Security Lifecycle Review (SLR)—What’s in the Report?
Security Lifecycle Review (SLR) reports
summarize the security and operational risks your organization faces,
and breaks this data down so that you can quickly and easily identify
how to reduce your attack surface. Each section of the SLR report
focuses on different types network activity—application usage, web-browsing,
data transfer, and threat prevalence—and surfaces the greatest risks
in each area. SLR reports display your organization’s statistics
alongside the averages for your industry peers, so you can best
understand your results in context.
After you generate an SLR report, or open an existing
SLR report, there is an option to Take a Tour of
the report. Select this option to walk through and learn about each
section of an SLR report.
Executive Summary
Provides a bird’s-eye view of the state
of your network. Statements on the total number threats detected
on your network and the number of applications in use (including
high-risk and SaaS applications) allow you to quickly assess how
exposed you are to risk and focus areas for more strict or granular
security policy control.
Applications
Gives you a view into the applications traversing
your network, especially highlighting applications that are commonly
non-compliant and/or can introduce operational or security risks.
Application findings also include total and application-level bandwidth
consumption and the applications in use according to type (like
media or collaboration). This application visibility allows you
to weigh the business value of applications in use on your network,
against the risk applications can introduce (such as malware delivery,
data exfiltration, or excessive bandwidth consumption).
SaaS Applications
Highlights the SaaS applications in use
on your network, including the SaaS apps that are transferring the
most data and those that have risky hosting characteristics (frequent
data breaches, poor terms of service, etc.). Understanding the presence
of SaaS apps on your network can help you work towards safely enabling
the apps that are critical to your business, while providing threat
protection and preventing data leaks.
Advanced URL Filtering Activity
Summarizes the web browsing activity on
your network. Uncontrolled web access can result in exposure to
malware, phishing attacks, and data loss. The advanced URL filtering
activity report is broken down into several sections:
If
you are operating PAN-DB, but do not have an advanced URL filtering
subscription, only the relevant network activity metrics are displayed.
Summary—The summary provides high level analysis statistics
about the URL requests passing through your network, including a
categorized breakdown of URL requests, the associated malicious
IP addresses, and real-time detection statistics.
Traffic Distribution—Displays key metrics describing
the URL requests in your network based on the risk level and categorization.
Top Categories and Domains Distribution—Displays a
series of charts showing the top visited URL and domain categories.
Top Malicious URLs In Real-Time—Displays the top 10
malicious URLs detected in real-time by the Advanced URL filtering
service.
File Transfer
Gives you insight into the most commonly-used
file types on your network, and what applications are being used
to transfer these files. You can use the analysis provided here
to consider more strict controls that prevent sensitive or proprietary
data from leaving your network, and the delivery of malicious content
into your network.
Threats
Summarizes your organization’s risk exposure
by breaking down the attacks detected in your network:
Detected
viruses and malware.
System flaws that an attacker might attempt to exploit.
Command-and-control (C2) activity, where spyware is collecting
data and/or communicating with a remote attacker.
Vulnerable, unpatched applications that attackers can leverage
to gain access to or further infiltrate your network.
Your
Threat summary also breaks down the high risk file types detected
on your network, and the file types found to have delivered malware
that was unknown until WildFire detection. Examine this data to best
assess where you can immediately start to reduce your attack surface.
Threats associated with targeted campaigns or malicious actors.
The geographic locations most targeted by threats found in
your network.
DNS Security Analysis
Summarizes your exposure to threats hidden
within DNS traffic. DNS is an often overlooked attack vector. Advanced
attackers in particular use DNS-based techniques like DNS tunneling and DGAs (domain generation
algorithms) to exfiltrate data and to set up command-and-control
(C2) channels, respectively. To give you a view into malicious DNS
activity on your network, the DNS Security Analysis section also
reveals:
How much of your DNS traffic is malicious,
and then categorizes the malicious DNS traffic as C2, DGA, or DNS tunneling.
The domains and destination IP addresses that are most requested
from within your network.
The top malicious domains accessed from your network, and
the countries hosting most of these malicious domains.
The malware families most associated with the malicious domains
being accessed from inside your network.
Summary
The final summary provides recommendations
that you can consider to safely enable the applications you need
to do business, while reducing the organization’s overall threat
exposure.