Upload
-
View
253
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Application Visibility and Risk Report for Ekamai International School
INSTRUCTIONS TO SEs (Please delete)
Factory Reset box and upgrade to latest version of PAN-OS before starting AVR
Turn on all Threat Prevention / URL Filtering / Data Filtering / Wildfire
Make sure tapped zone has interesting data – User Zones
Make sure there’s data in all logs / ACC before leaving customer site
Run no more than 3-5 days of data collection
Download Raw Logs from monitor tab for further analysis
Fix presentation date to key stakeholders the following week of the AVR data collection
2 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Agenda
How was the AVR captured ?
Summary applications found
Business Risks Introduced by High Risk Application Traffic
Top Applications (Bandwidth)
Applications that use HTTP (Port 80)
Top URL Categories
Top Threats
Recommendations
3 | ©2012, Palo Alto Networks. Confidential and Proprietary.
How was the AVR captured ?
Port Mirror
Non-Intrusive
Data Gathering 3-5 days
Report Generation
Report contains no IP information, purely statistic data collection
4 | ©2012, Palo Alto Networks. Confidential and Proprietary.
How was the AVR captured ?
5 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Summary Of Applications Found
Personal applications are being installed and used Elevates business and security risks
Applications that can be used to conceal activity Hides activity that can be malicious (intended or unintended)
Applications that can lead to data loss Security risks, data loss, compliance and copyright infringements
Applications for personal communications Productivity loss, compliance and business continuity loss
Bandwidth hogging, time consuming applications Consumes corporate bandwidth and employee time
6 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Business Risks Introduced by High Risk Application Traffic
7 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Business Risks Introduced by High Risk Application Traffic
Data Loss (24%) - application file transfer can lead to data leakage
Compliance (24%) - ability to evade detection or tunnel other applications can lead to compliance risks
Operational Cost (12%) - high bandwidth consumption equates to increased costs
Productivity (18%) - social networking and media apps can lead to low productivity
Business Continuity (23%) - applications that are prone to malware or vulnerabilities can introduce business continuity risks.
“Identifying the risks an application poses to is the first step towards effectively managing the related business risks.”
8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
High Risk Application Traffic – Key Observations
Key observations on the 85 high risk applications:
Activity Concealment:
Proxy (1) and remote access (3) applications were found. In addition, non-VPN related encrypted tunnel applications were detected.IT savvy employees are using these applications with increasing frequency to conceal activity and in so doing, can expose EIS tocompliance and data loss risks.
File transfer/data loss/copyright infringement:
P2P applications (12) and browser-based file sharing applications (6) were found. These applications expose EIS to data loss,possible copyright infringement, compliance risks and can act as a threat vector.
Personal communications:
A variety of applications that are commonly used for personal communications were found including instant messaging (8), webmail(6), and VoIP/video (3) conferencing. These types of applications expose EIS to possible productivity loss, compliance and business continuity risks.
Bandwidth hogging:
Applications that are known to consume excessive bandwidth including photo/video (14), audio (1) and social networking (11) were detected. These types of applications represent an employee productivity drain and can consume excessive amounts of bandwidth and can act as potential threat vectors.
9 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Activity Concealment – Compliance, Data Loss Risks
10 | ©2012, Palo Alto Networks. Confidential and Proprietary.
ACC – Concealment (Example : tor)
11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
File Transfer / Data Loss / Copyright Infringement- Data Loss, Copyright Infringement, Compliance Risks
12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
ACC – Concealment (Example : bittorrent)
13 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Personal Communications – Productivity Loss, Compliance, Business Continuity Risks
14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Personal Communications – (Example : Gmail)
15 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – Productivity Loss Risks
16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – (Example : rtmp)
17 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – (Example : youtube-base)
18 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top 35 Applications (Bandwidth Consumption)
19 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Applications that use HTTP
20 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top URL Categories
21 | ©2012, Palo Alto Networks. Confidential and Proprietary.
URL Sites (example : Social Networking)
22 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top Application Vulnerabilities
23 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Vulnerability ( SMB: User password Brute-Force Attempt )
Research from Internet – Google, Yahoo, Ect
24 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Extract from ACC
Vulnerability ( SMB: User password Brute-Force Attempt )
25 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Spywares and Virus discovered
26 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Spyware and Virus ( Conficker )
27 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Extract from ACC
Spyware and Virus ( Conficker )
28 | ©2012, Palo Alto Networks. Confidential and Proprietary.
APT / Zero Day Malware Detected by WildFire
29 | ©2012, Palo Alto Networks. Confidential and Proprietary.
APT / Zero Day Malware Detected by WildFire
30 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis
31 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis
32 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis
33 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis
34 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis
35 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Recommendations
Implement safe application enablement policies
Address high risk areas such as P2P and browser-based filesharing
Implement policies dictating use of activity concealment applications
Regain control over streaming media applications
Seek Application Visibility and Control
38 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Thank You