Classification	Count
Unknown Traffic	7,683
Attempted Information Leak	4,291
Potentially Bad Traffic	1,270
Misc Activity	482
Information Leak	479

II. Assessment Results

Of the 14,660 total attacks on your network, 74 (0.5%) of them were considered high impact. That means they targeted machines that were likely vulnerable to these attacks. These events are the most critical to investigate, and Cisco automatically identifies them for you. Cisco identifies high impact events automatically by correlating attacks with target risk, which is determined by passively profiling your network devices and their vulnerabilities in real time. This saves time and money over traditional solutions, which require you to qualify all events manually or import scan data from other systems. If a staff member's time is worth $75 per hour and each attack takes 10 seconds to qualify, then each attack costs $0.21 to manually qualify. The difference in qualification time and cost between Cisco and traditional solutions is substantial.

Attacks to Qualify / Year	Cost to Qualify	Cost to Qualify All Attacks
764,414 estimated total attacks	$0.21	$160,527.00
3,859 estimated high impact attacks	$0.21	$810.30

Event Type	Details	Potentially Vulnerable Hosts
Attempted Administrator Privilege Gain	OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (1:3590:23)	3
Attempted Information Leak	PROTOCOL-SNMP request udp (1:1417:17)	3
Attempted Information Leak	PROTOCOL-SNMP trap udp (1:1419:17)	3
Attempted Information Leak	PROTOCOL-SNMP AgentX/tcp request (1:1421:18)	2
Attempted User Privilege Gain	PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (1:33050:1)	1

Network Change Type	Number of Changes
A new operating system was found	2,548
A new host was added to the network	4,725
A device started using a new transport protocol	4,996
A device started using a new network protocol	5,360

As network changes are made, Cisco solutions automatically adjust policy so new operating systems, hosts, and protocols are protected. Cisco automates the tuning process by monitoring networks in real time and observing changes, and then making appropriate policy changes as a result. For example, if Windows 2000 hosts running IIS appear on the network, Cisco ensures that rules protecting against Windows 2000 and IIS vulnerabilities, and not irrelevant rules that may cause false positives, protect these hosts.

Apps Associated with Lower Impact Events	Count
SNMP client	3,522
Web browser	297
Chrome	126
SSL client	93
Internet Explorer	80

Attackers	Attacks
20.2.185.25	23
220.231.10.21	18
10.141.10.31	10
10.141.10.19	7
220.231.10.75	6

Targets	Attacks
10.0.10.124	24
10.141.10.45	23
20.2.185.81	10
20.2.185.37	7
10.131.10.124	4

Attackers	Attacks
220.231.10.124	975
172.149.41.1	615
186.107.10.124	581
220.231.10.21	468
172.91.41.1	465

Targets	Attacks
10.0.10.124	645
192.38.41.133	615
10.110.10.12	588
10.0.10.21	569
192.89.41.133	465

Hosts Using IPv6 in your Network (Monitored)
0

Attacks Seen over IPv6
9

III. Business Risk of Attacks

Attack Classification	Number of Events	Risk Associated with the Attack
Potential Corporate Policy Violation	16	Information Theft: These events indicate usage of apps and protocols in ways that may be prohibited by organizational policy.
A Network Trojan was Detected	0	Infrastructure Damage, Information Theft: A trojan is a program that appears to be benign to an end user but is in fact malicious. It can be used to steal information or cause damage.
Denial of Service	16	System Degradation, Denial of Service: Denial of service (DoS) attacks attack the reliability of your network infrastructure, causing service to be denied to legitimate users.
Administrator/User Privilege Gain	62	Information Theft, Infrastructure Damage: Users on network machines who gain privileges illicitly may be able to steal information and control machines.

IV. Recommendations

New Capability	Benefit
Real-Time Contextual Awareness	Profile hosts, applications, users, and network infrastructure in real time. Assess potential vulnerabilities and identify network changes.
Automatic Impact Assessment	Determine the risk of any attack to your business in real time in order to optimize response to it.
File Identification and Control	Detect and optionally block files by file type. Capture files for offline analysis, if desired.
Advanced Malware Protection (AMP)	Protect against malware with AMP for networks, which includes integration with AMP ThreatGRID for superior sandboxing, security intelligence and advanced file analysis. Also, AMP for Endpoints provides endpoint protection to offer defense in depth.
URL filtering	Enforce acceptable use of the internet.
Application Visibility and Control	Identify and control over 3000 applications. By leveraging OpenAppID, application detectors can be created for custom application. Furthermore, Snort rules can be written to address specific applications.
Security Intelligence	With unparalleled visibility into the Internet, Cisco Talos provides dynamic IP and URL black list to protect against malicious websites.
Automatic Policy Tuning	Automatically tune IPS protections in response to changes in your network composition.
Association of Users with Security and Compliance Events	Associate users with activity on the network, including attacks and application usage, through integration with Active Directory servers.
Collective Intelligence	Get rapid detection and insight into emerging threats so that defenses stay effective.
Virtual Protection	Protect VM-to-VM communications the same as physical networks.

About Cisco

It's no secret that today's advanced attackers have the resources, expertise, and persistence to compromise any organization at any time. As attacks become more sophisticated and exploit a growing set of attack vectors, traditional defenses are no longer effective.

It's more imperative than ever to find the right threat-centric security products, services, and solutions for your current environment. These solutions must also easily adapt to meet the evolving needs of your extended network, which now goes beyond the perimeter to include endpoints, mobile devices, virtual machines, data centers, and the cloud.

For over three decades, Cisco has been a leader in network security protection, innovation, and investment. Our expertise and experience helps us increase intelligence and expand threat protection across the entire attack continuum for a level of security you can build your business on.

Cisco delivers intelligent cybersecurity for the real world.

Want to learn more about getting this information on your network? Go to cisco.com/go/security and request a live demo.

Apps Associated with High Impact Events	Count
SNMP client	51
DCE/RPC client	3

I. Executive Summary

Relevant Attacks Carry the Following Risks

II. Assessment Results

Identifying Critical Attacks Using Impact Analysis

High Impact Attacks

Hosts at High Risk

Automating the Tuning Effort

Applications Associated with Attacks

Top Attackers and Targets

High Impact Events

Lower Impact Events

IPv6 Attacks and Traffic

III. Business Risk of Attacks

Business Risk of Intrusion Attempts

IV. Recommendations