Our FREE Security Checkup Overview
Marcum Technology will conduct an in-depth Security Check Up that produces a detailed Threat Analysis Report.
The Threat Analysis Report uncovers where your organization is exposed to security threats and offers recommendations to address these risks. To assess risk, network traffic will be inspected by Marcum Technology to detect a variety of security threats, including malware infections, usage of high-risk web applications, intrusion attempts, loss of sensitive data, and more.
Key Findings Malware & Attacks
MACHINES INFECTED WITH BOTS
A bot is malicious software that invades your computer. Bots allow criminals to remotely control your computer to execute illegal activities such as stealing data, spreading spam, distributing malware and participating in Denial of Service (DOS) attacks without your knowledge. Bots play a key role in targeted attacks known as Advanced Persistent Threats (APTs). The following table summarizes the bot families and number of infected computers detected in your network.
EXTENDED MALWARE INCIDENTS (THREATCLOUD INTELLISTORE)
Malware threats were detected by extended security intelligence feeds.
MACHINES INFECTED WITH ADWARE AND TOOLBARS
Adware and toolbars are potentially unwanted programs designed to display advertisements, redirect search requests to advertising websites, and collect marketing-type data about the user in order to display customized advertising on the computer. Computers infected with these programs should be diagnosed as they may be exposed to follow-up infections of higher-risk malware. The following table summarizes the adware and toolbar malware families and the number of infected computers detected in your network.
MALWARE DOWNLOADS (KNOWN MALWARE)
With the increase in sophistication of cyber threats, many targeted attacks begin by exploiting software vulnerabilities in downloaded files and email attachments. During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes downloads of known malware files detected in your network and the number of the downloading computers. Known malware refers to malware for which signatures exists and therefore should be blocked by an anti-virus system.
DOWNLOADS OF NEW MALWARE VARIANTS (UNKNOWN MALWARE)
With cyberthreats becoming increasingly sophisticated, advanced threats often include new malware variants with no existing protections, referred to as "unknown malware." These threats include new (zero-day) exploits, or even variants of known exploits with no existing signatures and therefore are not detectable by standard solutions. Detecting these types of malware requires running them in a virtual sandbox to discover malicious behavior. During the security analysis, a number of malware-related events were detected in your network. The table below summarizes downloads of new malware variants detected in your network.
ACCESS TO SITES KNOWN TO CONTAIN MALWARE
Organizations can get infected with malware by accessing malicious websites while browsing the Internet, or by clicking on malicious links embedded in received email. The following summarizes events related to sites known to contain malware.
ATTACKS AND EXPLOITED SOFTWARE VULNERABILITIES
During the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents might indicate intrusion attempts, malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. The following summarizes these events.
Denial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they either crash or are unable to operate. This effectively denies the service to legitimate users. A DoS attack is launched from a single source to overwhelm and disable the target service. A Distributed Denial-of-service (DDoS) attack is coordinated and simultaneously launched from multiple sources to overwhelm and disable a target service. During the security analysis, DDoS attacks were detected. The following summarizes the events.
Key Findings High Risk Web Access
USAGE OF HIGH RISK WEB APPLICATIONS
Web applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration applications might be legitimate when used by admins and the helpdesk, but please note that some remote access tools can be used for cyber-attacks as well. The following risky web applications were detected in your network, sorted by category, risk level and number of users.
ACCESS TO HIGH RISK WEB SITES
Web use is ubiquitous in business today. But the constantly evolving nature of the web makes it extremely difficult to protect and enforce standards for web usage in a corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs and applications as well. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category, number of users, and number of hits.
Key Findings Data Loss
DATA LOSS INCIDENTS
Your company’s internal data is one of its most valuable assets. Any intentional or unintentional loss can cause damage to your organization. The information below was sent outside the company, or to potentially unauthorized internal users. This information may potentially be sensitive information that should be protected from loss. The following represents the characteristics of the data loss events that were identified during the course of the analysis.
FILES UPLOADED TO CLOUD BASED WEB APPLICATIONS
One of the greatest characteristics of Web 2.0 is the ability to generate content and share it with others. This capability comes with significant risk. Sensitive information can get into the wrong hands by storing confidential financial files on cloud-based file storage and sharing services. The following table provides an overview of the types of files uploaded from your organization and the respective file storage and sharing applications used.
Key Findings SCADA Communications
SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrial processes. It operates with coded signals over communication channels to provide control of remote equipment. SCADA networks are usually separated from the organizational IT network for security purposes. SCADA protocols detected on the IT network might indicate a security risk with a potential for a security breach. The following SCADA protocols were detected on your network.
Key Findings Mobile Threats
The following Security Checkup report presents the findings of a security assessment conducted in your network. The report focuses on mobile threats and uncovers where your organization is exposed to them, and offers recommendations to address these risks.
To assess risk, network traffic will be inspected to detect a variety of security threats, including: mobile malware infections, usage and downloads of high risk mobile apps, download of malicious mobile applications, outdated mobile operating systems, and more.
MOBILE DEVICES INFECTED WITH MALWARE
Mobile malware are malicious software which invade your mobile device. Mobile malware allow criminals to steal sensitive information from a device, take control of its sensors to execute keylogging, steal messages, turn on the video camera, and all this without your knowledge. Mobile malware play a key role in targeted attacks known as Advanced Persistent Threats (APTs). The following table summarizes the mobile malware detected in your network.
DOWNLOADS OF MALICIOUS APPS AND MALWARE
With the increased in sophistication in mobile cyber threats, many targeted attacks begin by embedding malware in downloaded apps and files. During the security analysis, a number of malware-related events which indicate malicious file downloads were detected. The following table summarizes downloads of malware by mobile devices.
USAGE OF HIGH RISK MOBILE APPS
Mobile apps are essential to the productivity of every organization, but they also create degrees of vulnerability in its security posture. Remote Administration apps might be legitimate when used by admins and the helpdesk, but when used maliciously, they can allow potential attackers to steal sensitive information from a device, take control of the sensors to execute keylogging, steal messages, turn on video camera, and more. The following risky apps were detected in your network.
ACCESS TO HIGH RISK WEB SITES
Web use is ubiquitous in business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult to protect and enforce web usage in a corporate environment. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category, number of users, then number of hits.
Key Findings Endpoints
Key Findings Bandwidth Analysis
BANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITES
An organization‘s network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Some are business related and some might not be business related. Applications that use a lot of bandwidth, for example, streaming media, can limit the bandwidth that is available for important business applications. It is important to understand what is using the network’s bandwidth to limit bandwidth consumption of non-business related traffic. The following summarizes the bandwidth usage of your organization sorted by consumed bandwidth.