Top 5 Risky Applications and Services
This section provides a summary of risky applications and services.
Risky Applications
This widget displays the top 5 riskiest applications in your environment. Application risk is based on the Protection Coverage Score that appears in the App Group List. For an app-level risk assessment and remediation recommendations, click any application in the list to redirect to its details page.
For an app-level risk assessment and remediation recommendations, click any application in the list to redirect to its details page.
Risky Services
The PCE automatically assigns default ransomware protection settings on certain services deemed to be at risk of ransomware penetration and lateral movement. These services and their default risk assessment are listed in the Ransomware-risky services table. Based on this default risk assignment, the top 5 riskiest services in your environment are displayed in a dedicated widget on the Ransomware Dashboard.
Click any service in the list to redirect to its details page. From there you can edit or remove the service, or navigate up one level to add new services.
To address the unique conditions in your environment, you can change the default ransomware risk assessment on a per-service basis by gong to Policy Objects > Services and changing the Severity as shown in the following image.
Ransomware-Risky Services Table
The list of services at risk of ransomware penetration and lateral movement is provided in this table to help you assess ransomware exposure on your Enterprise Services. All new organizations created after the release Illumio Core 23.2 have services created and tagged with the metadata as system default. Organizations created before the release Illumio Core 23.2 with services that have exact match of protocol and port numbers will be tagged with the ransomware risk metadata.
Customers should work with Illumio Support to review and revise their services objects to match the list below for accurate assessment.
Service | Service Name | Protocol | Port Number | Severity | Category | OS |
|---|---|---|---|---|---|---|
HTTP | S-HTTP | TCP | 80 | Medium | Legacy | Linux, Windows |
LLMNR | S-LLMNR | UDP | 5355 | Medium | Legacy | Linux, Windows |
NFS | S-NFS | TCP/UDP | 2049 | Medium | Admin | Linux |
RDP | S-RDP | TCP/UDP | 3389 | Critical | Admin | Windows |
MSFT RPC | S-RPC | TCP | 135 | Critical | Admin | Linux, Windows |
SMB | S-SMB | TCP/UDP | 445 | Critical | Admin | Linux, Windows |
SSH | S-SSH | TCP/UDP | 22 | Medium | Admin | Linux |
WinRM | S-WINRM | TCP | 5985 | Critical | Admin | Windows |
WinRM Secure | S-WINRM-SECURE | TCP | 5986 | Critical | Admin | Windows |
FTP Data | S-FTP-DATA | TCP | 20 | Medium | Legacy | Linux, Windows |
FTP Control | S-FTP-CONTROL | TCP | 21 | Medium | Legacy | Linux, Windows |
METASPLOIT | S-METASPLOIT | TCP/UDP | 4444 | Low | Legacy | Linux, Windows |
Multicast DNS | S-MDNS | UDP | 5353 | Medium | Legacy | Windows |
NetBIOS | S-NETBIOS | UDP TCP | 137, 138 137, 139 | High | Legacy | Windows |
POP3 | S-POPV3 | TCP | 110 | Low | Legacy | Linux, Windows |
PPTP | S-PPTP | TCP/UDP | 1723 | Low | Legacy | Linux, Windows |
SSDP | S-SSDP | UDP | 1900 | Medium | Legacy | Windows |
SunRPC | S-SUNRPC | TCP/UDP | 111 | Low | Legacy | Linux |
TeamViewer | S-TEAMVIEWER | TCP/UDP | 5938 | High | Admin | Linux, Windows |
Telnet | S-TELNET | TCP/UDP | 23 | Medium | Admin | Linux, Windows |
VNC | S-VNC | TCP/UDP | 5900 | High | Admin | Linux, Windows |
WSD | S-WSD | TCP/UDP | 3702 | Medium | Legacy | Windows |
Risky Ports Widgets
These widgets illustrate risky ports in your environment.
This widget shows the percentage of ransomware-risky ports in your environment according to their level of severity (Critical, High, Medium, and Low). Each category of risky ports has a different total on each workload, and therefore, across the environment.
To illustrate the protection coverage by severity, five percentage data points are used: 20%, 40%, 60%, 80%, and 100%. Colored bars depict the percentage of protected (green) and unprotected (orange) ports.
Risky Ports by Type
This widget shows the percentage of ransomware-risky ports in your environment by type, administrative or legacy.
To help illustrate the protection coverage by port type, five percentage data points are used: 20%, 40%, 60%, 80%, and 100%.
Colored bars depict the percentage of protected (green) and unprotected (orange) ports.
Recommended Actions Widget
This widget presents links for securing your workloads so that you can more easily address the risks revealed in the other widgets.
