Executive Summary Report

Report generated 2015-06-18 15:18:55 (America/Sao_Paulo)

Complete Visibility into network traffic and security events boosts efficiency, productivity, and profitability. The
summary report provides the business intelligence that you need to support key goals:

♦ Ensure productive use of corporate assets and time throughout the organization.
♦ Audit compliance against acceptable usage policies for Internet usage.
♦ Monitor protection against spyware, malware, and viruses.

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 1
UK Office Network Security
Executive Summary Report
Device(s): Denver (192.168.190.254) 80C87FFFFFFFF
From: 2014-09-08 00:00:00 (America/Sao_Paulo)
To: 2014-09-09 00:00:00 (America/Sao_Paulo)

Available Reports
Top Zero-Day Malware (APT)

Top Blocked Advanced Malware (APT)

Top Blocked Malware

Top Blocked Attacks

Top Clients

Top Domains

Top URL Categories

Top Applications

Top Application Categories

Top Blocked Applications

Top Blocked Application Categories

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 2
UK Office Network Security
Executive Summary Report

Top Zero-Day Malware (APT)

Businesses of all sizes are susceptible to major losses because of advanced malware used in targeted attacks against
their networks. WatchGuard APT Blocker is another layer of defense that detects and stops zero-day threats that
standard, signature-based AntiVirus and IPS solutions can miss. Windows executable, Microsoft Office, Android
installer, and PDF files are all reviewed for malware characteristics, including multiple types of evasive behavior, in a
cloud-based sandbox, before the appropriate action is taken.

This report includes threats that were identified by APT Blocker as zero-day malware after they passed through the
firewall.

Hits

Threat 1

Threat 2

Threat 3

Threat 4

0.0 0.2 0.4 0.6 0.8 1.0

Threat Index Threat ID Content Name Threat Level Hits

Threat 1 485321b3702d45ffab453bff41e5bf89 free_game.exe high 1
Threat 2 4d030e6f40174a2aad20dc4ad4666fe8 free_game.exe high 1
Threat 3 b3960717b0a247aca86028e3b536b449 Celebrity_pics high 1
Threat 4 150171e02e664d5597e39d098ca7dfac cybersafety_tips low 1
Total: 4 4

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 3
UK Office Network Security
Executive Summary Report

Top Blocked Advanced Malware (APT)

Businesses of all sizes are susceptible to major losses because of advanced malware used in targeted attacks against
their networks. WatchGuard APT Blocker is another layer of defense that detects and stops zero-day threats that
standard, signature-based AntiVirus and IPS solutions can miss. Windows executable, Microsoft Office, Android
installer, and PDF files are all reviewed for malware characteristics, including multiple types of evasive behavior, in a
cloud-based sandbox, before the appropriate action is taken.

This report shows the advanced malware threats that APT Blocker detected and the content that was blocked by the
firewall.

Hits

Threat 1

Threat 2

0.0 0.2 0.4 0.6 0.8 1.0

Threat Index Threat ID Content Name Hits

Threat 1 023bc0f797454370acaeab474506639b top_download 1
Threat 2 735eca2b05f0462789543d4814de1483 UPS_package 1
Total: 2 2

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 4
UK Office Network Security
Executive Summary Report

Top Blocked Malware

The Gateway Antivirus service provides real-time protection against known malware such as viruses, trojans, worms,
spyware, and rogueware. This service uses continually updated signatures to detect and block all types of malware,
whether they are delivered as email attachments or via infected web sites (more common today). Some viruses may
simply contain malicious code that is meant to disable and disrupt computer systems, but trojans are now commonly
used to steal financial information from corporate systems. It has been estimated that once a computer system has been
corrupted by a virus, it can take up to 4 hours of an IT person's time to clean up and repair the infected computer. Thats
why it pays to block malware before it gets into the network.

This chart indicates any malware that has been blocked on the network over the reporting period.

Hits

Luhe.MaZec.M
Downloader.Generic13.CLYK...
Crypt3.ALDT
Exploit
Win32/Heur
Dropper.Generic_c.ZVU
Downloader.Generic_c.HWR
VBS/Agent

0 2 4 6 8 10

Name Hits
Luhe.MaZec.M 5
Downloader.Generic13.CLYK.dropper 3
Crypt3.ALDT 1
Exploit 1
Win32/Heur 1
Dropper.Generic_c.ZVU 1
Downloader.Generic_c.HWR 1
VBS/Agent 1
Total: 8 14

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 5
UK Office Network Security
Executive Summary Report

Top Blocked Attacks

The Intrusion Prevention Service (IPS) provides real-time protection against network threats, including spyware, SQL
injections, cross-site scripting, and buffer overflows. Skillful hackers can exploit these vulnerabilities to gain control of
computer systems in the network. For example with buffer overflows, the hacker can send input that overflows the
allocated memory, enabling them to gain access to the portion of memory where code is executed. Once code is
installed, it can be used for theft of company financial data, or botnets could be used to extract company confidential
information.

This report details the top intrusion attacks that were blocked at the firewall over the reporting period. More details about
each intrusion attack are available at the WatchGuard Security Portal
(http://www.watchguard.com/SecurityPortal/ThreatDB.aspx)

Hits

WEB Cross-site Scripting ...

VULN Cross-Site Scripting...

VULN Cross-site Scripting...

0 2 4 6 8 10

Name Hits
WEB Cross-site Scripting -9 6
VULN Cross-Site Scripting -7 3
VULN Cross-site Scripting Attempt -11 2
Total: 3 11

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 6
UK Office Network Security
Executive Summary Report

Top Clients
This report shows the most active endpoints on the network, i.e. the ones that generated the most traffic. When Single
Sign-on is implemented at the firewall, the report shows the name of the user associated with the IP address.

Bytes Transferred, Hits

Bytes Hits
0 5000 10000 15000 20000
alice@example.com
michelle@example.com
matt@example.com
Branch_Office
XTM Gateway
Bala-Sales
eric@example.com
Nate
Noah-Corp
Salim-Engg

0 2000000 4000000 6000000 8000000 10000000

Name Bytes Hits

alice@example.com 7915 MB 19622
michelle@example.com 1209 MB 4845
matt@example.com 288 MB 3574
Branch_Office 212 MB 5839
XTM Gateway 35 MB 9237
Bala-Sales 32 MB 5675
eric@example.com 11 MB 2231
Nate 4 MB 1453
Noah-Corp 1 MB 494
Salim-Engg 194 KB 97
Total: 10 9711 MB 53067

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 7
UK Office Network Security
Executive Summary Report

Top Domains
Internet access is an essential requirement for most employees to perform their job functions, but unlimited Internet
access can sap productivity and also open the door to inappropriate adult content and sexually explicit images that could
put your organization at risk. This report shows the top web domains that were visited over the reporting period.

Bytes Transferred, Hits

Bytes Hits
0 200 400 600
dropbox.com
pandora.com
google.com
p-cdn.com
imgur.com
watchguard.com
msn.com
images-amazon.com
buygunsandammo.com
avfirewalls.com

0 500000 1000000

Name Bytes Hits

dropbox.com 1188 MB 569
pandora.com 207 MB 509
google.com 158 MB 470
p-cdn.com 60 MB 83
imgur.com 21 MB 85
watchguard.com 8 MB 361
msn.com 5 MB 173
images-amazon.com 4 MB 419
buygunsandammo.com 4 MB 116
avfirewalls.com 3 MB 121
Total: 10 1663 MB 2906

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 8
UK Office Network Security
Executive Summary Report

Top URL Categories

To maximize employee productivity and safeguard your business, it's important to ensure that web activity stays mainly
business-focused. Complete visibility into which sites are viewed, by whom, is the most effective way to accomplish this.
The Webblocker service categorizes every url visited into one of over 120 different categories. (54 categories if using the
locally hosted url database).

The chart on this page shows the top ten categories of Internet activity, represented as a percentage of total traffic
during the audit period.

Hits

Information Technology
Internet Radio and TV
News and Media
Search Engines and Portal...
Advertisements
Personal Network Storage ...
Shopping
Streaming Media
Sports
Uncategorized

0 1000 2000 3000 4000 5000

Name Hits
Information Technology 4769
Internet Radio and TV 1825
News and Media 1683
Search Engines and Portals 1537
Advertisements 1291
Personal Network Storage and Backup 749
Shopping 661
Streaming Media 441
Sports 284
Uncategorized 234
Total: 10 13474

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 9
UK Office Network Security
Executive Summary Report

Top Applications
The firewall inspects all traffic and it identifies the applications in use. Applications can range from business-centric cloud
applications like Salesforce.com, to social networking sites like Facebook.com. This report highlights the top applications
that are identified on the network. Note that when web browsing is not detected as any specific application, it is recorded
as use by the browser application.

More specific information about each application is available at the WatchGuard Security Portal
(http://www.watchguard.com/SecurityPortal/AppDB.aspx).

Bytes Transferred, Hits

Bytes Hits
0 2000 4000 6000 8000 10000
BitTorrent Series
Web File Transfer
unknown
Google
mp4
Google Chrome
Android browser
Microsoft Internet Explor...
Amazon
Pandora

0 2000000 4000000 6000000 8000000 10000000

Name Bytes Hits

BitTorrent Series 6982 MB 10480
Web File Transfer 1204 MB 138
unknown 715 MB 171
Google 157 MB 134
mp4 127 MB 156
Google Chrome 73 MB 955
Android browser 11 MB 473
Microsoft Internet Explorer 8 MB 190
Amazon 6 MB 269
Pandora 5 MB 477
Total: 10 9293 MB 13443

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 10
UK Office Network Security
Executive Summary Report

Top Application Categories

Unlimited use and download of web-based applications can open the company to IT failures, cyber-attack, and IP theft.
Best practices mandate the ability to compare between business and personal app usage, and to drill-down to app
usage by user. A broad array of applications are routinely delivered via http and https, the standard Internet protocols.
Traffic is classified into 16 high level application categories. This report shows the top categories for application traffic.
The traffic is sorted by the categories that get the most hits, but it also shows the bandwidth used by each application
category.

Bytes Transferred, Hits

Bytes Hits
0 5000 10000
P2P
File Transfer
unknown
Web / Web 2.0
Streaming Media
Mobile
Web
Network Management
Social Network
Business

0 2000000 4000000 6000000 8000000 10000000

Name Bytes Hits

P2P 6982 MB 10481
File Transfer 1205 MB 643
unknown 715 MB 171
Web / Web 2.0 241 MB 1412
Streaming Media 141 MB 886
Mobile 11 MB 484
Web 9 MB 633
Network Management 3 MB 11799
Social Network 2 MB 315
Business 899 KB 10
Total: 10 9315 MB 26834

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 11
UK Office Network Security
Executive Summary Report

Top Blocked Applications

This report shows more details and highlights the names of the top applications that were blocked.

More specific information about each application is available at the WatchGuard Security Portal
(http://www.watchguard.com/SecurityPortal/AppDB.aspx)

Hits

Facebook

Xbox LIVE

Minecraft

0 100 200 300 400 500

Name Hits
Facebook 306
Xbox LIVE 8
Minecraft 4
Total: 3 318

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 12
UK Office Network Security
Executive Summary Report

Top Blocked Application Categories

Firewall rules are in place to block application categories that are considered security risks or unproductive use of time.
Most businesses choose to block inappropriate application categories like Games and Web Bypass Proxies. This
report shows the top application categories that were blocked over the reporting period.

Hits

Social Network

Games

0 100 200 300 400 500

Name Hits
Social Network 306
Games 12
Total: 2 318

Prepared by PT Network Group - Your Partner for Smart and Secure Networks
Page 13