SlideShare a Scribd company logo
1 of 35
Download to read offline
Monthly Security Report
Organization: xxxxxx
Period: 21 days
Start Date: 2023-03-01
Issuer: Sangfor Platform-X
Date Reported: 2023-03-21
End Date: 2023-03-21
Item Description
Period 2023-03-01 to 2023-03-21 (21 days)
Reporting Device JKNS_NGAF,XCENTRAL_EDR 2 devices
Assets Servers: 0, hosts: 0
Generated On 2023-03-21 16:11:51
Servers and hosts are critical assets of an organization. To ensure the security of the network, the security
of servers and hosts must also be guaranteed.
This Security Health Check Report is a summary of security findings and events in your network. This
information is generated by analyzing integrated security logs from your Sangfor devices and our cloud-
delivered threat intelligence.
01 Overview
◆ Security Overview
◆ Server Security Overview
◆ Host Security Overview
◆ Device Status
◆ Blocked Attacks
02 Security Events
◆ Fixed Events
◆ Pending Events
03 Server Security
◆ Vulnerability Detection
◆ Exploitation Protection
◆ Exploitation Remediation
04 Host Security
◆ Botnet Detection
◆ Content Security Detection
◆ Common Threat Detection
05 Security Enhancement
◆ Protection Results
◆ Protection Check
◆ Protection Updates
06 Conclusions
◆ Server Security Protection
◆ Host Security Protection
Overview
◆ Server Security Overview
The IT system is responsible for the organization's daily network operations and
data assets, which makes it a primary target for hackers.
If servers are not protected properly, business interruption, data loss and
other problems may occur.
◆ Host Security Overview
If daily online behavior, file transmission, etc. are not adequately protected,
security issues will occur. Gartner research found that 85% security threats are
internal. Inadequate host protection will often cause virus infection, sensitive
data disclosure and other serious issues.
Server Security
Excellent
0
Servers
0
Hosts (uncategorized assets included)
With protection, overall security rating is raised to Excellent. Details are shown below:
Attack Blocked inbound attacks: 0 No attacks detected
Vulnerability No vulnerabilities detected No vulnerabilities detected
Unsecured No security events detected No risks such as outbound access or botnets detected
Compromised (Backlink,
WebShell, etc.)
No compromised events detected No backlinks, WebShell, or other compromised events
detected
Device Protection No expired database detected Details can be viewed on the device
* Security overview shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
Overview
0
Servers
0
Risky Servers
Security Protection
Post-Protection:
Post-Protection Server Security
Vulnerability Detection
No weakness
Monitor is ON
* Weaknesses like vulnerabilities, improper
configurations, weak passwords and web cleartext
transmission may be exploited and incur threat.
Exploitation Protection
No attack
Monitor is ON
* Analyses are made based on source, techniques
and targets.
Exploitation Remediation
No compromised servers
Monitor is ON
* Detections of compromised servers with backlink
injection and WebShell backdoor.
* Weaknesses and threats shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
Security Overview
0
Hosts (uncategorized
assets included)
0
Risky Hosts
Security Protection
Post-Protection:
Post-Protection Host Security
Botnet Detection
No botnet infection
Monitor is ON
* Scans are made to detect threats and suspicious
behaviors from hosts.
Content Security Detection
No file infection
Monitor is ON
* Scans are made to detect malicious activities
during file upload and download.
Common Virus Infection
No common virus infection detected
Monitor is ON
* Scans are made to detect virus infections such as
worms and Trojans on hosts.
* Suspicious online activities shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
Status
No. Device Name/Gateway ID Device Type Version Bandwidth (%) CPU
(%)
Memory (%) Disk
(%)
Outbound (Bps) Inbound (Bps)
1 JKNS_NGAF(C513E0FA) NGAF 8.0.26 - 20 40 24 10300000 12890000
Basics
* All device status info can be viewed in Platform-X > Assets > Branches.
No data available
No. Device Name/Gateway ID Traffic Alert Offline Alert License Alert Resource Alert
Top 5 Devices by Alerts
* All device status info can be viewed in Platform-X.
Attacks
Summary
During the report period, 0 attacks were blocked. The daily attack trend is shown below:
Recommendations
Business assets that are exposed to the internet are vulnerable to malicious scans and targeted attacks.
Sangfor NGAF protects your assets from inbound attacks at all times, while Sangfor Platform-X comprehensively analyzes advanced security events to prevent
intrusions and ensure business security.
* The daily attack trend shown above is come from Sangfor NGAF security logs.
Security Events
◆ Fixed Events
◆ Pending Events
Fixed Security Events
During the report period, 0security events were fixed, which can effectively reduce potential risks and protect the confidentiality, integrity
and availability of data. The daily attack trend is shown below:
Top 5 Assets by Fixed Events - Overview
No data available
No. Asset Criticality Security Status Top 2 Major Threats Fixed Events
* Events shown above are come from cloud-delivered threat intelligence.
No data available
Pending Security Event Types Top 5 Assets by Pending Events
No data available
Top 5 Assets by Pending Events - Overview
No data available
No. Asset Criticality Security Status Top 2 Major Threats Pending Events
* Events shown above are come from cloud-delivered threat intelligence.
Server Security
◆ Vulnerability Detection
◆ Exploitation Protection
◆ Exploitation Remediation
Summary
No data available
Weaknesses refer to vulnerabilities in an asset that can be exploited to compromise security, including technical weaknesses (such as system vulnerabilities,
improper configurations, web cleartext transmission, etc.) and management weaknesses (such as weak passwords).
Weakness Distribution
High Medium Low
Description
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Forensics - Weakness and Victim Servers
No weakness
Weakness Type Severity Server (Weaknesses)
Top 5 Weaknesses
No vulnerable business
IP Address Weaknesses Web Cleartext Transmission Improper Configurations Weak Passwords Vulnerabilities
Top 5 Victim Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Protection
Attack Sources
Monitor is ON
Attack Techniques
Monitor is ON
Targets
Monitor is ON
* Data shown above is come from Sangfor NGAF security logs.
Attack Source Summary
No attack source
No. IP Attack Type Attacks Location
Top Sources:
Attack Sources
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Monitor is ON
Protection Module Performance
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive
URL Access). Below is the performance of the Intrusion Prevention and Web App Protection modules:
0vulnerability exploits
Intrusion Prevention
1 0web application attacks
Web App Protection
2
◆ Vulnerability Exploits
Monitor is ON
◆ Web Application Attacks
Attacks that may cause system compromise: WebShell upload, Trojan, OS command
injection, Web site vulnerabilities
Attacks that may cause data disclosure : SQL Injection
Attacks that may cause malicious code execution: XSS and file inclusion
Attacks that may cause data leak risks: path traversal, website scan, cross-site
request forgery (CSRF) and information disclosure
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Monitor is ON
Protection Module Performance
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive
URL Access). Below is the performance of the Botnet Detection and Restrictive URL Access modules:
0botnet communications
Botnet Detection
3 0URL accesses blocked
Restrictive URL Access
4
◆ Botnet Communications
Monitor is ON
◆ Blocked URLs
Monitor is ON
◆ Victim Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Victim Servers
Victim Servers
No servers attacked
No. Server Asset Attacks
Top Targeted Servers
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Remediation
Summary
No data available
Forensics and Analysis
Backlink Injections
Type:
Recommendations
None
* High-threat events shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
Host Security
◆ Botnet Detection
◆ Content Security Detection
◆ Common Threat Detection
Summary
Not botnet infection detected
No hosts infected
No. Host Infected Severity Last Detected Stage Detections
Infected Hosts
Recommendations
Download anti-malware software to scan for and remove malware on the infected host.
Anti-malware software can be downloaded at https://endpoint.sangfor.com/#/information/all_tools
* Data shown above is come from Sangfor NGAF security logs.
Detection
Summary
No data available
Malware Downloads
No hosts download virus-infected files
No. User Description Sources
Malicious Virus Downloads
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Detection
Summary
No hosts infected by common viruses
Common Threat Detection
No common threats detected
◆ Tags
No data available
◆ Impacts
No data available
Recommendations
None
* Data shown above is come from Sangfor NGAF security logs.
Security Enhancement
◆ Protection Results
◆ Protection Check
◆ Protection Updates
During the report period, 0attacks occurred. Details of attacks blocked by all modules are shown below:
Recommendations
Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive URL
Access). Sangfor continuously updates threat signatures to prevent new threats. Please keep protection modules up to date.
* Data shown above is come from Sangfor NGAF security logs.
URL Database
Detects URL categories and
applies granular access control
based on security policies
No data available No data available
Application Signatures
Visualizes network traffic and
provides application layer
protection through integrating
security policies
No data available No data available
Weakness Analytic
Analyzes weaknesses and risks
present in assets
No data available No data available
Intrusion Prevention
Detects and prevents intrusion to
protect data and network security
No data available No data available
Module Top 3 Modules by Expiration Current Version
Check the expiration and current version of protection modules to ensure that protection is up to date and that new threats can be detected.
Details of all modules are shown below:
* Data shown above is come from Sangfor NGAF security logs.
Web App Protection
Provides general protections for
web applications and servers
No data available No data available
Botnet Detection
Prevents the download of viruses
from malicious websites and
detects internal compromised hosts
to avoid further spread
No data available No data available
Sangfor Engine Zero
Helps users to block the latest
threats
No data available No data available
Hot Events
Helps users to block the latest
threats
No data available No data available
Module Top 3 Modules by Expiration Current Version
Recommendations
Sangfor periodically updates threat signatures from the cloud to detect new threats. Please keep the threat signature database version up to date to prevent
attacks that use new attack techniques.
* Data shown above is come from Sangfor NGAF security logs.
Updates
New Deleted Modified Vulns Involved
16 1 6 0
Intrusion Prevention Module
From 2023-03-01 to 2023-03-21, 23 rules were updated. Details are shown below:
The threat signatures of the top 3 latest vulnerabilities are updated. Details are shown below:
No data available
CVE ID Vulnerability Name Impacts
Vuln Blocked
by Updated
Database
* Data shown above is come from Sangfor NGAF security logs.
Conclusions
◆ Server Security Protection
◆ Host Security Protection
Protection
Vulnerability Detection No weakness
With respect to technology and management, enhance weakness detection and security before attacks occur, and fix possible vulnerabilities as
early as possible to reduce exposure to threats.
Exploitation Protection No attack
Perform frequent upgrades to security protection capabilities to be able to identify and block high-threat attack sources and become more
responsive to various types of attacks.
Exploitation Remediation No compromised servers
Enhance security of servers and hosts by installing antivirus and anti-defacement software. Perform asset security auditing regularly to protect
your assets.
Protection
Botnet Detection No botnet infection
Use endpoint security software and secure gateway to detect possible viruses and suspicious traffic on endpoints, and enhance endpoint security
by scanning for bot-infected hosts and removing botnet viruses.
Content Security Detection No file infection
Use endpoint security software and secure gateway to discover and block high-risk online activities. Meanwhile, restrict users' access to the
internet and improve their security awareness to avoid accessing malicious sources.
Common Threat Detection No common virus infection detected
Be aware of common threats, and upgrade security detection and protection capabilities to protect hosts from being infected with common viruses.
Sangfor Platform-X

More Related Content

Similar to Sangfor X Security Health Check Report

FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURESakshiSolapure1
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsSociety of Women Engineers
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Managed Vulnerability Scan
Managed Vulnerability ScanManaged Vulnerability Scan
Managed Vulnerability ScanShawn Jordan
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfinfosec train
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problemskiansahafi
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide	Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide Protect724manoj
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 

Similar to Sangfor X Security Health Check Report (20)

FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security Controls
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Managed Vulnerability Scan
Managed Vulnerability ScanManaged Vulnerability Scan
Managed Vulnerability Scan
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdf
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
security onion
security onionsecurity onion
security onion
 
3D Security Report
3D Security Report3D Security Report
3D Security Report
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
 
Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide	Antivirus Monitoring Security Use Case Guide
Antivirus Monitoring Security Use Case Guide
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
OwnYIT CSAT + SIEM
OwnYIT CSAT + SIEMOwnYIT CSAT + SIEM
OwnYIT CSAT + SIEM
 

More from Josh Lrt

IoT SMART BUS WITH LoRa
IoT SMART BUS WITH LoRaIoT SMART BUS WITH LoRa
IoT SMART BUS WITH LoRaJosh Lrt
 
中国的旅游景点 - 幻灯片
中国的旅游景点 - 幻灯片中国的旅游景点 - 幻灯片
中国的旅游景点 - 幻灯片Josh Lrt
 
STPM SBA Chemistry Presentation 2013
STPM SBA Chemistry Presentation 2013STPM SBA Chemistry Presentation 2013
STPM SBA Chemistry Presentation 2013Josh Lrt
 
STPM PBS Pengajian AM Presentation 2013
STPM PBS Pengajian AM Presentation 2013STPM PBS Pengajian AM Presentation 2013
STPM PBS Pengajian AM Presentation 2013Josh Lrt
 
Esei Dubungan Dua Hala Malaysia Dengan Global
Esei Dubungan Dua Hala Malaysia Dengan GlobalEsei Dubungan Dua Hala Malaysia Dengan Global
Esei Dubungan Dua Hala Malaysia Dengan GlobalJosh Lrt
 
Malaysia Dengan Ekonomi Antarabangsa
Malaysia Dengan Ekonomi AntarabangsaMalaysia Dengan Ekonomi Antarabangsa
Malaysia Dengan Ekonomi AntarabangsaJosh Lrt
 
Dasar automotif Nasional (NAP)
Dasar automotif Nasional (NAP)Dasar automotif Nasional (NAP)
Dasar automotif Nasional (NAP)Josh Lrt
 
Pengajian am stpm baru penggal 1,2,3
Pengajian am stpm baru   penggal 1,2,3Pengajian am stpm baru   penggal 1,2,3
Pengajian am stpm baru penggal 1,2,3Josh Lrt
 
Sajak riang ria merdeka
Sajak riang ria merdekaSajak riang ria merdeka
Sajak riang ria merdekaJosh Lrt
 

More from Josh Lrt (9)

IoT SMART BUS WITH LoRa
IoT SMART BUS WITH LoRaIoT SMART BUS WITH LoRa
IoT SMART BUS WITH LoRa
 
中国的旅游景点 - 幻灯片
中国的旅游景点 - 幻灯片中国的旅游景点 - 幻灯片
中国的旅游景点 - 幻灯片
 
STPM SBA Chemistry Presentation 2013
STPM SBA Chemistry Presentation 2013STPM SBA Chemistry Presentation 2013
STPM SBA Chemistry Presentation 2013
 
STPM PBS Pengajian AM Presentation 2013
STPM PBS Pengajian AM Presentation 2013STPM PBS Pengajian AM Presentation 2013
STPM PBS Pengajian AM Presentation 2013
 
Esei Dubungan Dua Hala Malaysia Dengan Global
Esei Dubungan Dua Hala Malaysia Dengan GlobalEsei Dubungan Dua Hala Malaysia Dengan Global
Esei Dubungan Dua Hala Malaysia Dengan Global
 
Malaysia Dengan Ekonomi Antarabangsa
Malaysia Dengan Ekonomi AntarabangsaMalaysia Dengan Ekonomi Antarabangsa
Malaysia Dengan Ekonomi Antarabangsa
 
Dasar automotif Nasional (NAP)
Dasar automotif Nasional (NAP)Dasar automotif Nasional (NAP)
Dasar automotif Nasional (NAP)
 
Pengajian am stpm baru penggal 1,2,3
Pengajian am stpm baru   penggal 1,2,3Pengajian am stpm baru   penggal 1,2,3
Pengajian am stpm baru penggal 1,2,3
 
Sajak riang ria merdeka
Sajak riang ria merdekaSajak riang ria merdeka
Sajak riang ria merdeka
 

Recently uploaded

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 

Recently uploaded (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 

Sangfor X Security Health Check Report

  • 1. Monthly Security Report Organization: xxxxxx Period: 21 days Start Date: 2023-03-01 Issuer: Sangfor Platform-X Date Reported: 2023-03-21 End Date: 2023-03-21
  • 2. Item Description Period 2023-03-01 to 2023-03-21 (21 days) Reporting Device JKNS_NGAF,XCENTRAL_EDR 2 devices Assets Servers: 0, hosts: 0 Generated On 2023-03-21 16:11:51
  • 3. Servers and hosts are critical assets of an organization. To ensure the security of the network, the security of servers and hosts must also be guaranteed. This Security Health Check Report is a summary of security findings and events in your network. This information is generated by analyzing integrated security logs from your Sangfor devices and our cloud- delivered threat intelligence.
  • 4. 01 Overview ◆ Security Overview ◆ Server Security Overview ◆ Host Security Overview ◆ Device Status ◆ Blocked Attacks 02 Security Events ◆ Fixed Events ◆ Pending Events 03 Server Security ◆ Vulnerability Detection ◆ Exploitation Protection ◆ Exploitation Remediation 04 Host Security ◆ Botnet Detection ◆ Content Security Detection ◆ Common Threat Detection 05 Security Enhancement ◆ Protection Results ◆ Protection Check ◆ Protection Updates 06 Conclusions ◆ Server Security Protection ◆ Host Security Protection
  • 5. Overview ◆ Server Security Overview The IT system is responsible for the organization's daily network operations and data assets, which makes it a primary target for hackers. If servers are not protected properly, business interruption, data loss and other problems may occur. ◆ Host Security Overview If daily online behavior, file transmission, etc. are not adequately protected, security issues will occur. Gartner research found that 85% security threats are internal. Inadequate host protection will often cause virus infection, sensitive data disclosure and other serious issues.
  • 6. Server Security Excellent 0 Servers 0 Hosts (uncategorized assets included) With protection, overall security rating is raised to Excellent. Details are shown below: Attack Blocked inbound attacks: 0 No attacks detected Vulnerability No vulnerabilities detected No vulnerabilities detected Unsecured No security events detected No risks such as outbound access or botnets detected Compromised (Backlink, WebShell, etc.) No compromised events detected No backlinks, WebShell, or other compromised events detected Device Protection No expired database detected Details can be viewed on the device * Security overview shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
  • 7. Overview 0 Servers 0 Risky Servers Security Protection Post-Protection: Post-Protection Server Security Vulnerability Detection No weakness Monitor is ON * Weaknesses like vulnerabilities, improper configurations, weak passwords and web cleartext transmission may be exploited and incur threat. Exploitation Protection No attack Monitor is ON * Analyses are made based on source, techniques and targets. Exploitation Remediation No compromised servers Monitor is ON * Detections of compromised servers with backlink injection and WebShell backdoor. * Weaknesses and threats shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
  • 8. Security Overview 0 Hosts (uncategorized assets included) 0 Risky Hosts Security Protection Post-Protection: Post-Protection Host Security Botnet Detection No botnet infection Monitor is ON * Scans are made to detect threats and suspicious behaviors from hosts. Content Security Detection No file infection Monitor is ON * Scans are made to detect malicious activities during file upload and download. Common Virus Infection No common virus infection detected Monitor is ON * Scans are made to detect virus infections such as worms and Trojans on hosts. * Suspicious online activities shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
  • 9. Status No. Device Name/Gateway ID Device Type Version Bandwidth (%) CPU (%) Memory (%) Disk (%) Outbound (Bps) Inbound (Bps) 1 JKNS_NGAF(C513E0FA) NGAF 8.0.26 - 20 40 24 10300000 12890000 Basics * All device status info can be viewed in Platform-X > Assets > Branches. No data available No. Device Name/Gateway ID Traffic Alert Offline Alert License Alert Resource Alert Top 5 Devices by Alerts * All device status info can be viewed in Platform-X.
  • 10. Attacks Summary During the report period, 0 attacks were blocked. The daily attack trend is shown below: Recommendations Business assets that are exposed to the internet are vulnerable to malicious scans and targeted attacks. Sangfor NGAF protects your assets from inbound attacks at all times, while Sangfor Platform-X comprehensively analyzes advanced security events to prevent intrusions and ensure business security. * The daily attack trend shown above is come from Sangfor NGAF security logs.
  • 11. Security Events ◆ Fixed Events ◆ Pending Events
  • 12. Fixed Security Events During the report period, 0security events were fixed, which can effectively reduce potential risks and protect the confidentiality, integrity and availability of data. The daily attack trend is shown below: Top 5 Assets by Fixed Events - Overview No data available No. Asset Criticality Security Status Top 2 Major Threats Fixed Events * Events shown above are come from cloud-delivered threat intelligence.
  • 13. No data available Pending Security Event Types Top 5 Assets by Pending Events No data available Top 5 Assets by Pending Events - Overview No data available No. Asset Criticality Security Status Top 2 Major Threats Pending Events * Events shown above are come from cloud-delivered threat intelligence.
  • 14. Server Security ◆ Vulnerability Detection ◆ Exploitation Protection ◆ Exploitation Remediation
  • 15. Summary No data available Weaknesses refer to vulnerabilities in an asset that can be exploited to compromise security, including technical weaknesses (such as system vulnerabilities, improper configurations, web cleartext transmission, etc.) and management weaknesses (such as weak passwords). Weakness Distribution High Medium Low Description Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 16. Forensics - Weakness and Victim Servers No weakness Weakness Type Severity Server (Weaknesses) Top 5 Weaknesses No vulnerable business IP Address Weaknesses Web Cleartext Transmission Improper Configurations Weak Passwords Vulnerabilities Top 5 Victim Servers Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 17. Protection Attack Sources Monitor is ON Attack Techniques Monitor is ON Targets Monitor is ON * Data shown above is come from Sangfor NGAF security logs.
  • 18. Attack Source Summary No attack source No. IP Attack Type Attacks Location Top Sources: Attack Sources Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 19. Monitor is ON Protection Module Performance Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive URL Access). Below is the performance of the Intrusion Prevention and Web App Protection modules: 0vulnerability exploits Intrusion Prevention 1 0web application attacks Web App Protection 2 ◆ Vulnerability Exploits Monitor is ON ◆ Web Application Attacks Attacks that may cause system compromise: WebShell upload, Trojan, OS command injection, Web site vulnerabilities Attacks that may cause data disclosure : SQL Injection Attacks that may cause malicious code execution: XSS and file inclusion Attacks that may cause data leak risks: path traversal, website scan, cross-site request forgery (CSRF) and information disclosure Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 20. Monitor is ON Protection Module Performance Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive URL Access). Below is the performance of the Botnet Detection and Restrictive URL Access modules: 0botnet communications Botnet Detection 3 0URL accesses blocked Restrictive URL Access 4 ◆ Botnet Communications Monitor is ON ◆ Blocked URLs Monitor is ON ◆ Victim Servers Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 21. Victim Servers Victim Servers No servers attacked No. Server Asset Attacks Top Targeted Servers Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 22. Remediation Summary No data available Forensics and Analysis Backlink Injections Type: Recommendations None * High-threat events shown above are come from Sangfor NGAF security logs and cloud-delivered threat intelligence.
  • 23. Host Security ◆ Botnet Detection ◆ Content Security Detection ◆ Common Threat Detection
  • 24. Summary Not botnet infection detected No hosts infected No. Host Infected Severity Last Detected Stage Detections Infected Hosts Recommendations Download anti-malware software to scan for and remove malware on the infected host. Anti-malware software can be downloaded at https://endpoint.sangfor.com/#/information/all_tools * Data shown above is come from Sangfor NGAF security logs.
  • 25. Detection Summary No data available Malware Downloads No hosts download virus-infected files No. User Description Sources Malicious Virus Downloads Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 26. Detection Summary No hosts infected by common viruses Common Threat Detection No common threats detected ◆ Tags No data available ◆ Impacts No data available Recommendations None * Data shown above is come from Sangfor NGAF security logs.
  • 27. Security Enhancement ◆ Protection Results ◆ Protection Check ◆ Protection Updates
  • 28. During the report period, 0attacks occurred. Details of attacks blocked by all modules are shown below: Recommendations Exploitation protection can be realized through different protection modules (Intrusion Prevention, Web App Protection, Botnet Detection, Restrictive URL Access). Sangfor continuously updates threat signatures to prevent new threats. Please keep protection modules up to date. * Data shown above is come from Sangfor NGAF security logs.
  • 29. URL Database Detects URL categories and applies granular access control based on security policies No data available No data available Application Signatures Visualizes network traffic and provides application layer protection through integrating security policies No data available No data available Weakness Analytic Analyzes weaknesses and risks present in assets No data available No data available Intrusion Prevention Detects and prevents intrusion to protect data and network security No data available No data available Module Top 3 Modules by Expiration Current Version Check the expiration and current version of protection modules to ensure that protection is up to date and that new threats can be detected. Details of all modules are shown below: * Data shown above is come from Sangfor NGAF security logs.
  • 30. Web App Protection Provides general protections for web applications and servers No data available No data available Botnet Detection Prevents the download of viruses from malicious websites and detects internal compromised hosts to avoid further spread No data available No data available Sangfor Engine Zero Helps users to block the latest threats No data available No data available Hot Events Helps users to block the latest threats No data available No data available Module Top 3 Modules by Expiration Current Version Recommendations Sangfor periodically updates threat signatures from the cloud to detect new threats. Please keep the threat signature database version up to date to prevent attacks that use new attack techniques. * Data shown above is come from Sangfor NGAF security logs.
  • 31. Updates New Deleted Modified Vulns Involved 16 1 6 0 Intrusion Prevention Module From 2023-03-01 to 2023-03-21, 23 rules were updated. Details are shown below: The threat signatures of the top 3 latest vulnerabilities are updated. Details are shown below: No data available CVE ID Vulnerability Name Impacts Vuln Blocked by Updated Database * Data shown above is come from Sangfor NGAF security logs.
  • 32. Conclusions ◆ Server Security Protection ◆ Host Security Protection
  • 33. Protection Vulnerability Detection No weakness With respect to technology and management, enhance weakness detection and security before attacks occur, and fix possible vulnerabilities as early as possible to reduce exposure to threats. Exploitation Protection No attack Perform frequent upgrades to security protection capabilities to be able to identify and block high-threat attack sources and become more responsive to various types of attacks. Exploitation Remediation No compromised servers Enhance security of servers and hosts by installing antivirus and anti-defacement software. Perform asset security auditing regularly to protect your assets.
  • 34. Protection Botnet Detection No botnet infection Use endpoint security software and secure gateway to detect possible viruses and suspicious traffic on endpoints, and enhance endpoint security by scanning for bot-infected hosts and removing botnet viruses. Content Security Detection No file infection Use endpoint security software and secure gateway to discover and block high-risk online activities. Meanwhile, restrict users' access to the internet and improve their security awareness to avoid accessing malicious sources. Common Threat Detection No common virus infection detected Be aware of common threats, and upgrade security detection and protection capabilities to protect hosts from being infected with common viruses.