Professional Documents
Culture Documents
Application and Risk Analysis-2023-04-28-0959_9093
Application and Risk Analysis-2023-04-28-0959_9093
Fortinet Inc. All rights reserved. Created on: April 28, 2023 11:24
Table of Contents
Client Reputation 6
Top Users By Reputation Scores 6
Top Devices By Reputation Scores 6
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 1 of 21
Appendix A 21
Devices 21
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 2 of 21
Application Control and Assessing Risks
Application Visibility is Critical
Backed by FortiGuard
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 3 of 21
Top Application Users By Bandwidth
This chart provides information about the users who are creating the most network traffic in terms of bandwidth
usage. It helps the network manager to identify users that are potentially abusing network usage or creating traffic
that does not comply with internal security policies. The following chart displays the top 20 users by bandwidth
usage.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 4 of 21
Top Application Users By Sessions
The Top Users In Terms of Sessions section illustrates the quantity of network users who are opening the highest
number of connections. This is a critical value because some users could open much more sessions than they are
suppose to. Statistics on the amount of sessions a user has opened and the memory space used by these sessions
is recorded in the FortiGate. The following chart displays the top 20 users by the number of sessions.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 5 of 21
Client Reputation
The Security scan types available on FortiGate units are varied and tailored to detect specific attacks. However,
sometimes user/client behavior can increase the risk of attack or infection. For example, if one of your network
clients receives email viruses on a daily basis while no other clients receive these attachments, extra measures may
be required to protect the client, or a discussion with the user about this issue may be worthwhile. Before you can
decide on a course of action, you need to know the problem is occurring. Client reputation can provide this
information by tracking client behavior and reporting on activities that you determine are risky or otherwise
noteworthy.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 6 of 21
Application Usage By Category
As part of the traffic classification process, the FortiGate Top 10 Application Categories by Bandwidth
identifies and categorizes the applications crossing the Usage
network into different categories based on the number
21.42% Network.Service (7.09 TB)
of sessions and bandwidth. This data complements the 18.32% Update (6.07 TB)
granular application threat data and provides a more 16.08% Collaboration (5.32 TB)
12.52% General.Interest (4.14 TB)
complete summary of the types of applications in use on
9.75% Web.Client (3.23 TB)
the network. 7.44% Storage.Backup (2.46 TB)
5.23% Video/Audio (1.73 TB)
2.86% Social.Media (969.77 GB)
2.58% Unknown (875.63 GB)
2.58% Email (874.42 GB)
1.22% Others (414.89 GB)
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 7 of 21
Applications Detected by Risk Behavior
Modern security organizations need increasingly complex security processes in place to handle the myriad
applications in use on the network and in the data center. The problem is determining which applications in your
environment are most likely to cause harm. The following charts provide a breakdown of the high risk applications
identified on the network. It has been determined by FortiGuard Labs that these applications represent possible
vectors for data compromise, network intrusion, or a reduction in network performance.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 8 of 21
Key Applications Crossing The Network
This part of the PoC Security Report offers a summary of the key applications crossing the network based on the
amount of bandwidth they are using and then sorted into different application types. It provides a high level view of
the types of application that are used most commonly across the network.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 9 of 21
Applications Running Over HTTP
This section provides an overview of applications crossing the network that use HTTP. Software updates, error
reporting or help guides are used by different business applications as a means of improving the overall user
experience. Social networks, streaming video or audio, file sharing are among the most common non-business
applications that use HTTP. Assessing the number and type of applications that use HTTP provides a critical part of
developing an efficient network security strategy.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 10 of 21
Top Web Categories Visited By Network Users
User browsing habits can not only be indicative of Top Web Categories By Sessions
inefficient use of corporate resources, but can also
42.49% Proxy Avoidance (239,062 )
indicate an inefficient optimization of web filtering 25.92% Unrated (145,845 )
policies. It can also give some insight into the general 14.17% Hacking (79,727 )
8.52% Phishing (47,912 )
web browsing habits of corporate users and assist in
4.92% Dating (27,700 )
defining corporate compliance guidelines. This chart 1.78% Malicious Websites (9,997 )
details web categories by the number of times URLs 0.55% Spam URLs (3,116 )
within those categories were requested and by the 0.53% Other Adult Materials (2,965 )
0.42% Pornography (2,361 )
number of bandwidth used. 0.40% Newly Registered Domain (2,266 )
0.31% Others (1,719 )
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 11 of 21
Top Web Sites Visited By Network Users
Identifying and managing the top URLs visited by network users provides greater visibility and control, and
subsequently, better network security. By leveraging Fortinet threat prevention, application control and URL filter
technologies, the volume of web sites by category can be reviewed and strategies put in place to prevent users
accessing sites considered to be a risk to overall network security.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 12 of 21
Top Destination Countries By Browsing Time
The following chart shows the distribution of web traffic according to the destination country. This chart offers the
possibility to the network administrator to analyze which countries web sites are visited for longer time. The
administrator can then decide to create security policy based on Geo-location.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 13 of 21
Top Web Sites By Browsing Time
The following chart shows the web sites that users visit for longer time. The administrator can then decide to create
security policy to mitigate or block web sites access, accordingly to internal corporate policy.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 14 of 21
Top Threats Crossing The Network
By individually reviewing both the applications and traffic Top Threat Crossing The Network
flows crossing the network, threat vector identification
and prevention becomes easier. Threat prevention
technologies filter the total number of applications and
82.29% Critical (123,155 )
traffic crossing the network down to those applications
8.85% high (13,245 )
or packets that pose a potential risk, picking up threat 5.30% low (7,936 )
vectors such as spyware, application vulnerabilities or 3.56% medium (5,328 )
viruses. The result is improved overall network
performance and lower network latency.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 15 of 21
Top High Threats Crossing The Network
# Attack Name Reference Total Num
1 Multiple.Routers.GPON.formLogin.Remote.Comm http://www.fortinet.com/ids/VID5258 2,825
and.Injection 8
2 MS.Office.EQNEDT32.EXE.Equation.Parsing.Memor http://www.fortinet.com/ids/VID4494 1,917
y.Corruption 7
3 AndroxGh0st.Malware http://www.fortinet.com/ids/VID5256 1,555
7
4 Web.Server.Password.File.Access http://www.fortinet.com/ids/VID4333 1,102
6
5 Mirai.Botnet http://www.fortinet.com/ids/VID4319 922
1
6 Bot.Network.Malicious.PHP.Upload http://www.fortinet.com/ids/VID4457 908
9
7 PHP.Malicious.Shell http://www.fortinet.com/ids/VID4458 784
0
8 HTTP.URI.SQL.Injection http://www.fortinet.com/ids/VID1562 700
1
9 Apache.HTTP.Server.cgi-bin.Path.Traversal http://www.fortinet.com/ids/VID5082 627
5
10 Generic.XXE.Detection http://www.fortinet.com/ids/VID3241 604
6
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 16 of 21
Top Low Threats Crossing The Network
# Attack Name Reference Total Num
1 ZGrab.Scanner http://www.fortinet.com/ids/VID48805 5,222
2 Censys.io.Scanner http://www.fortinet.com/ids/VID50899 1,636
3 Muieblackcat.Scanner http://www.fortinet.com/ids/VID40582 525
4 Nmap.Script.Scanner http://www.fortinet.com/ids/VID45360 361
5 Masscan.Scanner http://www.fortinet.com/ids/VID44778 159
6 Atlassian.Jira.Server.Dashboard.Config.Information. http://www.fortinet.com/ids/VID48313 29
Disclosure
7 ffuf.Web.Fuzzer http://www.fortinet.com/ids/VID48818 4
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 17 of 21
Top 20 Viruses Crossing The Network
As the FortiGate scans the network, it provides information about the viruses that are crossing the network. The
Fortigate is able to apply different strategies in order to detect malware: - Signatures: Fortinet's Compact Pattern
Recognition Language (CPRL) - Heuristics: These are applied to: * file structure; * API call. The FortiGate's antivirus
engine provides two main capabilities: Decompression allows embedded files to be extracted; Emulation allows the
hidden layers of malicious file of be extracted.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 18 of 21
Top Virus Victims
This counter provides information about which network users are more prone to infection from viruses. This
enables direct identification of the host(s) that are creating sources of malicious traffic on the network. The
following chart displays the counter of the number of viruses per end user.
Malwares Discovered
# Day Malware
1 2023-04-26 318
2 2023-04-27 183
3 2023-04-25 129
4 2023-04-24 92
5 2023-04-19 86
6 2023-04-08 50
7 2023-04-22 34
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 19 of 21
Data Loss Prevention Events
Fortinet Data Loss Prevention solution uses sophisticated pattern matching techniques and user identity to detect
and prevent unauthorized communication of sensitive information and files through the network perimeter.
Fortinet DLP features include fingerprinting of document files and document file sources, multiple inspection modes
(proxy and flow-based), enhanced pattern matching and data archiving. Let's remember that data loss events
continue to increase every year, resulting in fines, penalties and loss of revenue for companies worldwide. Many
data loss events are caused by trusted employees who frequently send sensitive data into untrusted zones, either
intentionally or by accident.
Notes
Traffic sessions that are not scanned by the Application Control engine are excluded from application category related
charts in this report. Please enable Application Control to allow application traffic to be properly identified/secured on your
network.
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 20 of 21
Appendix A
Devices
F500e
F600E_Master
Application and Risk Analysis (by aaguayo) - FortiAnalyzer Host Name: FAZ200D page 21 of 21