Infinity NDR Security Check-up Report

Overview

The Infinity NDRClosed Network Detection and Response Web application lets users easily create a Security Check-up report and other more specialized reports.

When it is necessary, you can approve more users to see this information on the application.

After the Infinity NDR sensor completes activation, it starts to send logs generated by the different Check Point software blades. By default, these include Threat Prevention (Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System)., Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.) and Access blades (Firewall, Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI., URL FilteringClosed Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.). These logs stay on the customer's domain even after the sensor is deactivated.

Generating an Infinity NDR Report

  1. Browse to the Reports tab.

  2. Click + REQUEST to submit a new report request.

  3. Enter a Description for the report.

  4. The Date range defaults to the last 7 days - this is typically sufficient for a Security Check-up.

  5. Keep the Language setting as English - currently the only supported language.

  6. Select the report Type: NDR Security Checkup or Security Checkup - Advanced (see below).

  7. Enter your email address to send the report to.

  8. Optionally enter a Filter. This is typically used to not include uninteresting data, or to focus on a specific part of the network.

  9. Click SEND to send the report request.

  10. After some minutes, you receive the report in your mailbox, and it is displayed in the Reports tab on the portal.

Infinity NDR Report Types for Security Check-up

  • Security Checkup - Advanced –Includes the findings of a variety of security threats: malware infections, usage of high risk web applications, intrusion attempts, loss of sensitive data, etc.

  • NDR Security Checkup – Customized and scoped report for NDR, that includes the findings of a security estimate conducted in your network leveraging AIClosed Artificial Intelligence insights and threat analytics.

Generating a Threat Topology Report

One of the advanced analytical tools on the Infinity NDR portal is the Threat Topology visualization. Threat Topology let you map network interactions and prioritize different event types.

To export a Threat Topology visualization for presentation out of the portal:

On ANALYTICS > Threat Topology, click Export HTML (bottom right)

This generates a report in HTMLClosed HyperText Markup Language archive format, that you can send to the customer. Opening the report object provides an offline interactive experience that is equivalent to the one on the Infinity NDR application.