HARMONY ENDPOINT

THREAT ANALYSIS REPORT

Date Customer Prepared by:

Dec 31, 2023 Laboratorio Jaloma Harmony Endpoint - Check Point Technologies
 HARMONY ENDPOINT

THREAT ANALYSIS REPORT

Customer Analysis Duration

Laboratorio Jaloma 2023

Connection Token Account Id

JALOMA-7115bc63-hap1 939a6b74-57af-498f-b3b0-22c826f3dc91

Region Harmony Endpoint Version

United States R81.20

HARMONY ENDPOINT Classification: [Restricted]ONLY for designated groups and individuals Check Point Software Technologies Ltd. © All rights reserved.
TABLE OF CONTENTS

Table of Contents
EXECUTIVE SUMMARY

KEY FINDINGS
MALWARE ATTACKS
HIGH RISK WEB ACCESS
COMPROMISED CREDENTIALS

HARMONY ENDPOINT
HARMONY ENDPOINT PROTECTION
ABOUT CHECK POINT

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 2
EXECUTIVE SUMMARY

This report presents the security

Malware and Attacks
assessment of your organization by
Harmony Endpoint
vulnerabilities detected.
and the
6.4K 189 Hosts encountered
malicious files
3
This report provides a summary of Attacks were prevented Hosts Encountered
exposure to ransomware, phishing, Ransomware Attack
zero-day malware, CC communication,
data leakage, and other threats.

0 Hosts were
encountered
27.8K exploit attack
Check Point’s Anti-Ransomware includes
Attacks were detected active threat prevention that detects and
quarantines detect and quarantine
Zero-days downloads present a unique ransomware attacks, and of course, the
count of old or new malware variant with ability to restore your files from routine
un-known anti-virus signature. backups.

Compromised Credentials High Risk Web Access

0 31 1.1K 86
Credentials leak Phishing attacks were High risk website Incidents of access to
events were encountered access incidents websites marked as
encountered non-compliance by the
policy

Re-using corporate passwords on

unauthorized or non-corporate sites
puts organizations at risk. Access to Check Point's Zero-Phishing technology High risk websites include categories, such
corporate services are secure when identifies and blocks both known and as Phishing, Botnets, Spyware and so on. URL filtering controls access to millions of
employees are blocked from re-using unknown phishing sites. Sites are Access to these websites is blocked by the websites by category, users, groups and
their corporate credentials on non- inspected within the user's browser by pre-defined policy to prevent risk to the machines to ensure your corporate policy
corporate websites. analyzing multiple page elements. organization. is enforced.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 3
Key Findings
KEY FINDINGS MALWARE ATTACKS

Top Protections Top Malware Activities

Protection Type Blade Severity Logs Malware Action Blade Logs

Behavioral Forensics Medium 1 Verified Threat Extraction 45.8K

CMI Reputation Forensics High 60 Not Supported Threat Extraction 25.3K

Anti-Bot Critical Extracted Threat Extraction 16.5K
38

Content Removal Threat High 5.4K Oversized Threat Extraction 1.5K

Extraction Critical Corrupted File Threat Extraction 649
1.4K

File Monitor Forensics Critical 53 Forensics

Malicious network activity 98
Anti-Bot
High 10
Forensics
Medium 5 behavior 14
Threat Emulation
File Reputation Forensics High 125
ransomware Forensics 7
Critical 18
Forensics
File System Emulation Forensics High 92 Adware","Trojan","behavior 6
Threat Emulation
Critical 2
Adware","Bundler","Dealply","behavior"," Forensics
2
HTTP Emulation Threat Critical 19 coreinstaller Threat Emulation
Emulation High Threat Emulation
8
Trojan","behavior 2
Medium 1 Forensics

Offline Reputation Forensics High Forensics

48 Adware","KMSAuto","behavior 2
Threat Emulation
Critical 3
behavioral, trojan Forensics 2
Phishing Zero Phishing Medium 1.2K
High 31
Proactive Defense Forensics Critical 31
Monitor
Ransomware Anti-Ransomware
Medium 14
Forensics

Showing only events with severity: Critical, High and Medium

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 5
KEY FINDINGS HOSTS

Top Hosts by No. of Incidents

Critical High Medium Low Informational

192.168.0.199

10.1.6.53

10.1.6.21

10.1.6.27

10.1.6.14

10.1.6.49

10.1.6.65

10.1.6.33

10.1.6.35

10.1.6.31

0 2 4 6 8 10 12 14 16 18 20 22 24 26

Top Hosts by Severity

Source Severity Blade Protection Name Protection Type Action

Threat Extraction
Content Removal Extract
Zero Phishing Extract potentially malicious content
10.2.1.6 Critical gen.ba.phishing Phishing Detect
Forensics Offline Reputation
Gen.Rep. Prevent
Threat Emulation File System Emulation

Threat Extraction
Content Removal
Zero Phishing Extract potentially malicious content Extract
gen.ba.phishing Phishing
10.1.6.73 Critical Forensics File Reputation Detect
Gen.Rep.7z
Threat Emulation PDM:Exploit.Win32.Generic Proactive Defense Monitor Prevent
Anti-Malware Protection

Threat Extraction Content Removal Extract

Extract potentially malicious content
10.2.50.3 Critical URL Filtering gen.urlf URL Filtering Prevent
Zero Phishing gen.ba.phishing Phishing Detect

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 6
KEY FINDINGS MALWARES

Top Actions by Malware

Verified

Not Supported

Extracted

Oversized

Corrupted File

Malicious network activity

behavior

ransomware

Adware","Trojan","behavior

Adware","Bundler","Dealply","behavior","coreinstaller

0 5K 10K 15K 20K 25K 30K 35K 40K 45K

Top Actions by Malware

Malware Action Protection Type Source Logs

Verified Content Removal 773 Sources 45.8K

Not Supported Content Removal 663 Sources 25.3K

Extracted Content Removal 576 Sources 16.5K

Oversized Content Removal 283 Sources 1.5K

Corrupted File Content Removal 122 Sources 649

Malicious network activity CMI Reputation 3 Sources 98

behavior File System Emulation 3 Sources 14

ransomware Ransomware 3 Sources 7

Adware","Trojan","behavior File System Emulation 1 Source 6

Adware","KMSAuto","behavior File System Emulation 1 Source 2

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 7
KEY FINDINGS MALICIOUS ACTIVITY

Top Malware Activity and Sources by Severity

Malware Action Source Severity Action Logs

Extracted 10.2.1.6 Critical Extract 606

10.1.6.15 Critical Extract 196
10.1.6.73 Critical Extract 134
10.1.3.48 Critical Extract 134
10.1.3.42 Critical Extract 116

Total: 1 Source Critical 1 Action 6.8K

Malicious network activity 10.1.4.7 Critical Prevent 92

10.1.6.43 Critical Prevent 4
10.1.3.17 Critical Detect 2

Total: 1 Source Critical 1 Action 98

ransomware 10.1.3.11 Medium Prevent 3
10.1.6.84 Medium Prevent 3
10.1.6.86 Medium Prevent 1

Total: 1 Source Medium 1 Action 7

behavior 172.16.10.13 High Detect 3

172.16.10.39 High Prevent 3
192.168.0.125 High Prevent 1

Total: 1 Source High 1 Action 7

Corrupted File 10.2.1.5 High Extract 2
10.1.6.14 High Extract 2

Total: 1 Source High 1 Action 4

Adware","Trojan","behavior 192.168.0.125 High Prevent 3

Total: 1 Source High 1 Action 3

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 8
KEY FINDINGS MALICIOUS ACTIVITY

Malware Action Source Severity Action Logs

Adware","KMSAuto","behavior 192.168.0.185 High Prevent 1

Total: 1 Source High 1 Action 1

Adware","Bundler","Dealply","behavior","coreinstaller 192.168.0.125 High Prevent 1

Total: 1 Source High 1 Action 1

Trojan","behavior 192.168.0.199 High Prevent 1

Total: 1 Source High 1 Action 1

behavioral, trojan 10.4.3.7 Medium Prevent 1

Total: 1 Source Medium 1 Action 1

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 9
KEY FINDINGS HIGH RISK WEB ACCESS
ACCESS TO HIGH RISK WEB SITES
Web use is ubiquitous in business today. But the constantly evolving nature of the web makes it extremely difficult to protect and enforce standards for web usage
in a corporate environment. To make matters more complicated, web traffic has evolved to include not only URL traffic, but embedded URLs and applications as
well. Identification of risky sites is more critical than ever. Access to the following risky sites was detected in your network, organized by category, number of users,
and number of hits.
Top high risk web sites (Top phishing attempts) Access to non-business websites or to sites
containing questionable content can expose an
Resource Time Source
organization to possible productivity loss,
https://devsimanfacturaweb.z21.web.core.windows.net/mar Aug 29, 2023 7:20:28 PM 10.1.6.74 compliance and business continuity risks.
isa
https://devsimanfacturaweb.z21.web.core.windows.net/mar Aug 29, 2023 4:36:20 PM 10.1.6.74
isa
Access to Questionable Sites
http://gasdelnorte.ddns.net:8383/controlgasfe/alta_direccio Category Hits
Aug 11, 2023 2:56:10 PM 172.25.176.1
n.aspx?op=2&id=26987&ss=5akcwkheq3giu20p0fejjsno
Gambling 61
https://masteredi-app-portalweb- Jul 24, 2023 5:35:24 PM 172.16.10.54
prod.azurewebsites.net/login/index?returnurl=%2f Media Streams, Illegal /
9
Questionable
https://masteredi-app-portalweb- Jul 24, 2023 5:35:11 PM 172.16.10.54
prod.azurewebsites.net/login/index?returnurl=%2f Sex, Pornography 4
https://masteredi-app-portalweb- Jul 24, 2023 5:33:19 PM 10.220.152.142
prod.azurewebsites.net/login/index?returnurl=%2f

Users With Credential Leak Events

No data found.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 10
Harmony Endpoint
HARMONY ENDPOINT

How does It work? Harmony Endpoint is a

Harmony Endpoint Worldwide Major Player
Block malware coming from web browsing
All The Endpoint Protection or email attachments before it reaches the Check Point Harmony Endpoint has been
You Need endpoint, without impacting user recognized as a major player by IDC Marketplace
productivity. Every file received via email or for its unique strengths, including:
downloaded by a user through a web
Harmony Endpoint is a complete endpoint security browser is sent to the Threat Emulation Distinctive sandboxing and Content Disarm
solution built to protect the remote workforce sandbox to inspect for malware. Files can Reconstruction (CDR) capabilities which
from today's complex threat landspace. It prevents also be sanitized using a Threat Extraction allow advanced malware protection without
the most imminent threats to the endpoint, such process (Content Disarm Reconstruction reducing user productivity
as ransomware, phishing, or driven-by malware, technology) to deliver safe and cleaned Runtime protection and complete
while quickly minimizing breach impact with content in milliseconds. remediation from attacks, with the instant
autonomous detection and response. and automated restoration of ransomware-
Gain runtime protection against
ransomware, malware, and file-less encrypted files, even in offline mode.
This way, your organization gets all the endpoint Robust sales channel strategy and
attacks, with instant and full
protection it needs, at the quality, it deserves, in a continuous investment in both innovative
remediation, even in offline mode. Once an
single, efficient, and cost-effective solution. and core security technologies which make
anomaly or malicious behavior is detected,
Endpoint Behavioral Guard blocks and its endpoint security solution compelling for
Why Harmony Endpoint? remediates the full attack chain without the enterprise, SMB market, and even
leaving malicious traces. Anti-Ransomware consumers.
Today more than ever, endpoint security plays identifies ransomware behaviors such as Unified security solution with cloud-based
acritical role in enabling your remote workforce. encrypting files or attempts to compromise management which reduces vendor
With 70% of cyber attacks are through an endpoint, OS backups and safely restores relationships, and overhead in security
complete endpoint protection at the highest ransomware-encrypted files automatically. operations, and improves security readiness.
security level is crucial to avoid security breaches Harmony Endpoint uses a unique vaulted We were also recognized as a major player in
and data compromise. space locally on the machine that is only another IDC market scale report for
accessible to Check Point signed processes -
Harmony Endpoint is part of the Check Point endpoint security for small midsize
in case the malware attempts to perform a
Harmony product suite, the industry’s first unified businesses.
shadow copy deletion, the machine will not
security solution for users, devices, and access. lose data.
Harmony consolidates six products to provide Phishing Protection - Prevent credential
uncompromised security and simplicity for theft with Zero-Phishing® technology that
everyone. identifies and blocks the use of phishing
It protects devices and internet connections from sites. Sites are inspected and if found
the most sophisticated attacks while ensuring Zero- malicious, the user is blocked from entering
Trust Access to corporate applications - all in a credentials. Zero-phishing® even protects
single solution that is easy to use, manage and buy. against previously, unknown phishing sites
and corporate credentials re-use.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 12
HARMONY ENDPOINT

FASTEST RECOVERY CONSOLIDATED SECURITY

KEY PRODUCT BENEFITS
MANAGEMENT
Automated attack containment and
remediation: Complete endpoint protection:
Managing the entire security network is often prevent the most imminent threats to
the only Endpoint Protection solution that complicated and demands a high level of human
automatically and completely remediates the endpoint.
expertise. Check Point Infinity, powered by R80.x Fastest recovery: Automating 90% of
the entire cyber kill chain. Once an attack security management version, brings all security
has been detected, the infected device can attack detection, investigation, and
protections and functions under one umbrella, remediation tasks.
be automatically quarantined to prevent with a single console that enables easier operation
lateral infection movement and restored to Best TCO: All the endpoint protection
and more efficient management of the entire you need in a single, efficient, and cost-
a safe state. security network. The single console introduces
Auto-generated forensic reports: effective.
unparalleled granular control and consistent
providing detailed visibility into infected security and provides rich policy management
assets, attack flow, and correlation with the which enables delegation of policies within the
MITRE ATT&CK™ Framework. The Forensics enterprise. The unified management, based on
capability automatically monitors and modular policy management and rich integrations UNIQUE PRODUCT CAPABILITIES
records endpoint events, including affected with 3rd party solutions through flexible APIs,
files, processes launched, system registry enables automation of routine tasks to increase Advanced behavioral analysis and
changes, and network activity, and creates a operational efficiencies, freeing up security teams machine learning algorithms shut down
detailed forensic report. Robust attack to focus on strategic security rather than repetitive malware before it inflicts damage.
diagnostics and visibility support tasks. High catch rates and low false positives
remediation efforts, allowing system ensure security efficacy and effective
administrators and incident response teams prevention.
to effectively triage and resolve attacks.
CHECKPOINT INFINITY Automated forensics data analysis offers
Threat Hunting powered by enterprise- detailed insights
Build on Check Point Infinity, the first consolidated
wide visibility and augmented by globally into threats.
security architecture designed to resolve the
shared threat intelligence from hundreds of Full attack containment and remediation
complexities of growing connectivity and
millions of sensors, collected by to quickly restore any infected systems.
inadequate security, delivering full protection and
ThreatCloud™. With the Threat Hunting
threat intelligence across networks, clouds,
capability, you can set queries or use
endpoints, mobile devices, and IoT.
predefined ones to identify and drill down
into suspicious incidents, and take manual Future-proof your business and ensure business
remediation actions. continuity with the architecture that keeps you
protected against any threat, anytime and
anywhere.

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 13
HARMONY ENDPOINT

About Check Point

security architecture that enables end-to-end CORPORATE HEADQUATERS
security with a single line of unified security
Check Point Software Technologies' mission is to gateways, and allow a single agent for all endpoint United States
secure the Internet. Check Point was founded in security that can be managed from a single unified Check Point Software Technologies Inc. 959 Skyway
1993, and has since developed technologies to management console. This unified management Road Suite 300
secure communications and transactions over the allows for ease of deployment and centralized San Carlos, CA 94070
Internet by enterprises and consumers. control and is supported by, and reinforced with, 1-800-429-4391
real-time security updates. International
Check Point was an industry pioneer with our Check Point Software Technologies Ltd.
FireWall-1 and our patented Stateful Inspection Our products and services are sold to enterprises, 5 Ha’Solelim Street
technology. Check Point has extended its IT service providers, small and medium sized Tel Aviv 67897, Israel
security innovation with the development of our businesses and consumers. Our Open Platform for +972-3-753-4555
Security (OPSEC) framework allows customers to Please contact us for more information and to
Software Blade architecture. The dynamic Software
schedule your onsite assessment:
Blade architecture delivers secure, flexible and extend the capabilities of our products and services
Within the US: 866-488-6691
simple solutions that can be customized to meet with third-party hardware and security software
Outside the US: +44 2036087492
the security needs of any organization or applications. Our products are sold, integrated and
environment. serviced by a network of partners worldwide. Check
Point customers include tens of thousands of
Check Point develops markets and supports a wide businesses and organizations of all sizes including
range of software, as well as combined hardware all Fortune 100 companies. Check Point's award-
and software products and services for IT security. winning ZoneAlarm solutions protect millions of
We offer our customers an extensive portfolio of consumers from hackers, spyware and identity
network and gateway security solutions, data and theft.
endpoint security solutions and management
solutions. Our solutions operate under a unified www.checkpoint.com

©Check Point Software Technologies Ltd. All rights reserved. Classification: [Restricted] ONLY for designated groups and individuals Security Checkup - Threat Analysis Report 14
HARMONY ENDPOINT