: Security Lifecycle Review (SLR)—What’s in the Report?
Focus
Focus

Security Lifecycle Review (SLR)—What’s in the Report?

Table of Contents

Security Lifecycle Review (SLR)—What’s in the Report?

Security Lifecycle Review (SLR) reports summarize the security and operational risks your organization faces, and breaks this data down so that you can quickly and easily identify how to reduce your attack surface. Each section of the SLR report focuses on different types network activity—application usage, web-browsing, data transfer, and threat prevalence—and surfaces the greatest risks in each area. SLR reports display your organization’s statistics alongside the averages for your industry peers, so you can best understand your results in context.
After you generate an SLR report, or open an existing SLR report, there is an option to Take a Tour of the report. Select this option to walk through and learn about each section of an SLR report.
Executive Summary
Provides a bird’s-eye view of the state of your network. Statements on the total number threats detected on your network and the number of applications in use (including high-risk and SaaS applications) allow you to quickly assess how exposed you are to risk and focus areas for more strict or granular security policy control.
Applications
Gives you a view into the applications traversing your network, especially highlighting applications that are commonly non-compliant and/or can introduce operational or security risks. Application findings also include total and application-level bandwidth consumption and the applications in use according to type (like media or collaboration). This application visibility allows you to weigh the business value of applications in use on your network, against the risk applications can introduce (such as malware delivery, data exfiltration, or excessive bandwidth consumption).
SaaS Applications
Highlights the SaaS applications in use on your network, including the SaaS apps that are transferring the most data and those that have risky hosting characteristics (frequent data breaches, poor terms of service, etc.). Understanding the presence of SaaS apps on your network can help you work towards safely enabling the apps that are critical to your business, while providing threat protection and preventing data leaks.
Advanced URL Filtering Activity
Summarizes the web browsing activity on your network. Uncontrolled web access can result in exposure to malware, phishing attacks, and data loss. The advanced URL filtering activity report is broken down into several sections:
If you are operating PAN-DB, but do not have an advanced URL filtering subscription, only the relevant network activity metrics are displayed.
  • Summary—The summary provides high level analysis statistics about the URL requests passing through your network, including a categorized breakdown of URL requests, the associated malicious IP addresses, and real-time detection statistics.
  • Traffic Distribution—Displays key metrics describing the URL requests in your network based on the risk level and categorization.
  • Top Categories and Domains Distribution—Displays a series of charts showing the top visited URL and domain categories.
  • Top Malicious URLs In Real-Time—Displays the top 10 malicious URLs detected in real-time by the Advanced URL filtering service.
File Transfer
Gives you insight into the most commonly-used file types on your network, and what applications are being used to transfer these files. You can use the analysis provided here to consider more strict controls that prevent sensitive or proprietary data from leaving your network, and the delivery of malicious content into your network.
Threats
Summarizes your organization’s risk exposure by breaking down the attacks detected in your network:
  • Detected viruses and malware.
  • System flaws that an attacker might attempt to exploit.
  • Command-and-control (C2) activity, where spyware is collecting data and/or communicating with a remote attacker.
  • Vulnerable, unpatched applications that attackers can leverage to gain access to or further infiltrate your network.
Your Threat summary also breaks down the high risk file types detected on your network, and the file types found to have delivered malware that was unknown until WildFire detection. Examine this data to best assess where you can immediately start to reduce your attack surface.
New threat data is now included in your report:
  • Threats first found on the endpoint.
  • Threats associated with targeted campaigns or malicious actors.
  • The geographic locations most targeted by threats found in your network.
DNS Security Analysis
Summarizes your exposure to threats hidden within DNS traffic. DNS is an often overlooked attack vector. Advanced attackers in particular use DNS-based techniques like DNS tunneling and DGAs (domain generation algorithms) to exfiltrate data and to set up command-and-control (C2) channels, respectively. To give you a view into malicious DNS activity on your network, the DNS Security Analysis section also reveals:
  • How much of your DNS traffic is malicious, and then categorizes the malicious DNS traffic as C2, DGA, or DNS tunneling.
  • The domains and destination IP addresses that are most requested from within your network.
  • The top malicious domains accessed from your network, and the countries hosting most of these malicious domains.
  • The malware families most associated with the malicious domains being accessed from inside your network.
Summary
The final summary provides recommendations that you can consider to safely enable the applications you need to do business, while reducing the organization’s overall threat exposure.