SlideShare une entreprise Scribd logo
1  sur  39
Télécharger pour lire hors ligne
Application Visibility and Risk
Report for Ekamai International School
INSTRUCTIONS TO SEs (Please delete)


Factory Reset box and upgrade to latest version of PAN-OS before starting AVR



Turn on all Threat Prevention / URL Filtering / Data Filtering / Wildfire



Make sure tapped zone has interesting data – User Zones



Make sure there’s data in all logs / ACC before leaving customer site



Run no more than 3-5 days of data collection



Download Raw Logs from monitor tab for further analysis



Fix presentation date to key stakeholders the following week of the AVR data
collection

2 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Agenda


How was the AVR captured ?



Summary applications found



Business Risks Introduced by High Risk Application Traffic



Top Applications (Bandwidth)



Applications that use HTTP (Port 80)



Top URL Categories



Top Threats



Recommendations

3 | ©2012, Palo Alto Networks. Confidential and Proprietary.
How was the AVR captured ?


Port Mirror



Non-Intrusive



Data Gathering 3-5 days



Report Generation



Report contains no IP information, purely statistic data collection

4 | ©2012, Palo Alto Networks. Confidential and Proprietary.
How was the AVR captured ?

5 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Summary Of Applications Found


Personal applications are being installed and used
 Elevates business and security risks



Applications that can be used to conceal activity
 Hides activity that can be malicious (intended or unintended)



Applications that can lead to data loss
 Security risks, data loss, compliance and copyright infringements



Applications for personal communications
 Productivity loss, compliance and business continuity loss



Bandwidth hogging, time consuming applications
 Consumes corporate bandwidth and employee time

6 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Business Risks Introduced by High Risk Application Traffic

7 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Business Risks Introduced by High Risk Application Traffic

 Data Loss (24%) - application file transfer can lead to data leakage
 Compliance (24%) - ability to evade detection or tunnel other
applications can lead to compliance risks
 Operational Cost (12%) - high bandwidth consumption equates to
increased costs
 Productivity (18%) - social networking and media apps can lead to low
productivity
 Business Continuity (23%) - applications that are prone to malware or
vulnerabilities can introduce business continuity risks.

“Identifying the risks an application poses to is the first step towards
effectively managing the related business risks.”

8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
High Risk Application Traffic – Key Observations
Key observations on the 85 high risk applications:
Activity Concealment:


Proxy (1) and remote access (3) applications were found. In addition, non-VPN related encrypted
tunnel applications were detected.IT savvy employees are using these applications with increasing
frequency to conceal activity and in so doing, can expose EIS tocompliance and data loss risks.

File transfer/data loss/copyright infringement:


P2P applications (12) and browser-based file sharing applications (6) were found. These applications
expose EIS to data loss,possible copyright infringement, compliance risks and can act as a threat
vector.

Personal communications:


A variety of applications that are commonly used for personal communications were found including
instant messaging (8), webmail(6), and VoIP/video (3) conferencing. These types of applications
expose EIS to possible productivity loss, compliance and business continuity risks.

Bandwidth hogging:


Applications that are known to consume excessive bandwidth including photo/video (14), audio (1)
and social networking (11) were detected. These types of applications represent an employee
productivity drain and can consume excessive amounts of bandwidth and can act as potential threat
vectors.

9 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Activity Concealment – Compliance, Data Loss Risks

10 | ©2012, Palo Alto Networks. Confidential and Proprietary.
ACC – Concealment (Example : tor)

11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
File Transfer / Data Loss / Copyright Infringement
- Data Loss, Copyright Infringement, Compliance Risks

12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
ACC – Concealment (Example : bittorrent)

13 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Personal Communications – Productivity Loss, Compliance,
Business Continuity Risks

14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Personal Communications – (Example : Gmail)

15 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – Productivity Loss Risks

16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – (Example : rtmp)

17 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Bandwidth Hogging – (Example : youtube-base)

18 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top 35 Applications (Bandwidth Consumption)

19 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Applications that use HTTP

20 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top URL Categories

21 | ©2012, Palo Alto Networks. Confidential and Proprietary.
URL Sites (example : Social Networking)

22 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Top Application Vulnerabilities

23 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Vulnerability ( SMB: User password Brute-Force Attempt )

24 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Vulnerability ( SMB: User password Brute-Force Attempt )

25 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Spywares and Virus discovered

26 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Spyware and Virus ( Conficker )

27 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Spyware and Virus ( Conficker )

28 | ©2012, Palo Alto Networks. Confidential and Proprietary.
APT / Zero Day Malware Detected by WildFire

29 | ©2012, Palo Alto Networks. Confidential and Proprietary.
APT / Zero Day Malware Detected by WildFire

30 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis

31 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis

32 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis

33 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis

34 | ©2012, Palo Alto Networks. Confidential and Proprietary.
WildFire Malware Analysis

35 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Avr   presentation
Avr   presentation
Recommendations


Implement safe application enablement policies



Address high risk areas such as P2P and browser-based filesharing



Implement policies dictating use of activity concealment applications



Regain control over streaming media applications



Seek Application Visibility and Control

38 | ©2012, Palo Alto Networks. Confidential and Proprietary.
Thank You

Contenu connexe

Tendances

Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsDenim Group
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
What is the UK Cyber Essentials scheme?
What is the  UK Cyber Essentials scheme?What is the  UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificAPNIC
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Benoît H. Dicaire
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Jisc
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139evaleng2
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
WHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & HandlingWHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & HandlingAPNIC
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Jim Meyer
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 

Tendances (19)

Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term Elections
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 
What is the UK Cyber Essentials scheme?
What is the  UK Cyber Essentials scheme?What is the  UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment  - Networkshop44Greenbone vulnerability assessment  - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the Pacific
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
 
Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...Découvrez comment mettre en place un programme de protection des données effi...
Découvrez comment mettre en place un programme de protection des données effi...
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44Dealing with pervasive monitoring - Networkshop44
Dealing with pervasive monitoring - Networkshop44
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
WHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & HandlingWHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & Handling
 
Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?Cybersecurity Framework - What are Pundits Saying?
Cybersecurity Framework - What are Pundits Saying?
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
 

Similaire à Avr presentation

Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Application usage risk_report_2011-05-countries
Application usage risk_report_2011-05-countriesApplication usage risk_report_2011-05-countries
Application usage risk_report_2011-05-countriesHe Hariyadi
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
C7 defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditingC7   defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditingDr. Wilfred Lin (Ph.D.)
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Ramin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedRamin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedHarshitParkar6677
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS  Application Usage & Threat Report 2014PALO ALTO -NETWORKS  Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014Marcello Marchesini
 
How Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxHow Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxRadu Vunvulea
 

Similaire à Avr presentation (20)

Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks IntegrationWireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Application usage risk_report_2011-05-countries
Application usage risk_report_2011-05-countriesApplication usage risk_report_2011-05-countries
Application usage risk_report_2011-05-countries
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
C7 defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditingC7   defending the cloud with monitoring and auditing
C7 defending the cloud with monitoring and auditing
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Ramin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updatedRamin elahi fog_computing_ecosystem_final_dec22_updated
Ramin elahi fog_computing_ecosystem_final_dec22_updated
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
FaceTime Web 2.0
FaceTime Web 2.0FaceTime Web 2.0
FaceTime Web 2.0
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS  Application Usage & Threat Report 2014PALO ALTO -NETWORKS  Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
How Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxHow Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptx
 

Dernier

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Dernier (20)

Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

Avr presentation

  • 1. Application Visibility and Risk Report for Ekamai International School
  • 2. INSTRUCTIONS TO SEs (Please delete)  Factory Reset box and upgrade to latest version of PAN-OS before starting AVR  Turn on all Threat Prevention / URL Filtering / Data Filtering / Wildfire  Make sure tapped zone has interesting data – User Zones  Make sure there’s data in all logs / ACC before leaving customer site  Run no more than 3-5 days of data collection  Download Raw Logs from monitor tab for further analysis  Fix presentation date to key stakeholders the following week of the AVR data collection 2 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 3. Agenda  How was the AVR captured ?  Summary applications found  Business Risks Introduced by High Risk Application Traffic  Top Applications (Bandwidth)  Applications that use HTTP (Port 80)  Top URL Categories  Top Threats  Recommendations 3 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 4. How was the AVR captured ?  Port Mirror  Non-Intrusive  Data Gathering 3-5 days  Report Generation  Report contains no IP information, purely statistic data collection 4 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 5. How was the AVR captured ? 5 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 6. Summary Of Applications Found  Personal applications are being installed and used  Elevates business and security risks  Applications that can be used to conceal activity  Hides activity that can be malicious (intended or unintended)  Applications that can lead to data loss  Security risks, data loss, compliance and copyright infringements  Applications for personal communications  Productivity loss, compliance and business continuity loss  Bandwidth hogging, time consuming applications  Consumes corporate bandwidth and employee time 6 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 7. Business Risks Introduced by High Risk Application Traffic 7 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 8. Business Risks Introduced by High Risk Application Traffic  Data Loss (24%) - application file transfer can lead to data leakage  Compliance (24%) - ability to evade detection or tunnel other applications can lead to compliance risks  Operational Cost (12%) - high bandwidth consumption equates to increased costs  Productivity (18%) - social networking and media apps can lead to low productivity  Business Continuity (23%) - applications that are prone to malware or vulnerabilities can introduce business continuity risks. “Identifying the risks an application poses to is the first step towards effectively managing the related business risks.” 8 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 9. High Risk Application Traffic – Key Observations Key observations on the 85 high risk applications: Activity Concealment:  Proxy (1) and remote access (3) applications were found. In addition, non-VPN related encrypted tunnel applications were detected.IT savvy employees are using these applications with increasing frequency to conceal activity and in so doing, can expose EIS tocompliance and data loss risks. File transfer/data loss/copyright infringement:  P2P applications (12) and browser-based file sharing applications (6) were found. These applications expose EIS to data loss,possible copyright infringement, compliance risks and can act as a threat vector. Personal communications:  A variety of applications that are commonly used for personal communications were found including instant messaging (8), webmail(6), and VoIP/video (3) conferencing. These types of applications expose EIS to possible productivity loss, compliance and business continuity risks. Bandwidth hogging:  Applications that are known to consume excessive bandwidth including photo/video (14), audio (1) and social networking (11) were detected. These types of applications represent an employee productivity drain and can consume excessive amounts of bandwidth and can act as potential threat vectors. 9 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 10. Activity Concealment – Compliance, Data Loss Risks 10 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 11. ACC – Concealment (Example : tor) 11 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 12. File Transfer / Data Loss / Copyright Infringement - Data Loss, Copyright Infringement, Compliance Risks 12 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 13. ACC – Concealment (Example : bittorrent) 13 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 14. Personal Communications – Productivity Loss, Compliance, Business Continuity Risks 14 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 15. Personal Communications – (Example : Gmail) 15 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 16. Bandwidth Hogging – Productivity Loss Risks 16 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 17. Bandwidth Hogging – (Example : rtmp) 17 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 18. Bandwidth Hogging – (Example : youtube-base) 18 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 19. Top 35 Applications (Bandwidth Consumption) 19 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 20. Applications that use HTTP 20 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 21. Top URL Categories 21 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 22. URL Sites (example : Social Networking) 22 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 23. Top Application Vulnerabilities 23 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 24. Vulnerability ( SMB: User password Brute-Force Attempt ) 24 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 25. Vulnerability ( SMB: User password Brute-Force Attempt ) 25 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 26. Spywares and Virus discovered 26 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 27. Spyware and Virus ( Conficker ) 27 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 28. Spyware and Virus ( Conficker ) 28 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 29. APT / Zero Day Malware Detected by WildFire 29 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 30. APT / Zero Day Malware Detected by WildFire 30 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 31. WildFire Malware Analysis 31 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 32. WildFire Malware Analysis 32 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 33. WildFire Malware Analysis 33 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 34. WildFire Malware Analysis 34 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 35. WildFire Malware Analysis 35 | ©2012, Palo Alto Networks. Confidential and Proprietary.
  • 38. Recommendations  Implement safe application enablement policies  Address high risk areas such as P2P and browser-based filesharing  Implement policies dictating use of activity concealment applications  Regain control over streaming media applications  Seek Application Visibility and Control 38 | ©2012, Palo Alto Networks. Confidential and Proprietary.

Notes de l'éditeur

  1. Personal applications are being installed and used on the network - End-users are installing and using a variety of non-work related applications that can elevate business and security risksApplications that can be used to conceal activity were found -IT savvy employees are using applications that can conceal their activity. Examples of these types of applications include external proxies, remote desktop access and non-VPN related encrypted tunnel. Visibility into who is using these applications, and for what purpose should be investigated.Applications that can lead to data loss were detected -File transfer applications (peer-to-peer and/or browser-based) are in use, exposing QLifeStyle to significant security, data loss, compliance and possible copyright infringement risks. Applications used for personal communications were found -Employees are using a variety of applications that enable personal communications. Examples include instant messaging, webmail, and VoIP/video conferencing. These types of applications can introduce productivity loss, compliance and business continuity risks. Bandwidth hogging, time consuming applications are in use -Media and social networking applications were found. Both of these types of applications are known to consume corporate bandwidth and employee time.
  2. <instructions>Pull graph from reportProductivity Risk to productivity stems from misuse. This can take two forms: ·  Employees are using non-work-related applications instead of doing their job (e.g. Myspace, Facebook, personal email, blogging) ·  Non-work applications consume so much bandwidth that legitimate applications function poorly (e.g., YouTube, streaming/HTTP audio) Compliance Most organizations must comply with an array of government and business regulations – in the US, this includes GLBA, HIPAA, FD, SOX, FISMA, and PCI. Most of these focus on safeguarding an organization’s operational, financial, customer, or employee data. Certain applications represent significant threats to that information – either themselves or with the threats that target them (e.g., BitTorrent and MySpace, respectively). Any application that can transfer files (webmail, Skype, IM) can represent significant compliance issues. Operational Costs Risks to operational costs come in two flavors – one, having applications and infrastructure that is used inappropriately to such an extent that more must be bought (e.g., WAN circuits upgraded due to streaming video) to ensure that business processes work, and two, incidents and exploits resulting in IT expense (e.g., rebuilding servers or networks following a security incident involving an exploit or virus). Business Continuity Business continuity risks refer to applications (or the threats they carry) that can bring down or otherwise make unavailable critical components of certain business processes. Examples include email, transaction processing applications, or public-facing applications harmed by threats or effectively denied service via excessive consumption of resources by non-business applications. Data Loss The risk of data loss is the traditional information security set of risks – those associated with the theft, leakage, or destruction of data. Examples include many public thefts of customer data, theft or inadvertent leak of intellectual property, or destruction of data due to a security threat/breach. A variety of threats play a role, including exploits borne by applications (e.g., Facebook, Kazaa, IM, webmail), and non-business-related applications running on enterprise resources (e.g., BitTorrent, IM).
  3. <instructions>Change X% based on report
  4. <instructions>Cut and paste from report (key observations on the high risk applications)Highlight all numbers in red
  5. <instructions>Cut and paste from report (high risk applications) – Eg proxy , remote-accessHighlight applications that conceal activity , explain what harm those applications can do.
  6. <instructions>Highlight one or some application1. Explain the application 2. Show the IP (source / Destination) and Users3. Show which country it’s from
  7. <instructions>Cut and paste from report (high risk applications) – Eg file-sharingHighlight applications that does file transfers/data loss/ copyright infringement , explain what harm those applications can do.
  8. <instructions>Highlight one or some application1. Explain the application 2. Show the IP and Users3. Show which country it’s from
  9. <instructions>Cut and paste from report (high risk applications) – Eg collaborationHighlight applications that does personal communication, explain what harm those applications can do.
  10. <instructions>Go to the logs and filter based on email applicationExtract logs with file names, users information and application
  11. <instructions>Cut and paste from report (high risk applications) – Eg mediaHighlight applications that does bandwidth hogging, explain what harm those applications can do.
  12. <instructions>1. Explain the application 2. Show the IP and Users3. Show which country it’s from
  13. <instructions>1. Explain the application 2. Show the IP and Users3. Show which country it’s from
  14. <instructions>Cut and paste from top 35 applicationsHighlight applications that consumes a lot of bandwidth and lead to productivity loss
  15. <instructions>Cut and paste from top 35 applicationsThe top 25 applications (based on bandwidth consumed) that use HTTP in some way, shape or form are shown below. Many business applications use HTTP as a means to speed deployment and simplify access while non-business applications may use it to bypass security. Knowing exactly which applications that use HTTP is a critical datapoint when assembling an application enablement policy.
  16. <instructions>Cut and paste from top URL CategoriesHighlight the categories that the customer should not be seeing in his network – eg porn, streaming media
  17. <<instructions>1. Explain the application 2. Show the IP and Users3. Show which country it’s from
  18. <instructions>Cut and paste from threatsLook out for critical threats and explain to the customer what harm critical threats can do to the networkMake sure it’s not a false positive
  19. <instructions>Research the threat that you are highlighting to explain the vulnerability that is critical to the customer.Make sure it’s not a false positive
  20. <instructions>Cut and paste from ACC screenHighlight threats , attackers and users
  21. <instructions>Research the threat that you are highlighting to explain the vulnerability that is critical to the customer.Make sure it’s not a false positive
  22. <instructions>Cut and paste from ACC screenHighlight threats , attackers and users
  23. <instructions>Copy from AVR report “Sample Malware detected by WildFire”APT – Advance Persistence Threat
  24. <instructions>Copy from AVR report “Sample Malware detected by WildFire”APT – Advance Persistence Threat
  25. <instructions>Copy from wildfire logs and view wildfire reportExplain the significance of the Zero day attackAPT – Advance Persistence Threat
  26. <instructions>Copy from wildfire logs and view wildfire reportExplain the significance of the Zero day attack
  27. <instructions>Copy from wildfire logs and view wildfire reportExplain the significance of the Zero day attack
  28. <instructions>Copy from wildfire logs and view wildfire reportExplain the significance of the Zero day attack
  29. <instructions>Generate summary report from the GUIMonitor tab -> Reports -> Prefined reports (select day that is most active)To demonstrate the kind of management summary reports we can generate
  30. <instructions>Modify accordingly