Cyber Threat Assessment

Report Date: October 1, 2018 10:17

Data Range: 2018-09-24 00:00 2018-09-30 23:59 GMT+1 (FAZ local)
 Table of Contents

Organizational File Usage 4

Files Needing Inspection 4
Breakdown of File Types 4
Results of Executable Sandbox Analysis 5
Top Sandbox-identified Malicious EXEs 5
Top Sources of Sandbox Discovered Malware 5
Recommended Actions 6
Security and Threat Prevention 7
High Risk Applications 7
High Risk Applications 7
Application Vulnerability Exploits 7
Top Application Vulnerability Exploits Detected 7
Malware, Botnets and Spyware/Adware 8
Top Malware, Botnets and Spyware/Adware Detected 8
At-Risk Devices and Hosts 8
Most At-Risk Devices and Hosts 8
Encrypted Web Traffic 9
HTTPS vs. HTTP Traffic Ratio 9
Top Source Countries 9
Top Source Countries 9

User Productivity 10
Application Usage 10
App Categories 10
Cloud Usage (SaaS) 10
Cloud Usage (IaaS) 10
Application Category Breakdowns 11
Remote Access Applications 11
Proxy Applications 11
Top Social Media Applications 11
Top Video/Audio Streaming Applications 11
Top Gaming Applications 11
Top Peer to Peer Applications 11
Web Usage 12
Top Web Categories 12
Top Web Applications 13
Websites Frequented 14
Most Visited Web Domains 14
Top Websites by Browsing Time 15

Network Utilization 16
Bandwidth 16
Average Bandwidth by Hour 16
Top Bandwidth Consuming Sources/Destinations 16

FortiGuard Security and Services 17

Appendix A 18
Devices 18

Appendix B 19
Report Filters(Logic: Any) 19

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 1 of 19

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 2 of 19
Executive Summary

IPS Attacks Detected: 1 Malware/Botnets Detected: 0

High-Risk Applications Used: 3 Malicious Websites Detected: 0

Last year, over 2,100 enterprises were breached as a result of poor internal security practices and latent vendor content security.
The average cost of a corporate security breach is estimated at $3.5 million USD and is rising at 15% year over year. Intrusions,
malware/botnets and malicious applications collectively comprise a massive risk to your enterprise network. These attack
mechanisms can give attackers access to your most sensitive files and database information. FortiGuard Labs mitigates these
risks by providing award-winning content security and is consistently rated among industry leaders by objective third parties
such as NSS Labs, VB 100 and AV Comparatives.

Applications Detected: 89 Top Used Application: SSL_TLSv1.2

Top Application Category: Network.Service Websites Visited: 31
Top Website: 41.77.177.154:9090 Top Web Category: Information Technology

User application usage and browsing habits can not only be indicative of inefficient use of corporate resources, but can also
indicate a lack of proper enforcement of corporate usage policies. Most enterprises recognize that personal use of corporate
resources is acceptable. But there are many grey areas that businesses must keep a close eye on including: use of proxy
avoidance/peer to peer applications, inappropriate web browsing, phishing websites, and potentially illegal activity - all of which
expose your company to undue liability and potential damages. With over 5,800 application control rules and 250 million
categorized websites, FortiGuard Labs provides telemetry that FortiOS uses to keep your business running effectively.

Total Bandwidth: 10725319785 Top Host by Bandwidth: 196.46.253.242

Performance effectiveness is an often undervalued aspect of security devices, but firewalls must keep up with the line speeds
that today’s next generation switches operate at. A recent survey by Infonetics indicates that 77% of decision-makers at large
organizations feel that they must upgrade their network security performance (100+ Gbps aggregate throughput) in the coming
year. FortiGates leverage FortiASICs to accelerate CPU intensive functions such as packet forwarding and pattern matching. This
offloading typically results in a 5-10X performance increase when measured against competitive solutions.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 3 of 19

Sandbox Analysis
Today’s increasingly sophisticated threats can mask their maliciousness and bypass traditional antimalware security.
Conventional antimalware engines are, in the time afforded and to the certainty required, often unable to classify certain
payloads as either good or bad; in fact, their intent is unknown. Sandboxing helps solve this problem – it entices unknown files to
execute in a protected environment, observes its resultant behavior and classifies its risk based on that behavior. With this
functionality enabled for your assessment, we have taken a closer look at files traversing your network.

Organizational File Usage

Total Files Detected ( 0 )
During the assessment period, we monitored the total number of files that were sent across your network. These files could have
been email attachments, files uploaded to file sharing services, downloads from the Internet, etc. This number will give you an
idea of the sheer amount of file-based activity either inbound or outbound.

Subset of Files Which Could be Sent for Sandbox Inspection ( )

While some file types like .png files are extremely low risk in nature, others can be executed or contain macros and other active
code that could exhibit malicious behaviors. Common files types such as exe, doc, xls, and zip should be inspected for their
potential to deliver threats to your network. Fortinet's sandboxing technologies can inspect more than 50 different file types
even while obfuscated within multiple layers of compression.

Files Needing Inspection Breakdown of File Types

No matching log data for this report No matching log data for this report

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 4 of 19

Results of Executable Sandbox Analysis
Total EXE Files Analyzed ( 0 )
As a highest risk file type, we started with executables which, after a standard anti-malware check on the FortiGate, were sent to
the sandbox for further inspection. The number here represents the subset of executables that were sent to the sandbox for
additional scrutiny.

Total Malicious EXEs Found ( 0 )

Of the Total EXE Files Analyzed, certain files may have tested positive for malicious threat payloads upon further inspection. Often
times this subsequent identification is due to later stage downloads or communications that are known to be malicious. This is
the number of malicious files that were discovered during our executable analysis.

Top Sandbox-identified Malicious EXEs

No matching log data for this report

Top Sources of Sandbox Discovered Malware

No matching log data for this report

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 5 of 19

Recommended Actions
Application Vulnerability Attacks Detected ( 1 )
Application vulnerabilities (also known as IPS attacks) act as entry points used to bypass security infrastructure and allow
attackers a foothold into your organization. These vulnerabilities are often exploited due to an overlooked update or lack of
patch management process. Identification of any unpatched hosts is the key to protecting against application vulnerability
attacks.

Malware Detected ( 0 )
Malware can take many forms: viruses, trojans, spyware/adware, etc. Any instances of malware detected moving laterally across
the network could also indicate a threat vector originating from inside the organization, albeit unwittingly. Through a
combination of signature and behavioral analysis, malware can usually be prevented from executing and exposing your network
to malicious activity. Augmenting your network with APT/sandboxing technology (e.g. FortiSandbox) can also prevent previously
unknown malware (zero-day threats) from propagating within your network.

Botnet Infections ( 0 )
Bots can be used for launching denial-of-service (DoS) attacks, distributing spam, spyware and adware, propagating malicious
code, and harvesting confidential information which can lead to serious financial and legal consequences. Botnet infections need
to be taken seriously and immediate action is required. Identify botnet infected computers and clean them up using antivirus
software. Fortinet's FortiClient can be used to scan and remove botnets from the infected hosts.

Malicious Websites Detected ( 0 )

Malicious websites are sites known to host software/malware that is designed to covertly collect information, damage the host
computer or otherwise manipulate the target machine without the user's consent. Generally visiting a malicious website is a
precursor to infection and represents the initial stages of the kill chain. Blocking malicious sites and/or instructing employees not
to visit/install software from unknown websites is the best form of prevention here.

Phishing Websites Detected ( 0 )

Similar to malicious websites, phishing websites emulate the webpages of legitimate websites in an effort to collect personal or
private (logins, passwords, etc.) information from end users. Phishing websites are often linked to within unsolicited emails sent
to your employees. A skeptical approach to emails asking for personal information and hovering over links to determine validity
can prevent most phishing attacks.

Proxy Applications Detected ( 4 )

These applications are used (usually intentionally) to bypass in-place security measures. For instance, users may circumvent the
firewall by disguising or encrypting external communications. In many cases, this can be considered a willful act and a violation of
corporate use policies.

Remote Access Applications Detected ( 0 )

Remote access applications are often used to access internal hosts remotely, thus bypassing NAT or providing a secondary access
path (backdoor) to internal hosts. In the worst case scenario, remote access can be used to facilitate data exfiltration and
corporate espionage activity. Many times, the use of remote access is unrestricted and internal corporate use changes should be
put into practice.

P2P and Filesharing Applications ( 1 )

These applications can be used to bypass existing content controls and lead to unauthorized data transfer and data policy
violations. Policies on appropriate use of these applications need to be implemented.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 6 of 19

Security and Threat Prevention
High Risk Applications
The FortiGuard research team assigns a risk rating of 1 to 5 to an application based on the application behavioral characteristics.
The risk rating can help administrators to identify the high risk applications quickly and make a better decision on the application
control policy. Applications listed below were assigned a risk rating of 4 or higher.

High Risk Applications

Risk Application Name Category Technology User Bandwidth Session
Proxy.Websites Proxy Browser-Based 1 612.17 KB 2
DNS.TXT.Records.Tunn Proxy Client-Server 2 62 B 2
eling
Telnet Remote.Access Client-Server 323 0B 495
RDP Remote.Access Client-Server 39 0B 62
VNC Remote.Access Client-Server 11 0B 11
Rsh Remote.Access Client-Server 1 0B 1
BitTorrent P2P Peer-to-Peer 1 104 B 1
Rexec Remote.Access Client-Server 1 0B 1

Figure 1: Highest risk applications sorted by risk and sessions

Application Vulnerability Exploits

Application vulnerabilities can be exploited to compromise the security of your network. The FortiGuard research team analyzes
these vulnerabilities and then develops signatures to detect them. FortiGuard currently leverages a database of more than 5,800
known application threats to detect attacks that evade traditional firewall systems. For more information on application
vulnerabilities, please refer to FortiGuard at: http://www.fortiguard.com/intrusion.

Top Application Vulnerability Exploits Detected

Severity Threat Name Type CVE-ID Victim Source Count
Netcore.Netis.Devices. Improper Authentication 1 1 1
Hardcoded.Password.Secu
rity.Bypass

Figure 2: Top vulnerabilities identified, sorted by severity and count

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 7 of 19

Malware, Botnets and Spyware/Adware
There are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open an
infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During the security
assessment, Fortinet identified a number of malware and botnet-related events which indicate malicious file downloads or
connections to botnet command and control sites.

Top Malware, Botnets and Spyware/Adware Detected

No matching log data for this report

Figure 3: Common Malware, Botnets, Spyware and Adware detected

At-Risk Devices and Hosts

Based on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client.
This client reputation is based on key factors such as websites browsed, applications used and inbound/outbound destinations
utilized. Ultimately, we can create an overall threat score by looking at the aggregated activity used by each individual host.

Most At-Risk Devices and Hosts

Device Scores
122.224.158.195 290
104.248.228.59 100
196.46.253.242 20
205.205.150.5 10
14.135.120.5 10
185.200.118.77 10
185.200.118.76 10
185.200.118.68 10
89.248.172.16 5

Figure 4: These devices should be audited for malware and intrusion susceptibility

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 8 of 19

Encrypted Web Traffic
From a security perspective, it's important to visualize how HTTPS vs. HTTP Traffic Ratio
much of your web-based traffic is encrypted. Encrypted traffic
poses very real challenges for enterprises who want to ensure
that those same applications are not being used for malicious
purposes, including data exfiltration. Ideally, your firewall can
59.78% HTTPS (5.68 GB)
inspect encrypted traffic at high speeds - this is why
40.22% HTTP (3.82 GB)
performance and hardware/ASIC offloading are key when
evaluating a firewall.

Top Source Countries

By looking at IP source traffic, we can determine the originating country of any particular request. Certain botnets, command and
control functions, and even remote access can be session heavy and indicative of targeted attacks or persistent threats from
nation-states. This chart is representative of country-based traffic - activity from specific originating nations may be anomalous
and warrant further investigation.

Top Source Countries

Country Bandwidth
Algeria 9.85 GB
France 112.25 MB
United States 30.07 MB
Germany 1,016.97 KB
China 921.69 KB
United Kingdom 846.29 KB
Ireland 202.23 KB
Hong Kong 168.99 KB
Canada 96.56 KB
Singapore 86.51 KB

Figure 5: Activity originating from these countries should be audited for expected traffic sources

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 9 of 19

User Productivity
Application Usage App Categories
Network.Service 44.42%
The FortiGuard research team categorizes applications into
General.Interest 12.07%
different categories based on the application behavioral
Video/Audio 8.01%
characteristics, underlying technology, and the related traffic
P2P 7.60%
transaction characteristics. The categories allow for better
Web.Client 7.39%
application control. FortiGuard maintains thousands of
application sensors and can even perform deep application Social.Media 6.93% App Categories

inspection. For example, IT managers can get unprecedented Collaboration 3.93%

visibility into filenames sent to the cloud or the titles of videos Update 3.49%
being streamed. Email 3.28%
Proxy 0.96%
For application category details, see: Others 1.90%
http://www.fortiguard.com/encyclopedia/application

With the proliferation of cloud-based computing, enterprises are increasingly reliant on third parties for infrastructure plumbing.
Unfortunately for enterprises, this means that their information is only as secure as the cloud provider's security. In addition, it
can often introduce redundancy (if services are already available internally) and increase costs (if not monitored properly).

Cloud Usage (SaaS) IT managers are often unaware of how many cloud-based
services are in use within their organization. Sometimes, these
applications can be used to circumvent or even replace
78.46% iCloud (2.13 GB)
corporate infrastructure already available to users in lieu of
9.21% Netflix (256.19 MB)
8.56% YouTube (238.04 MB) ease of use. Unfortunately, a potential side effect of this is that
2.52% Google.Cloud.Storage (70.15 MB) your sensitive corporate information could be transferred to
0.53% Facebook (14.76 MB) the cloud. Accordingly, your data could be exposed if the cloud
0.21% Amazon.CloudFront (5.86 MB) provider's security infrastructure is breached.
0.51% Others (14.24 MB)

The adoption of "infrastructure as a service" (IaaS) platforms is Cloud Usage (IaaS)

popular and can be very useful when compute resources are
limited or have specialized requirements. That said, the effective
outsourcing of your infrastructure must be well regulated to
prevent misuse. The occasional auditing of IaaS applications can 67.51% Amazon.CloudFront (5.86 MB)
be a useful exercise not only for security purposes, but also to 32.46% Amazon.AWS (2.82 MB)
minimize organizational costs associated with pay per use 0.03% Godaddy (2.43 KB)
models or recurring subscription fees.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 10 of 19

Application Category Breakdowns
Understanding application subcategories can give invaluable insights into how efficiently your corporate network is operating.
Certain application types (such as P2P or gaming applications) are not necessarily conducive to corporate environments and can
be blocked or limited in their scope. Other applications may have dual purpose uses (such as video/audio streaming or social
media apps) and can be managed accordingly. These charts illustrate application categories sorted by the amount of bandwidth
they used during the discovery period.

Remote Access Applications Proxy Applications

No matching log data for this report

99.90% Proxy.Websites (612.17 KB)

0.07% OpenVPN (434 B)
0.02% L2TP (130 B)
0.01% DNS.TXT.Records.Tunneling (62 B)

Top Social Media Applications Top Video/Audio Streaming Applications

42.99% Facebook (14.76 MB)

39.46% Snapchat (13.55 MB) 51.79% Netflix (256.19 MB)
16.15% Instagram (5.55 MB) 48.12% YouTube (238.04 MB)
1.30% Twitter (455.87 KB) 0.05% Musical.ly (260.26 KB)
0.09% Pinterest (30.30 KB) 0.04% SoundCloud (180.83 KB)
0.02% Foursquare (8.21 KB)

Top Gaming Applications Top Peer to Peer Applications

100.00% id.Software (116 B) 100.00% BitTorrent (104 B)

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 11 of 19

Web Usage
Web browsing habits can not only be indicative of inefficient use of corporate resources, but can also indicate an inefficient
optimization of web filtering policies. It can also give some insight into the general web browsing habits of corporate users and
assist in defining corporate compliance guidelines.

Top Web Categories

URL Category User Count Bandwidth
Information Technology 1 66 4.58 MB
Streaming Media and Download 1 37 252.14 MB
Unrated 1 34 51.07 KB
Information and Computer Security 1 11 12.87 KB
News and Media 1 9 3.58 MB
Internet Radio and TV 1 2 28.67 KB
Business 1 1 1,019 B
Entertainment 1 1 2.74 KB

In today’s network environments, many applications leverage HTTP for communications – even some you wouldn’t normally
expect. The primary benefit of HTTP is that communication is ubiquitous, universally accepted and (generally) open on most
firewalls. For most business-related and whitelisted applications this typically augments communication, but some non-business
applications also use HTTP in either unproductive or potentially nefarious ways.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 12 of 19

Top Web Applications
Application Sessions Bandwidth
HTTP 5,136 3.57 GB
SSL 4,896 2.18 GB
iCloud 1,538 2.13 GB
Google.Services 1,355 594.37 MB
Netflix 347 256.19 MB
Apple.Store 6 252.08 MB
YouTube 89 238.04 MB
Google.Cloud.Storage 5 70.15 MB
HTTPS.BROWSER 448 69.96 MB
Apple.Store 701 50.51 MB
Apple.Services 973 32.13 MB
Apple.Maps 583 19.58 MB
Facebook 153 14.76 MB
Snapchat 162 13.55 MB
Google.Ads 258 7.02 MB
Amazon.CloudFront 18 5.86 MB
Instagram 21 5.55 MB
Apple.iPhone 16 4.21 MB
HTTP.BROWSER 63 3.87 MB
Viber 87 3.23 MB
Microsoft.Outlook 509 3.06 MB
Amazon.AWS 57 2.82 MB
Google.Analytics 82 2.34 MB
Microsoft.Outlook.Office.365 88 822.80 KB
Wikipedia 4 647.85 KB

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 13 of 19

Websites Frequented
Websites browsed are strong indicators of how employees utilizing corporate resources and how applications communicate with
specific websites. Analyzing domains accessed can lead to changes in corporate infrastructure such as website blocking, deep
application inspection of cloud-based apps and implementation of web traffic acceleration technologies.

Most Visited Web Domains

Domain Category Visits
41.77.177.154:9090 Unrated 79
stb-static.canal-plus.com Streaming Media and Download 55
api-front.yatta.francetv.fr News and Media 31
analytics.ff.avast.com Information Technology 28
init-p01st.push.apple.com Information Technology 17
live.francetv.fr Internet Radio and TV 16
secure-stb-static.canal-plus.com Streaming Media and Download 10
static.s-sfr.fr Information Technology 8
ocsp.digicert.com Information and Computer Security 7
iosapps.itunes.apple.com Streaming Media and Download 6

Estimated browsing times for individual websites can be useful when trying to get an accurate picture of popular websites.
Typically, these represent internal web resources such as intranets, but they can occasionally be indicative of excessive behavior.
Browse times can be employed to justify the implementation of web caching technologies or help shape organizational
corporate use policies.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 14 of 19

Top Websites by Browsing Time
Sites Category Browsing Time(hh:mm:ss)
init-p01st.push.apple.com Information Technology 00:29:03
analytics.ff.avast.com Information Technology 00:09:57
live.francetv.fr Internet Radio and TV 00:06:15
api-front.yatta.francetv.fr News and Media 00:03:10
mire.ipadsl.net Information Technology 00:02:50
metrics.sfr.fr Information Technology 00:02:30
www.algerie1.com News and Media 00:02:29
webservices.francetelevisions.fr Entertainment 00:02:29
static.s-sfr.fr Information Technology 00:02:14
hls-m006.live-lv3.canalplus-cdn.net Information Technology 00:02:08
img.like.video Information Technology 00:02:04
init.ess.apple.com Information Technology 00:01:01
init-p01md.apple.com Information Technology 00:01:00
api-reco.yatta.francetv.fr News and Media 00:00:39
www.apple.com Information Technology 00:00:31
www.askip.co Business 00:00:30
appldnld.apple.com Information Technology 00:00:02
ocsp.godaddy.com Information and Computer Security 00:00:01
ocsp.apple.com Information Technology 00:00:01
ocsp.comodoca4.com Information and Computer Security 00:00:00
captive.apple.com Information Technology 00:00:00
ocsp.digicert.com Information and Computer Security 00:00:00
isrg.trustid.ocsp.identrust.com Information Technology 00:00:00
ocsp.int-x3.letsencrypt.org Information Technology 00:00:00
ocsp.usertrust.com Information and Computer Security 00:00:00

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 15 of 19

Network Utilization
Bandwidth
By looking at bandwidth usage when distributed over an average day, administrators can better understand their organizational
ISP connection and interface speed requirements. Bandwidth can also be optimized on an application basis (using throttling),
specific users can be prioritized during peak traffic times, and updates can be rescheduled outside of working hours.

Average Bandwidth by Hour

600 MB

500 MB

400 MB

300 MB

200 MB

100 MB

0
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

02

04

06

08

10

12

14

16

18

20

22
One of the most telling ways to analyze bandwidth is by looking at destinations and sources generating the most traffic. Common
destination sites (e.g. external websites), such as those for OS/firmware updates, can be throttled to allow prioritized, business
critical traffic. Internally, high traffic hosts can be optimized through traffic shaping or corporate use policies.

Top Bandwidth Consuming Sources/Destinations

Host Name Bandwidth
iosapps.itunes.apple.com 252.08 MB
mire.ipadsl.net 4.20 MB
api-front.yatta.francetv.fr 3.08 MB
api-reco.yatta.francetv.fr 504.31 KB
static.s-sfr.fr 124.21 KB
init-p01st.push.apple.com 115.90 KB
analytics.ff.avast.com 60.29 KB
41.77.177.154:9090 51.07 KB
stb-static.canal-plus.com 35.37 KB
live.francetv.fr 28.67 KB

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 16 of 19

FortiGuard Security and Services
Knowledge of the threat landscape combined with the ability to respond quickly at multiple levels is the foundation for providing
effective security. Hundreds of researchers at FortiGuard Labs scour the cyber landscape every day to discover emerging threats
and develop effective countermeasures to protect organizations around the world. They are the reason FortiGuard is credited
with over 250 zero-day and vulnerability discoveries and why Fortinet security solutions score so high in real-world security
effectiveness tests at NSS Labs, Virus Bulletin, AV Comparatives, and more.

Next Generation Application Control & IPS

Application control and intrusion prevention (IPS) are foundational security technologies in a next generation firewall
like the FortiGate. Organizations worldwide use FortiGuard application control and IPS in the FortiGate platform to
manage their applications and block network intrusions (every minute of every day FortiGuard blocks ~470,000
intrusion attempts). FortiGates running application control and IPS are tested for effectiveness in industry comparison
tests by NSS Labs and consistently receive Recommended ratings.

Web Filtering
Every minute of every day FortiGuard Labs processes approximately 43M URL categorization requests and blocks 160k
malicious websites. The Web Filtering service rates over 250M websites and delivers nearly 1.5M new URL ratings
every week. FortiGuard is the only VBWeb certified web filtering solution - blocking 97.7% of direct malware
downloads in 2016 tests.

AntiVirus and Mobile Security

Every minute of every day FortiGuard Labs neutralizes approximately 95,000 malware programs targeting traditional,
mobile and IoT platforms. Patented technologies enable FortiGuard antivirus to identify thousands of current and
future malware variants with a single signature – optimizing both security effectiveness and performance. Fortinet
consistently receives superior effectiveness results in industry testing with Virus Bulletin and AV Comparatives

AntiSpam
Every minute of every day FortiGuard Labs blocks approximately 21,000 spam emails and each week the Labs deliver
approximately 46M new and updated spam rules. Email is the #1 vector for the start of an advanced attack on an
organization so highly effective antispam is a key part of a security strategy.

Advanced Threat Protection (FortiSandbox)

Thousands of organizations around the world leverage FortiSandbox to identify advanced threats. FortiSandbox
consistently receives a Recommended rating for breach detection systems from NSS Labs in industry tests and in 2015
NSS Labs tests achieved a 97%+ breach detection rating.

IP Reputation
Every minute of every day FortiGuard Labs blocks approximately 32,000 botnet command & control communication
attempts. A key part of the attack kill chain on an organization is when the threat communicates with a command &
control server – either to download additional threats or to exfiltrate stolen data. IP and Domain address reputation
blocks this communication, neutralizing threats.

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 17 of 19

Appendix A
Devices

FG1500D[Monitor]

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 18 of 19

Appendix B
Report Filters(Logic: Any)
Filter name Value
dstip include (196.46.253.242)
srcip include (196.46.253.242)

Cyber Threat Assessment - FortiAnalyzer Host Name: FAZVM64 page 19 of 19