?&=<C
<
FEH[H
<F=&<D&E&<GH 1 ( # ; > FEGHIDHGD
# ,DE=EED=P

<F=&<F&E&> ; = D H<E> < <C =CGE H=CC FFCH
8&

1<E>P=E<FEH=H& #
D?&>D&<>=&<>< @ ; = HE=GHC<F D <C >GE?HF = EC=F

"&1%9(-&<GA
'#& $#
% > 0 ? 7 6 B 0 -"B
B
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
''(--%2-+%(-/121%2'21%+1(
* 3 #
& # &
%71-## #< 6 %76"$< 6

(#$34 #+4 !"0< 5 < #
&

<F=&<D&E&>< & F
(
2& ,<&
<E&<&E&><
&

<F=&<D&E&= #& #& G
(
2& ,<&
<F=&<H&E&<?G & ?
<F=&<D&>&DH ( 2& ,<& = <E&<&E&=
<F=&<D&>F&F ? =CH > > & <
% >7 0< < #

<E&<&>&DH
%7 %%49-## #< 6
(#$34 #+4 !"0< 5 < #
<F=&<D&=&<H
SS & ST#U>5U5 U9!<
<F=&<D&=&=E
SS & & S &T QUDE=<5 Q
<F=&<D&=&C? <E&<&>F&<>
SS & ST#U>5U 5 U9 >E
<F=&<D&>&?
SS & ST#U>5U5 U9!C
<F=&<D&>&GE
SS & ST#U>5U 5 U9!
<=
<F=&<D&>&>>
<F=&<D&>&DH SS2& ,<& S T UHG>G=5UPFC7 <E&<&>&>>
<F=&<D&=E&>< ( SS2& ,<& S T UF=EDH5U((.( C
<F=&<D&=E&D= SS2& ,<& S T UHFGGF5UPFC7
<F=&<D&>F&<>
% >7 0< < # E = ? C D
;
<RXFDQDQDO\]HVXVSLFLRXV85/VE\FRS\LQJDQGSDVWLQJWKHPLQWR9LUXV7RWDORQOLQHVHUYLFHDWZZZYLUXVWRWDOFRP
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
%%'/-1()42+%(-20%(,*1(++%+(-
3 2 # #S & 3
3 2 # & #
&
%7#$C7 $&!"B6 #" %7" $#$37 #
+#$6"5
$ # # 9(C7 -6" (B#
&"#
<E&<&E&DD
<E&<&E&DD 9 # 0-,=E<G,FGE< <E&<F?&<?E&F? =?
I <E&<<C&<HG&D

( % >-6"
<E&<&E&=<?
-2
= 0-,=E<F,GC>D <E&<<=&<E&=GE =D <E&=F&<HG&D
,
( % > -6" <E&<&E&<ED
-2
;/#1 0-,=E<?,FDD> <E&<GC&<HE&C? E =E ?E CE DE <EE <=E
<
!
I1.
% >-6"

% > 9 %7',(
&"# -6"
(C7
<E&<<C&<HG&D !#1 0-,=E<>,G=<< <E&===&H?&GD ==
0-,=E<G,FGE<

% > -6"
(

#
0-,=E<>,G=<<
% >9
&"# -6"
(C7 0-,=E<F,GC>D
0-,=E<C,=<EF
4 + # 0- 0-,=E<F,EE=F
# SS & & S S
E GE <EE <GE
!
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
$ # # 9(C7 +#$6"5&"# -6" (B#
<E&<&E&=<? 1 * 0-,=E<F,EE=F <E&D&E&=<? G?

@1<F,E<?0-,=E<F,EE=FA
% >-6"
O%#/ 0-,=E<?,>FE? <E&<&==&>C <E
O%R
% >-6"
1 -288 0-,=E<=,E<?< <E&D&E&=<? H

-2 @1<=,E>EA
% >-6"
% > 9(C7 &"# -6" ?

<E&=F&<HG&D !#1 0-,=E<>,G=<< <E&<HF&H?&GD <C
#
% >? -6"
10 !1 F 0-,=EEH,>GC> <E&<<D&=<C&GF <
#
% >-6"
% >9(C7 &"# ? -6"

<E&<&E&<ED = , ( 0-,=E<F,GC>D <E&<<=&<E&=GE >=
-2
% > -6"
9 # I 0-,=E<G,FGE< <E&<F=&<E&=GE >

(
-2 % >-6"
;/#1I1. 0-,=E<?,FDD> <E&<GC&<HE&C? =

% >-6"
% > 9(C7 &"# -6" ?
% > # # 9(C7 &"# -6" ?
$ % &# & '( )* !%+ # , (
:-+8!!" -(0-(-.%*-*!;-:*!:!*9%-"-
%%'/-1()42+%(-20%(,*1(++%+(-
# #&
%7#$C7 $B6 #" $# #"# $B " %7" $#$37 #

9(C7 -6" (B#
# #
<E&<&E&<GH
<E&<&E&<GH -2 1 <E&D&E&> <G?
1

<E&D&E&> <<C
I# <E&<&E&=<?
1 1

<E&D&E&> ?
#
<E&<&E&==
% > 9(C7 -6" ?
<E&<&E&=<? 7 O%R <E&<&==&>C CH
<E&<&E&>
O%#/!*!O , O%
<E&<&==&>C >F
R

9 ;8 % <E&<<C&<HG&D
<E&D&E&=<? <H

% >9(C7 -6" <E&=F&<HG&D
<E&<&E&== 1 1 <E&=&<FG&=E <
(
<E&>&<EF&FC < <E&<&<CE&=E?
-2 1 <E&<<C&<FG&<>C C

<E&=&<?G&=EF = <E&<&<CE&<CD
1 <E&D>&>D&C? =

I#
<E&<?=&<DC&?F = <E&<&<CE&?E
% > 9(C7 -6"
% > <E&<&<CE&DF

9(C7 -6" /
# #
E GE <EE <GE =EE =GE

!
$ % &# & '( )* !%+ # , (
:-+8!!" !!--(0-(
%%'/-1()42+%(-20%(,*1(++%+(-
3 2 # #S & 3
3 2 # & #&
%7##$"B"
% " #$37 # 9(C7 (B# -6"
<E&<&DG&=> <E&>&<FD&F
0 D<D <E&?&GH&G?
<F<
<E&H<&?C&<=?
6- <F <E&<E?&?G&=?G
?
% >? 9(C7 -6"
<E&<&DG&== <E&>&<FD&F
0 D=< <E&?&GH&G?
<FE
<E&H<&?C&<=?
6- <F <E&<E?&?G&=?G
G
% >9(C7 ? -6"
<E&<&DG&=< <E&>&<FD&F
0 D=E <E&?&GH&G?
<F>
<E&H<&?C&<=?
6- <> <E&<E?&?G&=?G
>
% >9(C7 -6"
% > # # 9(C7 / ? -6"
$ % &# & '( )* !%+ # , (
DDOS ATTACKS
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate.
This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed
Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security
analysis, DDoS attacks were detected. The following summarizes the events.
Summary Top Source Countries

Source Country Attacks
14 70.4K 13.3MB Mexico 41.4K

attack types total attacks bandwidth utilization United Kingdom 5.9K
United States 5.7K

Top DDoS Attacks Poland 2.1K
Attack Name Severity Source Destination Events France 1.3K
Network flood IPv4 UDP Critical 59 Sources 7 attacked 6.4K Sweden 156
4 attacked
China 24
Network flood IPv4 TCP-SYN Critical 2 Sources 13 attacked 5.0K
21 attacked Serbia 19
4 attacked
India 18
TCP Scan (horizontal) High 3 Sources 2 attacked 15.55K
Canada 18
TCP Scan (vertical) High 3 Sources 13 attacked 1.6K Netherlands 14
15 attacked
5 attacked
Singapore 5
TCP Scan High 12 Sources 21 attacked 1.0K Vietnam 3

18 attacked
17 attacked Trinidad and Tobago 2
7 attacked
2 attacked Kuwait 2
Total: 14 Protections Critical 118 Sources 64 Destinations 70.4 K Total: 16 Countries 56.6K
KEY FINDINGS HIGH RISK WEB ACCESS
USAGE OF HIGH RISK WEB APPLICATIONS

Web applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration
applications might be legitimate when used by admins and the helpdesk, but please note that some remote access tools can be used for cyber-attacks as well. The
following risky web applications were detected in your network, sorted by category, risk level and number of users.
Top High Risk Web Applications

Application Category Application Name Source Risk Level * Traffic
96.2 GB
total high risk web
Proxy Anonymizer Tor 7 Sources Critical 23 GB DSSOLFDWLRQVWUDɝF
Hola 4 Sources Critical 354 MB
Ultrasurf 4 Sources Critical 239 MB Top Categories

Hide My Ass 3 Sources Critical 120 MB Application Category Traffic
OpenVPN 1 Source Critical 32 MB
Proxy Anonymizer 26 GB
Total: 7 Applications 16 Sources 26 GB
P2P File Sharing 61 GB
P2P File Sharing BitTorrent Protocol 24 Sources High 23 GB File Storage &
Sharing Applications 9.2 GB
SoulSeek 22 Sources High 22 GB
Total: 3 Categories 96.2 GB
Xunlei 19 Sources High 12 GB
iMesh 13 Sources High 456 MB * RIsk level 5 indicates an application that

can bypass security or hide identities. Risk
Gnutella Protocol 8 Sources High 56 MB level 4 indicates an application that can
Total: 6 Applications 73 Sources 61 GB cause data leakage or malware infection
without user knowledge.
File Storage & Dropbox 132 Sources High 6 GB
Sharing Applications
Hightail 54 Sources High 3 GB
Mendeley 9 Sources High 123 MB
Zippyshare 5 Sources High 55 MB
Sendspace 1 Source High 3 MB
Total: 5 Applications 201 Sources 9.2 GB

Total: 3 Categories 18 Applications 290 Sources 96.2 GB
KEY FINDINGS HIGH RISK WEB ACCESS
ACCESS TO HIGH RISK WEB SITES

Web use is ubiquitous in business today. But the constantly evolving nature of the web makes it extremely difficult to protect and enforce standards for
web usage in a corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs
and applications as well. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by
category, number of users, and number of hits.
Top Risky Websites Access to sites containing questionable content

Number of Browse Time
Site Category Site Number of Users Site Category Traffic Total Bytes
Hits (hh:mm:ss)
Phishing wsq.altervista.org 7 Users 59 Illegal / Questionable 1:16:00 15.1MB
applynow. Sex 2:42:00 8.9MB

4 Users 45
mwexoticspetsforsale.com
Gambing 13:11:00 7.4MB
login.marlktplaats.com 4 Users 21
Hacking 00:01:00 56.0KB
masternard.com 3 Users 5
Total: 4 Categories 17:10:00 31.5MB
pro-update.com 1 User 3
Access to non-business websites or to sites containing
Total: 7 Sites 16 Users 135 questionable content can expose an organization to possible
Spam bgeqwre.com 24 Users 65 productivity loss, compliance and business continuity risks.
bgvlidf.com 22 Users 55
buogbvd.com 19 Users 19
br46cy78son.net 13 Users 7
dq4cmdrzqp.biz 8 Users 1
Total: 6 Sites 73 Users 153

Spyware / Malicious 100footdiet.org 132 Users 66
Sites
0scan.com 54 Users 33
050h.com 9 Users 5
123carnival.com 5 Users 5
0hm.net 1 User 3
Total: 9 Sites 254 Users 121

Total: 3 Categories 22 Sites 343 Users 409
KEY FINDINGS DATA LOSS
DATA LOSS INCIDENTS

Your company’s internal data is one of its most valuable assets. Any intentional or unintentional loss can cause damage to your organization. The information
below was sent outside the company, or to potentially unauthorized internal users. This information may potentially be sensitive information that should be
protected from loss. The following represents the characteristics of the data loss events that were identified during the course of the analysis.
Summary
74.3K total emails scanned 2 emails with data loss incidents 114 web data loss incidents
Top Data Types Incidents by Protocol
Data Type Users Events Services http 77

[67.5%]
Credit Card Numbers 7 54 http smtp 37
[32.5%]
Business Plan 5 32 smtp
Financial Reports 2 12 http
Source Code 1 9 http
Pay Slip File 3 5 smtp
U.S. Social Security Numbers 1 2 http
Total: 6 Data Types 19 Users 114 Events 2 Services
KEY FINDINGS DATA LOSS
FILES UPLOADED TO CLOUD BASED WEB APPLICATIONS

One of the greatest characteristics of Web 2.0 is the ability to generate content and share it with others. This capability comes with significant risk. Sensitive
information can get into the wrong hands by storing confidential financial files on cloud-based file storage and sharing services. The following table provides an
overview of the types of files uploaded from your organization and the respective file storage and sharing applications used.
Cloud-Based Web Applications File Types

Site / Application Uploaded Number EXE [14%]
Site / Application File Type
Category Files of Users
PDF [27%]
File Storage & Sharing Dropbox 7 Files 59 Users .EXE, .PPTX, .PDF
Applications
Hightail 4 Files 45 Users .DOCX, .PPTX
Mendeley 4 Files 21 Users .PDF, .XLXS DOCX [18%]

Google Drive-web 3 Files 13 Users .EXE, .PDF
Mega 3 Files 6 Users .EXE
Total: 7 Sites 24 Files 163 Users

P2P File Sharing BitTorrent Protocol 24 Files 65 Users .DOCX, .PPTX
SoulSeek 22 Files 55 Users .PDF, .XLXS
FileMp3.org 16 Files 43 Users .PDF, PPTX PPTX [22%]

XLXS [19%]
P2P-Radio 9 Files 22 Users .XLXS
Sharebox 3 Files 10 Users .PDF, .XLXS

Share Files Facebook 132 Files 66 Users .DOCX, .PPTX
FreeWire 42 Files 23 Users DOCX.

Total: 3 Categories 15 Sites 274 Files 453 Users
KEY FINDINGS SCADA COMMUNICATIONS
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
46 23 9 33
Sources Destinations Commands Ports
Top SCADA Protocols & Commands

Protocol & Command Transactions Traffic
BACNet Protocol (Building Automation and Control Networks) 38 4.3GB
DNP3 Protocol - freeze and clear 21 123MB
EtherNet/IP 16 2.2GB
OPC UA - secure conversation message 2 71.0MB
DNP3 Protocol - immediate freeze 2 513MB
DNP3 Protocol 2 1.6GB
DNP3 Protocol - write 1 1.7GB
DNP3 Protocol - ware restart 1 57MB
DNP3 Protocol - select 1 321MB
Total: 9 Protocols & Commands 84 Transactions 10.885GB
.(<)Ζ1'Ζ1*6 02%Ζ/(7+5($76
7KHIROORZLQJ6HFXULW\&KHFNXSUHSRUWSUHVHQWVWKHȴQGLQJVRIDVHFXULW\
assessment conducted in your network. The report focuses on mobile 547 Android devices
WKUHDWVDQGXQFRYHUVZKHUH\RXURUJDQL]DWLRQLVH[SRVHGWRWKHPDQGR΍HUV
433 iOS devices

recommendations to address these risks.
7RDVVHVVULVNQHWZRUNWUDɝFZDVLQVSHFWHGE\&KHFN3RLQWWRGHWHFWD
YDULHW\RIVHFXULW\WKUHDWVLQFOXGLQJPRELOHPDOZDUHLQIHFWLRQVXVDJH
979GB
DQGGRZQORDGVRIKLJKULVNPRELOHDSSVGRZQORDGRIPDOLFLRXVPRELOH WRWDOPRELOHWUDɝF
DSSOLFDWLRQVRXWGDWHGPRELOHRSHUDWLQJV\VWHPVDQGPRUH
Mobile devices detected on corporate network (number of devices is based on source IP

addresses).
30 18 201 20
cloud mobile KLJKULVNPRELOHDSSV KLJKULVNZHEVLWHV downloads of
apps malicious apps
and malware
19GB WUDɝF
9GB WUDɝF 855 hits
13
infected devices
Download of malicious content such as

([DPSOHV'URSER[*RRJOH'ULYH2QH'ULYH +LJKULVNPRELOHDSSVDUHDSSVWKDWPLJKW Examples: Spam, malicious, botnets and malicious apps, malware and adware
Risk of data loss and compliance violations. be used by attackers to monitor and control SKLVKLQJZHEVLWHV3RWHQWLDOULVNV([SRVXUH DQGLQIHFWHGGHYLFHVFRPPXQLFDWLQJZLWK
mobile devices or cause data loss. to web-based threats and network infection. Command and Control servers.
KEY FINDINGS 02%Ζ/(7+5($76
MOBILE DEVICES INFECTED WITH MALWARE

Mobile malware are malicious software which invade your mobile device. Mobile malware allow criminals to steal sensitive information from a device, take
FRQWURORILWVVHQVRUVWRH[HFXWHNH\ORJJLQJVWHDOPHVVDJHVWXUQRQWKHYLGHRFDPHUDDQGDOOWKLVZLWKRXW\RXUNQRZOHGJH0RELOHPDOZDUHSOD\DNH\UROH
LQWDUJHWHGDWWDFNVNQRZQDV$GYDQFHG3HUVLVWHQW7KUHDWV $37V 7KHIROORZLQJWDEOHVXPPDUL]HVWKHPRELOHPDOZDUHGHWHFWHGLQ\RXUQHWZRUN
Bot infections Command & Control locations

Communications with
Malware* Infected Devices
Command and Control Center
Plankton 5 devices 1,453
Xinyin 5 devices 1,265
AndroRAT 4 devices 684
BatteryBot 2 devices 587
Bosua 3 devices 45
+XPPLQJ%DG 2 devices 33
606$JHQW$ 2 devices 26
SmsThief 1 device 7
606$JHQW% 1 device 3
Total: 9 malware families 13 infected devices 4,103
* For more information on specific malware, search on www.threat-cloud.com
DOWNLOADS OF MALICIOUS APPS AND MALWARE

:LWKWKHLQFUHDVHGLQVRSKLVWLFDWLRQLQPRELOHF\EHUWKUHDWVPDQ\WDUJHWHGDWWDFNVEHJLQE\HPEHGGLQJPDOZDUHLQGRZQORDGHGDSSVDQGILOHV'XULQJWKH
VHFXULW\DQDO\VLVDQXPEHURIPDOZDUHUHODWHGHYHQWVZKLFKLQGLFDWHPDOLFLRXVILOHGRZQORDGVZHUHGHWHFWHG7KHIROORZLQJWDEOHVXPPDUL]HVGRZQORDGV
of malware by mobile devices.
Malware downloads
Malware* Downloaded by Downloads MD5
MobileConf.apk 21 devices 3 582e74467fd100622871fd9cc4dc005c
com.android.senscx.apk 13 devices 3 048b145948a07ab93e24a76dafda8bb7
RUJEOKHOSHUYUWZLGJHWDSN 8 devices 3 76745ce873b151cfd7260e182cbfd404
SystemThread.apk 7 devices 3 b9484ae3403c974db0f721b01bd6c302
com.android.systemUI.apk 3 devices 3 f8645efd5ea2b802d68406207000d59b
Pornclub.apk 2 devices 2 6fa0ffc80d7796748238ad5f1ef3fd71
6HWWLQJV7RROVDSN 2 devices 1 29dc63afd068dad7a589c680896e5e86
MainActivity.apk 1 device 1 f3867f6159ee25ebf90c8cc0220184ed
clean.apk 1 device 1 eeb6777ce814c6c78e7b9bce9f8176e6
Total: 9 malware files 58 devices 20 downloads )LOHV0'
* For more information on specific malware, search on www.threat-cloud.com
USAGE OF HIGH RISK MOBILE APPS

0RELOHDSSVDUHHVVHQWLDOWRWKHSURGXFWLYLW\RIHYHU\RUJDQL]DWLRQEXWWKH\DOVRFUHDWHGHJUHHVRIYXOQHUDELOLW\LQLWVVHFXULW\SRVWXUH5HPRWH$GPLQLVWUDWLRQ
DSSVPLJKWEHOHJLWLPDWHZKHQXVHGE\DGPLQVDQGWKHKHOSGHVNEXWZKHQXVHGPDOLFLRXVO\WKH\FDQDOORZSRWHQWLDODWWDFNHUVWRVWHDOVHQVLWLYHLQIRUPDWLRQ
IURPDGHYLFHWDNHFRQWURORIWKHVHQVRUVWRH[HFXWHNH\ORJJLQJVWHDOPHVVDJHVWXUQRQYLGHRFDPHUDDQGPRUH7KHIROORZLQJULVN\DSSVZHUHGHWHFWHGLQ\RXU
network.
Top high risk mobile apps Mobile devices

App Category App Name* Risk Level Devices Traffic
Android 64% iOS 36%
Spyware Mspy +LJK 24 5 GB
Spy2Mobile +LJK 22 2 GB
Bosspy +LJK 19 1 GB
Mobile Spy +LJK 11 456 MB
Shadow Copy +LJK 5 350 MB
0\0RELOH:DWFKGRJ +LJK 3 120 MB
MobiStealth +LJK 2 59 MB
7DON/RJ9 +LJK 1 56 MB
Total: 1 category 18 apps 87 9 GB
* For more information on specific app, search on http://appwiki.checkpoint.com/
7-+6!!" 02%Ζ/(7+5($76
))% -2- 3%"- %

8 5 & 4 # # 3
# & #& 4 4
4 &
#' 8 $ 59 #' '5 5

) 5 ! ',

&3 & D
D1
& &DD &

&, &D@DH=:@@ =E
& & DD
< =< :< A< >< @<<
&& DD=<@C 2
& & D >@1 / @<:
3 &
3&
@& #& D D=<@=D # CI * ** @; * ' * *
@H " # : ((
) 5
8=::=9 "5
<&&
3& &D 3 3 =@=:<< E&H"
& D DB ECH<< H@<&>1
& &
" <@<<< @@&:1
J, &
&3 &DD & A@1 / ;E 2 <<@<< A:&<7
& &3 = ) = = 2"
# &
;=H :;<E AEA;C 3
&
@A
8 ,

5 3
# 4 &
$ % &# & '( )* !%+ # , (
KEY FINDINGS ENDPOINTS
343 total endpoints detected

Endpoints Involved in High Risk Web Access Endpoints Involved in Malware and Attack Incidents
and Data Loss Incidents
23 19 34 44 55
received email
running accessed high infected downloaded
containing link to
high risk risk websites with malware malware
malicious site
applications
22
servers attacked
22 14 15
users accessed users involved in accessed a site
questionable,
non-business
potential data loss
incidents
known to contain
malware
attacked 23
endpoints clients attacked
related websites
KEY FINDINGS BANDWIDTH ANALYSIS
BANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITES

An organization‘s network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Some are business related and
some might not be business related. Applications that use a lot of bandwidth, for example, streaming media, can limit the bandwidth that is available for
important business applications. It is important to understand what is using the network’s bandwidth to limit bandwidth consumption of non-business
related traffic. The following summarizes the bandwidth usage of your organization sorted by consumed bandwidth.
Top Applications/Sites (Top 30)
Application/Site Category Risk Level Sources Traffic 539.8GB

YouTube Media Sharing 2 Low 151 Sources 13.6GB WRWDOWUDɝFVFDQQHG
Office 365-Outlook Email 1 Very Low 363 Sources 10.9GB
Microsoft SQL Server Business Application 2 Low 189 Sources 6.4GB
Windows Update Software Update 1 Very Low 623 Sources 4.7GB Traffic by Protocol
Server Message Block (SMB) Network Protocols 1 Very Low 491 Sources 3.7GB https
Skype VoIP 3 Medium 475 Sources 2.3GB http
POP3S
bestday.com Travel - Unknown 232 Sources 2.3GB
MS-SQL-Server
SMTP Protocol Network Protocols 3 Medium 248 Sources 2.2GB Microsoft-ds
Google Services Computers / Internet 2 Low 437 Sources 1.9GB TCP/13000
UDP/40025
Microsoft Dynamics CRM Business Application 1 Very Low 3 Sources 1.7GB
TCP/587
Facebook Social Network 2 Low 226 Sources 1.6GB
UPD/3389
oloadcdn.net Computers / Internet - Unknown 3 Sources 1.5GB IMAP-SSL
Server Message Block (SMB)-write Network Protocols 1 Very Low 33 Sources 1.2GB 0B 100GB 200GB
Gmail Email 3 Medium 55 Sources 1.1GB
Outlook.com Email 3 Medium 280 Sources 1.0GB

ds.pr.dl.ws.microsoft.com Computers / Internet - Unknown 1 Source 958.6MB
Jabber Protocol (XMPP) Network Protocol 2 Low 391 Sources 872.6MB
Total: 254 Applications/Sites 34 Categories 4 Risks 2,049 Sources 539.8GB
&+(&.32Ζ17
Ζ1)Ζ1Ζ7<
CHECK POINT INFINITY
THE CYBER SECURITY It provides complete threat prevention which

ARCHITECTURE OF THE FUTURE seals security gaps, enables automatic,
immediate threat intelligence sharing across
Growing connectivity along with evolving all security environments, and a unified
networks and technologies provide great security management for an utmost efficient
opportunities for businesses, but also security operation.
presents new and more sophisticated threats.
Securing networks is becoming more UNIFIED SECURITY ACROSS ALL
complex, often requiring advanced NETWORKS, CLOUD AND MOBILE
technologies and high level of human Check Point Infinity leverages unified threat
expertise. Separate IT environments often intelligence and open interfaces to block
drive businesses to apply different point attacks on all platforms before they infiltrate
solutions, many of which are focused on the network. The interconnectivity between
detection and mitigation rather than all Check Point’s components delivers
prevention. This reactive approach to consistent security through advanced threat
cyberattacks is costly and ineffective, prevention, data protections, web security
complicates security operations and creates and more. In addition, the different
inherent gaps in security posture. components share the same set of interfaces
Enterprises need a more complete and APIs, enabling consistent protection and
architecture that scales with dynamic simplified operation across all networks.
business demands and focused on prevention Check Point Infinity also includes the
to ensure all IT environments are completely broadest security coverage available for the
protected. cloud in today’s market, delivering the same
levels of advanced security, regardless of the
SOLUTION cloud provider selection.
Check Point Infinity is the only fully- Migration of business applications to mobile
consolidated cyber security architecture that has transformed the way we use our devices,
futureproofs your business and IT exposing us to new types of cyber
infrastructure across all networks, cloud threats. SandBlast Mobile, the industry’s
and mobile. most secure mobile protection, maximizes
The architecture is designed to resolve the mobility and security infrastructure with
complexities of growing connectivity and the widest set of integrations in the industry
inefficient security. to ensure you stay protected anytime and
anywhere.
CHECK POINT INFINITY
PREEMPTIVE CYBER SECURITY CONSOLIDATED SECURITY Future-proof your business and ensure
Deploying security which is based on MANAGEMENT business continuity with the architecture that
detection and followed by remediation is Managing the entire security network is often keeps you protected against any threat,
costly and inefficient, since it allows attackers complicated and demands high level of anytime and anywhere.
toinfiltrate the network and cause damage human expertise. Check Point Infinity,
before remediation is done. powered by R80.x security management BENEFITS
Check Point Infinity prevents known and version, brings all security protections and í Prevention-driven cyber security, powered
zero-day unknown threats from penetrating functions under one umbrella, with a single by the most advanced threat prevention
the network with SandBlast product family, console which enables easier operation and solutions against known and unknown
saving time and the costs associated with more efficient management of the entire threats.
remediating the damages. security network. í Consistent security across all Check Point
SandBlast solutions include over 30 different The single console introduces unparalleled components with shared threat intelligence
innovative technologies and additional granular control and consistent security, and across networks, cloud and mobile.
prevention capabilities across all provides rich policy management which í Unified and efficient management of the
environments: enables delegation of policies within the entire security network through a single
enterprise. pane of glass.
í Network-based threat prevention for The unified management, based on modular í Rich integrations with 3rd party solutions
security gateways with best-in-class IPS, policy management and rich integrations with flexible APIs.
AV, post-infection BOT prevention, network with 3rd party solutions through flexible
Sandboxing (threat emulation) and malware APIs, enables automation of routine tasks to
sanitation with Threat Extraction. increase operational efficiencies, freeing up
í SandBlast Agent endpoint detection and security teams to focus on strategic security
response solution with forensics, rather than repetitive tasks.
anti-ransomware, AV, post-infection BOT
prevention and Sandboxing on the endpoint. SUMMARY
í SandBlast Mobile advanced threat Preventing the next cyber-attack is a possible
prevention for mobile devices protects from mission. Check Point has the most advanced
threats on the device (OS), in apps, and in technologies and threat prevention
the network, and delivers the industry’s solutions for the entire IT infrastructure.
highest threat catch rate for iOS and Check Point Infinity architecture unifies the
Android. entire IT security, providing real-time shared
í SandBlast for Office365 cloud, part of threat intelligence and a preemptive
Check Point’s cloud security offerings. protection – all managed by a single,
consolidated console.
CHECK POINT
VROXWLRQV 2XU VROXWLRQV RSHUDWH XQGHU D XQLȴHG CORPORATE HEADQUARTERS

About Check Point security architecture that enables end-to-end security United States
ZLWK D VLQJOH OLQH RI XQLȴHG VHFXULW\ JDWHZD\V DQG Check Point Software Technologies Inc.
allow a single agent for all endpoint security that 959 Skyway Road Suite 300
Check Point Software Technologies’ mission is to FDQEHPDQDJHGIURPDVLQJOHXQLȴHGPDQDJHPHQW San Carlos, CA 94070
secure the Internet. Check Point was founded in FRQVROH7KLVXQLȴHGPDQDJHPHQWDOORZVIRUHDVHRI 1-800-429-4391
1993, and has since developed technologies to deployment and centralized control and is supported
secure communications and transactions over the by, and reinforced with, real-time security updates. International
Internet by enterprises and consumers. Check Point Software Technologies Ltd.
Our products and services are sold to enterprises, 5 Ha’Solelim Street
Check Point was an industry pioneer with our service providers, small and medium sized Tel Aviv 67897, Israel
FireWall-1 and our patented Stateful Inspection businesses and consumers. Our Open Platform for +972-3-753-4555
technology. Check Point has extended its IT security Security (OPSEC) framework allows customers to
innovation with the development of our Software extend the capabilities of our products and services Please contact us for more information and
Blade architecture. The dynamic Software Blade with third-party hardware and security software to schedule your onsite assessment:
DUFKLWHFWXUH GHOLYHUV VHFXUH ȵH[LEOH DQG VLPSOH applications. Our products are sold, integrated
solutions that can be customized to meet the security and serviced by a network of partners worldwide. Within the US: 866-488-6691
needs of any organization or environment. Check Point customers include tens of thousands of
businesses and organizations of all sizes including all Outside the US: +44 2036087492
Check Point develops markets and supports a wide Fortune 100 companies. Check Point’s award-winning
range of software, as well as combined hardware ZoneAlarm solutions protect millions of consumers
and software products and services for IT security. from hackers, spyware and identity theft.
:H R΍HU RXU FXVWRPHUV DQ H[WHQVLYH SRUWIROLR
of network and gateway security solutions, data
www.checkpoint.com
and endpoint security solutions and management

Documento Evaluacion de Seguridad

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Documento Evaluacion de Seguridad

Uploaded by

Copyright:

Available Formats

-DQXDU\ 15, 201

Prepared by Solution Center, Check Point Software Technologies

Prepared for ABC Corp Analysis duration 7 days 7UDɝFLQVSHFWHGE\WKHIROORZLQJ

The following Security Checkup report Malware and Attacks

Data Loss High Risk Web Access

6 96.2GB 409 hits 12.5GB

'5"/ ' # 4"+#&  #

<& ( 

4 +#&  # 

  6"&& ##$ #&$#$37 #8 #6#$966#$## #:

= F = = > ? = C = > ? < > > G <

 $ 8== =? =C =D >E 1 = 9 ?

%7< !" ##!" %7 #&$< #===

(-& # <F=&<H&G&=D !

E GEE <: <&G: =:

EXTENDED MALWARE INCIDENTS (CHECK POINT THREATCLOUD INTELLISTORE)

Top Threats by Feed Feeds by Severity

Mnemonic Malicious domain.bqzei High 52 Sources Anti-Bot

Vendor & Seveity

C&C domain.uteuu High 25 Sources Anti-Bot

C&C domain.vaoek High 19 Sources Anti-Bot ID

Adware domain.qbm High 2 Sources Anti-Bot

Total: 10 Threats High 198 Sources 1 Engine

MalwarePatrol URL hosting a malware High 57 Sources Anti-Bot

Total: 1 Threat High 57 Sources 2 Engines

ID ExploitKit Nuclear.lkfo High 24 Sources Anti-Virus

ExploitKit Nuclear.rqdx High 32 Sources Anti-Virus

MalwareDownload Medium 15 Sources Anti-Virus

ExploitKit Angler.bcncr Medium 7 Sources Anti-Virus

Total: 4 Threats High 78 Sources 1 Engine

Total: 3 Feeds 15 Threats High 333 Sources 2 Engine

MACHINES INFECTED WITH ADWARE AND TOOLBARS

Top Malware Families

Adware Name* Infected Computers**

Adware domain.pzf 3 Computers

Adware domain.qaf 2 Computers

Adware domain.qbm 1 Computer

Adware domain.iqp 1 Computer

Total: 6 Adware  Computers

 '<7 #3@"5  !"#$@"5+# $#

 '<7 #3/#!# !"

>    

E = ? C D <E <= <? <C <D =E == =? =C

 !"$!# $B"7 %76"$!# $$< !"

QRDH[H 8VHU <E&D&E&=<? FDDDDDGFDEI

LQVWDOOBIODVKBSOD\HUH[H 8VHU <E&D&E&=G IEEGFDIDHEEDGD

%  >0  8VHUV -6" 0  <E&D&E&=G

 !"$!# $B"<7 !# $57"

O/**! DF <E&D&E&> >< EEFD >H FD>CH

% >0  8VHU -6"  0  

!# $&#!< !"B" #

 ?8 <<

%  > 

#  =< H=?E = FH?>?=E> ?<= DD=

# ,DE=EED=P  

%71-## #<  6  %76"$<  6 

<F=&<D&>F&F  ? =CH > > & <

%  >7 0<  < # 

  ( 

$ # # 9(C7  +#$6"5&"# -6" (B#

<E&<&E&=<? 1  *     0-,=E<F,EE=F <E&D&E&=<? G?

1  -288  0-,=E<=,E<?< <E&D&E&=<? H

%  > 9(C7   &"# -6" ?

%  >9(C7   &"# ? -6" 

-DQXDU\ 15, 201

'5"/ ' # 4"+#& #

<& (

4 +#& #

6"&& ##$ #&$#$37 #8 #6#$966#$## #:

$ 8== =? =C =D >E 1 = 9 ?

%7< !" ##!" %7 #&$< #===

(-& # <F=&<H&G&=D !

E GEE <: <&G: =:

Total: 6 Adware Computers

'<7 #3@"5 !"#$@"5+# $#

'<7 #3/#!# !"

>

!"$!# $B"7 %76"$!# $$< !"

QRDH[H 8VHU <E&D&E&=<? FDDDDDGFDEI

LQVWDOOBIODVKBSOD\HUH[H 8VHU <E&D&E&=G IEEGFDIDHEEDGD

% >0 8VHUV -6" 0 <E&D&E&=G

!"$!# $B"<7 !# $57"

O/! DF <E&D&E&> >< EEFD >H FD>CH

% >0 8VHU -6" 0

!# $&#!< !"B" #

?8 <<

% >

# =< H=?E = FH?>?=E> ?<= DD=

# ,DE=EED=P

%71-## #< 6 %76"$< 6

<F=&<D&>F&F ? =CH > > & <

% >7 0< < #

(

$ # # 9(C7 +#$6"5&"# -6" (B#

<E&<&E&=<? 1 * 0-,=E<F,EE=F <E&D&E&=<? G?

1 -288 0-,=E<=,E<?< <E&D&E&=<? H

% > 9(C7 &"# -6" ?

% >9(C7 &"# ? -6"

9 # I 0-,=E<G,FGE< <E&<F=&<E&=GE >

;/#1I1. 0-,=E<?,FDD> <E&<GC&<HE&C? =

% > 9(C7 &"# -6" ?

% > # # 9(C7 &"# -6" ?

1

1 1

-2 1 <E&<<C&<FG&<>C C

1 <E&D>&>D&C? =

% > 9(C7 -6"

% > <E&<&<CE&DF

% > # # 9(C7 / ? -6"

RUJEOKHOSHUYUWZLGJHWDSN 8 devices 3 76745ce873b151cfd7260e182cbfd404

6HWWLQJV7RROVDSN 2 devices 1 29dc63afd068dad7a589c680896e5e86

Total: 9 malware files 58 devices 20 downloads )LOHV0'