Professional Documents
Culture Documents
Documento Evaluacion de Seguridad
Documento Evaluacion de Seguridad
Table of Contents
EXECUTIVE SUMMARY
KEY FINDINGS
MALWARE & ATTACKS
HIGH RISK WEB ACCESS
DATA LOSS
02%Ζ/(7+5($76
ENDPOINTS
BANDWIDTH ANALYSIS
&+(&.32Ζ17Ζ1)Ζ1Ζ7<
CHECK POINT Ζ1)Ζ1Ζ7<
ABOUT CHECK POINT
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
EXECUTIVE SUMMARY 2
conducted in your network.
known malware
The report uncovers where your organization
LVH[SRVHGWRVHFXULW\WKUHDWVDQGRIIHUV computers infected downloaded by unique software
vulnerabilities were
recommendations to address these risks.
7RDVVHVVULVNQHWZRUNWUDIILFZDVLQVSHFWHG
with bots
users attempted to be exploited
by Check Point to detect a variety of security
downloaded
threats, including: malware infections, usage
communications new malware
of high risk web applications, intrusion
with C&C* sites
attempts, loss of sensitive data, and more.
* C&C - Command and Control. New malware variant is a zero-day attack or Indicates potential attacks on computers on
If proxy is deployed, there might be additional malicious code with no known anti-virus signature. your network.
infected computers.
114 18 22 15
potential data high risk web high risk web cloud
loss incidents applications sites applications
©Check
©CheckPoint
PointSoftware
SoftwareTechnologies
TechnologiesLtd.
Ltd.AllAllrights
rightsreserved.
reserved. Classification: [Restricted][Restricted]
Classification: ONLY for designated groups andgroups
ONLY for designated individuals
and individuals Security
Security Checkup
Checkup - Threat
- Threat Analysis
Analysis Report
Report
Key Findings
:-+8!!" +-(:%%;!
#
)URPHDUO\
WR 2 &
# 4 72
#
LPSURYHQ &
4 @ A # B #
4"+#& # #
?&
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
' +1(-+10('%(+% (-;2%-
# & 2# 3
3 #@*A &
# @A& &
(-&2 7 <F=&<D&==&=C ! <F=&<H&G&=D
4" #
% >0< ? !" V '<76" <F=&<D&E&><
% 57
<F=&<D&<CE&?E
<F=&<D&E&=
4 K # L M&L M&L M&L#M8 3
&, &
44 @ A &
444 , &
$ % &# & '( )* !%+ # , (
KEY FINDINGS MALWARE & ATTACKS
* For more information on Check Point ThreatCloud IntelliStore please refer to http://www.checkpoint.com/products/threatcloud-intellistore/
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS MALWARE & ATTACKS
Adware.Win32.MyWay.A 1 Computer
Adware.Win32.Staser.A 1 Computer
* Check Point’s malware naming convention: <malware type>.<operating system>.<malware family>.<variant> For more details on specific malware, search on www.threat-cloud.com
** The total number of infected computers (sources) presents distinct computers
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
:-+8!!" 1%*/1%1"!
<EE
GE
E
- 7 A? =<3=E<F =>3=E<F =G3=E<F =F3=E<F =H3=E<F 2A? *>3=E<F *G3=E<F
<
E
- 7 A? =<3=E<F =>3=E<F =G3=E<F =F3=E<F =H3=E<F 2A? *>3=E<F *G3=E<F
4
%7 7#
-(
<>
<G
=
G
C
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
(212-8/121(:
9 3 2 # &
3 , # &
&:
2 ,# &
E < =
4 + J1G 0 #&# &
'>MFGN)
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
212-201((,+1%-8*1/121(:
9 , 3 # # 2 3
Q Q& @ A2 3 ## 2 3 2
& 7# 2 # # &
3 , # & #
&
6$!# $57"
/
@ 2 A
'<N)
#
! FG >> =E <? GH<G>?
@
=E<F,<E,E< <F=&<F&E&> == > DGHE>> DC<FCFHC ?E H
"&1%9( ;
, =&F <H 81G
-&ED>DA 'HHN)
#
! H<&=?>&<FG&<G EH GC E <GG>C <?GFE G ?
@
=E<F,<E,E= <==&<C?&=>C&< =E =G <CCF EE== < ECH> F >
"&1%9( ;
, =&F <F=&<F&E&> <G 81G %7< 6& 57
-&EG><A
16<"&
# 0 % 57 !# $
! =FD< D FF?>F== E?>=C<= 0
@
=E<F,<E,E= <F=&<F&E&> <H =< H=?E = FH?>?=E> ?<=
"&1%9( ; F ><F8 G=C
, >&F <> 81G
-&E EA
D8 <<
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
+#&$0
7 6 B '#& $# !# $ = 4"
1<
1<E>P=E<FEH=H& #
D?&>D&<>=&<>< @ ; = HE=GHC<F D <C >GE?HF = EC=F
"&1%9(-&<GA
'#& $#
% > 0 ? 7 6 B 0 -"B
B
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
''(--%2-+%(-/121%2'21%+1(
* 3 #
& # &
&
<F=&<D&E&>< & F
(
2& ,<&
<E&<&E&><
&
<F=&<D&E&= #& #& G
(
2& ,<&
<F=&<H&E&<?G & ?
<F=&<D&>&DH ( 2& ,<& = <E&<&E&=
<E&<&>&DH
%7 %%49-## #< 6
(#$34 #+4 !"0< 5 < #
<F=&<D&=&<H
SS & ST#U>5U5 U9!<
<F=&<D&=&=E
SS & & S &T QUDE=<5 Q
<F=&<D&=&C? <E&<&>F&<>
SS & ST#U>5U 5 U9 >E
<F=&<D&>&?
SS & ST#U>5U5 U9!C
<F=&<D&>&GE
SS & ST#U>5U 5 U9!
<=
<F=&<D&>&>>
<F=&<D&>&DH SS2& ,<& S T UHG>G=5UPFC7 <E&<&>&>>
<F=&<D&=E&>< ( SS2& ,<& S T UF=EDH5U((.( C
<F=&<D&=E&D= SS2& ,<& S T UHFGGF5UPFC7
<F=&<D&>F&<>
% >7 0< < # E = ? C D
;
<RXFDQDQDO\]HVXVSLFLRXV85/VE\FRS\LQJDQGSDVWLQJWKHPLQWR9LUXV7RWDORQOLQHVHUYLFHDWZZZYLUXVWRWDOFRP
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
%%'/-1()42+%(-20%(,*1(++%+(-
3 2 # #S & 3
3 2 # & #
&
%7#$C7 $&!"B6 #" %7" $#$37 #
+#$6"5
$ # # 9(C7 -6" (B#
&"#
<E&<&E&DD
<E&<&E&DD 9 # 0-,=E<G,FGE< <E&<F?&<?E&F? =?
I <E&<<C&<HG&D
( % >-6"
<E&<&E&=<?
-2
= 0-,=E<F,GC>D <E&<<=&<E&=GE =D <E&=F&<HG&D
,
( % > -6" <E&<&E&<ED
-2
;/#1 0-,=E<?,FDD> <E&<GC&<HE&C? E =E ?E CE DE <EE <=E
<
!
I1.
% >-6"
% > 9 %7',(
&"# -6"
(C7
<E&<<C&<HG&D !#1 0-,=E<>,G=<< <E&===&H?&GD ==
0-,=E<G,FGE<
% > -6"
0-,=E<C,=<EF
4 + # 0- 0-,=E<F,EE=F
# SS & & S S
E GE <EE <GE
!
$ % &# & '( )* !%+ # , (
:-+8!!" 1%9(-!:
$ % &# & '( )* !%+ # , (
:-+8!!" -(0-(-.%*-*!;-:*!:!*9%-"-
%%'/-1()42+%(-20%(,*1(++%+(-
# #&
%7#$C7 $B6 #" $# #"# $B " %7" $#$37 #
9(C7 -6" (B#
# #
<E&<&E&<GH
<E&<&E&<GH -2 1 <E&D&E&> <G?
9 ;8 % <E&<<C&<HG&D
<E&D&E&=<? <H
% >9(C7 -6" <E&=F&<HG&D
<E&<&E&== 1 1 <E&=&<FG&=E <
(
<E&>&<EF&FC < <E&<&<CE&=E?
$ % &# & '( )* !%+ # , (
:-+8!!" !!--(0-(
%%'/-1()42+%(-20%(,*1(++%+(-
3 2 # #S & 3
3 2 # & #&
%7##$"B"
% " #$37 # 9(C7 (B# -6"
<E&<&DG&=> <E&>&<FD&F
0 D<D <E&?&GH&G?
<F<
<E&H<&?C&<=?
6- <F <E&<E?&?G&=?G
?
% >? 9(C7 -6"
<E&<&DG&== <E&>&<FD&F
0 D=< <E&?&GH&G?
<FE
<E&H<&?C&<=?
6- <F <E&<E?&?G&=?G
G
% >9(C7 ? -6"
<E&<&DG&=< <E&>&<FD&F
0 D=E <E&?&GH&G?
<F>
<E&H<&?C&<=?
6- <> <E&<E?&?G&=?G
>
% >9(C7 -6"
$ % &# & '( )* !%+ # , (
KEY FINDINGS MALWARE & ATTACKS
DDOS ATTACKS
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate.
This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed
Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security
analysis, DDoS attacks were detected. The following summarizes the events.
Total: 14 Protections Critical 118 Sources 64 Destinations 70.4 K Total: 16 Countries 56.6K
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS HIGH RISK WEB ACCESS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS HIGH RISK WEB ACCESS
buogbvd.com 19 Users 19
br46cy78son.net 13 Users 7
dq4cmdrzqp.biz 8 Users 1
050h.com 9 Users 5
123carnival.com 5 Users 5
0hm.net 1 User 3
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS DATA LOSS
Summary
74.3K total emails scanned 2 emails with data loss incidents 114 web data loss incidents
Top Data Types Incidents by Protocol
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS DATA LOSS
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS SCADA COMMUNICATIONS
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded
signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for
security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols
were detected on your network.
SCADA Communications
46 23 9 33
Sources Destinations Commands Ports
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
.(<)Ζ1'Ζ1*6 02%Ζ/(7+5($76
7KHIROORZLQJ6HFXULW\&KHFNXSUHSRUWSUHVHQWVWKHȴQGLQJVRIDVHFXULW\
assessment conducted in your network. The report focuses on mobile 547 Android devices
WKUHDWVDQGXQFRYHUVZKHUH\RXURUJDQL]DWLRQLVH[SRVHGWRWKHPDQGRHUV
7RDVVHVVULVNQHWZRUNWUDɝFZDVLQVSHFWHGE\&KHFN3RLQWWRGHWHFWD
YDULHW\RIVHFXULW\WKUHDWVLQFOXGLQJPRELOHPDOZDUHLQIHFWLRQVXVDJH
979GB
DQGGRZQORDGVRIKLJKULVNPRELOHDSSVGRZQORDGRIPDOLFLRXVPRELOH WRWDOPRELOHWUDɝF
DSSOLFDWLRQVRXWGDWHGPRELOHRSHUDWLQJV\VWHPVDQGPRUH
30 18 201 20
cloud mobile KLJKULVNPRELOHDSSV KLJKULVNZHEVLWHV downloads of
apps malicious apps
and malware
19GB WUDɝF
9GB WUDɝF 855 hits
13
infected devices
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS 02%Ζ/(7+5($76
Bosua 3 devices 45
+XPPLQJ%DG 2 devices 33
606$JHQW$ 2 devices 26
SmsThief 1 device 7
606$JHQW% 1 device 3
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS 02%Ζ/(7+5($76
Malware downloads
Malware* Downloaded by Downloads MD5
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS 02%Ζ/(7+5($76
Spy2Mobile +LJK 22 2 GB
Bosspy +LJK 19 1 GB
MobiStealth +LJK 2 59 MB
7DON/RJ9 +LJK 1 56 MB
Total: 1 category 18 apps 87 9 GB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
7-+6!!" 02%Ζ/(7+5($76
&3 & D
D1
& &DD &
&, &D@DH=:@@ =E
& & DD
< =< :< A< >< @<<
&& DD=<@C 2
& & D >@1 / @<:
3 &
3&
@& #& D D=<@=D # CI * ** @; * ' * *
@H " # : ((
) 5
8=::=9 "5
<&&
3& &D 3 3 =@=:<< E&H"
& D DB ECH<< H@<&>1
& &
" <@<<< @@&:1
J, &
&3 &DD & A@1 / ;E 2 <<@<< A:&<7
& &3 = ) = = 2"
# &
;=H :;<E AEA;C 3
&
@A
$ % &# & '( )* !%+ # , (
KEY FINDINGS ENDPOINTS
23 19 34 44 55
received email
running accessed high infected downloaded
containing link to
high risk risk websites with malware malware
malicious site
applications
22
servers attacked
22 14 15
users accessed users involved in accessed a site
questionable,
non-business
potential data loss
incidents
known to contain
malware
attacked 23
endpoints clients attacked
related websites
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
KEY FINDINGS BANDWIDTH ANALYSIS
Windows Update Software Update 1 Very Low 623 Sources 4.7GB Traffic by Protocol
Server Message Block (SMB) Network Protocols 1 Very Low 491 Sources 3.7GB https
Skype VoIP 3 Medium 475 Sources 2.3GB http
POP3S
bestday.com Travel - Unknown 232 Sources 2.3GB
MS-SQL-Server
SMTP Protocol Network Protocols 3 Medium 248 Sources 2.2GB Microsoft-ds
Google Services Computers / Internet 2 Low 437 Sources 1.9GB TCP/13000
UDP/40025
Microsoft Dynamics CRM Business Application 1 Very Low 3 Sources 1.7GB
TCP/587
Facebook Social Network 2 Low 226 Sources 1.6GB
UPD/3389
oloadcdn.net Computers / Internet - Unknown 3 Sources 1.5GB IMAP-SSL
Server Message Block (SMB)-write Network Protocols 1 Very Low 33 Sources 1.2GB 0B 100GB 200GB
Gmail Email 3 Medium 55 Sources 1.1GB
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
&+(&.32Ζ17
Ζ1)Ζ1Ζ7<
CHECK POINT INFINITY
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT INFINITY
PREEMPTIVE CYBER SECURITY CONSOLIDATED SECURITY Future-proof your business and ensure
Deploying security which is based on MANAGEMENT business continuity with the architecture that
detection and followed by remediation is Managing the entire security network is often keeps you protected against any threat,
costly and inefficient, since it allows attackers complicated and demands high level of anytime and anywhere.
toinfiltrate the network and cause damage human expertise. Check Point Infinity,
before remediation is done. powered by R80.x security management BENEFITS
Check Point Infinity prevents known and version, brings all security protections and í Prevention-driven cyber security, powered
zero-day unknown threats from penetrating functions under one umbrella, with a single by the most advanced threat prevention
the network with SandBlast product family, console which enables easier operation and solutions against known and unknown
saving time and the costs associated with more efficient management of the entire threats.
remediating the damages. security network. í Consistent security across all Check Point
SandBlast solutions include over 30 different The single console introduces unparalleled components with shared threat intelligence
innovative technologies and additional granular control and consistent security, and across networks, cloud and mobile.
prevention capabilities across all provides rich policy management which í Unified and efficient management of the
environments: enables delegation of policies within the entire security network through a single
enterprise. pane of glass.
í Network-based threat prevention for The unified management, based on modular í Rich integrations with 3rd party solutions
security gateways with best-in-class IPS, policy management and rich integrations with flexible APIs.
AV, post-infection BOT prevention, network with 3rd party solutions through flexible
Sandboxing (threat emulation) and malware APIs, enables automation of routine tasks to
sanitation with Threat Extraction. increase operational efficiencies, freeing up
í SandBlast Agent endpoint detection and security teams to focus on strategic security
response solution with forensics, rather than repetitive tasks.
anti-ransomware, AV, post-infection BOT
prevention and Sandboxing on the endpoint. SUMMARY
í SandBlast Mobile advanced threat Preventing the next cyber-attack is a possible
prevention for mobile devices protects from mission. Check Point has the most advanced
threats on the device (OS), in apps, and in technologies and threat prevention
the network, and delivers the industry’s solutions for the entire IT infrastructure.
highest threat catch rate for iOS and Check Point Infinity architecture unifies the
Android. entire IT security, providing real-time shared
í SandBlast for Office365 cloud, part of threat intelligence and a preemptive
Check Point’s cloud security offerings. protection – all managed by a single,
consolidated console.
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report
CHECK POINT
©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report