security matters - foresite · cisco asa yes yes yes yes meraki (mx / ms / mr) yes yes yes yes...
Post on 24-Jul-2020
22 Views
Preview:
TRANSCRIPT
Security Matters...
H O W D O I T E L L M Y C L I E N T S ?
Security Monitoring and Alerting:
ProVision is our multi-tenant, cloud robust platform is a proprietary solution that we use to deliver managed security services to our customers. If you would like to see a fully transparent, top-down view of your security operations through in-depth reporting and analysis, our ProVision Platform is the perfect solution.
Foresite provides monitoring and management of security infrastructure and systems. Our services include managed firewall, intrusion detection, vulnerability scanning, and endpoint management services. We have high-availability security operation centers providing 24/7 services designed to reduce the number of operational security resources and investments an enterprise needs to retain to maintain an acceptable security posture and adhere to compliance mandates.
• Threat Intelligence
• Security device management
• Incident response
• Security testing and assessments
• Social engineering
2
S E C u r I T Y M aT T E r S . . .
3
C O N T E N T S
COMMON OBJECTIVES
THE TROUBLE WITH SIEM
QUOTING QUESTIONS
SUPPORTED TECHNOLOGIES
CONTACT US
DESK SHEET
Contents
4
“ W E A L R E A D Y H A V E A
R E S O U R C E F O R T H A T ( C O U L D B E
I N T E R N A L O R E X T E R N A L ) . ”
“ I D O N ’ T F E E L
C O M F O R T A B L E D I S C U S S I N G
O U R S E C U R I T Y W I T H Y O U . ”
“ N O I M M E D I A T E N E E D O R
C O N C E R N . ”
Common Objectives & How to Handle Them
Here are a few common objectives you may run into while promoting security services along with a few suggestions of how to get past them.
5
& H O W T O H a N D L E T H E M
acknowledge it, then question: how do you decide which partners to work with?
Do you rotate your suppliers (for consulting)? Is your resource internal or external?
GOAL – get the conversation flowing. Tell them many of our clients told us the same
thing when we first spoke.
G O A L : G E T T H E C O N V E R S A T I O N F L O W I N G !
We Already Have a Resource for That
No Immediate Need or Concernask probing questions: I don’t hear that very often! What IS your top concern? Most
clients we speak to struggle with managing resources to stay on top of security. How
are you handling that? How do you assess and address cyber risks?
Be prepared with statistics or stories to use, such as “It sounds like you have a lot on
your plate Jim. We’re working with a lot of retail client to help them meet the latest
PCI DSS 3.2 regulations. How are you handling that”? Or “Healthcare organizations
have such a challenge to protect data from being stored or transmitted securely, how
do you handle that?
A S K P R O B I N G Q U E S T I O N S !
This is the right attitude to have – you could be phishing them so you need to make
them comfortable: I agree, let’s just talk in general terms to determine if there is
a reason to have a deeper conversation”. (Then lead into open-ended question,
such as a common industry challenge). What can I do to make you feel comfortable?
Maybe they want an NDA, or to schedule a time to call us back after viewing our
website or your LinkedIn profile to confirm who is calling. How can we get to know
each other better or Is meeting the only way to get to know you, or could we set up a
15 minute introductory call? Prepping for calls can help with this. If you view their
LinkedIn profile, you may have people in common that you can mention to build
credibility. Connecting with them provides opportunity to let us share information
with them and build a relationship over time.
T H A T I S T H E R I G H T A T T I T U D E T O H A V E !
I Don’t Feel Comfortable Discussing Our Security With You
While SIEM tools seem like a complete solution to many, there are several areas where they are still lacking. Here are seven situations where our ProVision solution addresses dif ficulties of ten caused by SIEM tools.
The Trouble With SIEM
Cost of implementation,
ongoing resources, &
billing by usage.
SIEM expenses are more than expected.
Foresite’s quotes include licensing of our proprietary tool, onboarding, and ongoing support and tuning. No usage or per event or change request fees. The annual service cost is consistent throughout the term of the agreement.
Implementation often costs as much as the
solution.
Configuration is complex.
Our ability to leverage a client’s virtual machines, minimal licensing costs, and very competitive onboarding fees make ProVision a much lower cost of entry.
Staffing costs are higherthan expected.
Foresite’s SOC team assigns a Technical Account Manager (TAM) who handles ongoing management and tuning of ProVision, taking this burden off the client.
Requires at least one dedicated person with the skills to manage.
SIEMs generate noise.
ProVision includes our SOC team. The SOC team reviews all events generated by the logs & business rules to eliminate the noise. The TAM makes sure the rules are updated to tune out false positives where appropriate.
More than half of users complain about too much noise from the
SIEM.
Lack of visibility.
ProVision is vendor agnostic. We help clients determine which feeds are needed during scoping, and can include feeds from a variety of leading manufacturers’ devices and endpoint solutions.
Most manufacturers’
solutions that only accept feed from their own devices.
More long-term storageneeded.ProVision can be configured to store logs for any amount of time, either locally or in our secure cloud archives.
Compliance may require logs to be stored for
years. SIEM solutions often can only
store 30-60 days.
Task automation is often missing.
When automation is not practical, Foresite’s SOC team is providing responses for managed clients and event correlation is handled by a combination of our customised parsers and our threat intelligence team.
Automated responses to
events and event correlation is not included in most SIEM solutions.
7
T H E T r O u B L E W I T H S I E M
Number of locations where the devices in scope reside? How are the sites inter-connected? Please
send a network diagram if available.
Make/Model of all Infrastructure in scope? (If you have OS version, that would be great. We can’t take on service for out of
support devices)
Functionality used per device (FW/VPN/IDS/etc)? This is common for Next
Generation Firewalls.
If services Firewalls, please specify if they are Single or
HA configuration?
Service Level Desired (Standard or Premier)?
When does the client need this level of service Live?
Testing: Please specify if internal and external
testing is needed and the number of IP’s for internal
and external.
8
Q u O T I N G
Quoting
Questions
9
P r O V I S I O N P O r T F O L I O O F S u P P O r T E D T E C H N O L O G I E S
ProVision Portfolio of Supported TechnologiesVendor MA1 MA2 MA3 MA4
Firewalls / Network & Security
Check Point
SMB FW & IDS (700 Series) N/A N/A Yes Yes
SMB Other Blades N/A N/A Yes Yes
NGFW & VPN Yes Yes Yes Yes
Next Generation All Other Blades Yes Yes Yes Yes
Juniper
SRX Yes Yes Yes Yes
SSG Yes Yes Yes Yes
SA / MAG (Pulse SSL VPN) Yes Yes No No
EX / MX (switching / routing) Yes Yes No No
Wireless (WLC ) Yes Yes No No
Palo Alto
NGFW & VPN Yes Yes Yes Yes
NGFW Additional Functions Yes Yes Yes Yes
Panorama Yes Yes Yes Yes
Fortinet
FW & VPN Yes Yes Yes Yes
NGFW Additional Functions Yes Yes Yes Yes
Sonic Wall
Firewall (TZ & NSA Series) Yes Yes Yes Yes
Sophos
Firewall (TZ & NSA Series) Roadmap , pending justification
CISCO
ASA Yes Yes Yes Yes
Meraki (MX / MS / MR) Yes Yes Yes Yes
FirePOWER Yes Yes Yes Yes
ASR / ISR (routing) Yes Yes No No
Catalyst/IOS (switching) Yes Yes No No
Nexus/XOS (switching) Yes Yes No No
WLC Yes Yes No No
WatchGuard
Firewall (TZ & NSA Series) Roadmap, pending justification
Other Services MA1 MA2 MA3 MA4
Servers
Windows Yes Yes No No
Domain Controllers Yes Yes No No
Unix / Linux Yes Yes No No
Apple Yes Yes No No
Standalone IDS
Snort Yes Yes No No
IDS-as-a-service On Hold, unlikely to progress
AV - Anti-Virus
CB Defense Yes Yes Yes Yes
Cyphort Yes Yes No No
Cylance Yes Yes No No
Kaspersky Yes Yes No No
McAfee EPO Yes Yes No No
Trend Micro Deep Security Yes Yes No No
SentinalONE Yes Yes No No
Sophos Roadmap, pending justification
Traps Roadmap, pending justification
WebRoot Roadmap, pending justification
SIEM / Log Management
Splunki Yes Yes No No
VMWare Log Insight Yes Yes No No
Authentication
Duo Yes Yes No No
RSA Authentication Manager Roadmap, pending justification
Load Balancers
F5 BIG-IP Roadmap, pending justification
Citrix Netscaler Yes Yes No No
Proxy & Mail
ProofPoint Roadmap, pending justification
Managed Vulnerability Assessment
OpenVAS Bases Solution Roadmap, pending justification
CASB
NetSkope Roadmap, pending justification
IPAM / DNS
Roadmap, pending justification
FIM
OSSEC Roadmap, pending justification
www.foresite.com
Contact Us
ForesiteEast Windsor, CT1 Hartfield Blvd, Suite 300East Windsor, CT, 06088 USA1 (800) 940-4699
ForesiteOverland Park, Kansas7311 West 132nd Street, Suite 305Overland Park, KS 66213 1 (800) 940-4699
ForesiteUnited KingdomCody Technology Park (Building A8)Ively Road, Farnborough, Hants. GU14 0LX+00800-900-400-21
Desk Sheet
Vendor MA1 MA2 MA3 MA4
Firewalls / Network & Security
Check Point
SMB FW & IDS (700 Series) N/A N/A Yes Yes
SMB Other Blades N/A N/A Yes Yes
NGFW & VPN Yes Yes Yes Yes
Next Generation All Other Blades Yes Yes Yes Yes
Juniper
SRX Yes Yes Yes Yes
SSG Yes Yes Yes Yes
SA / MAG (Pulse SSL VPN) Yes Yes No No
EX / MX (switching / routing) Yes Yes No No
Wireless (WLC ) Yes Yes No No
Palo Alto
NGFW & VPN Yes Yes Yes Yes
NGFW Additional Functions Yes Yes Yes Yes
Panorama Yes Yes Yes Yes
Fortinet
FW & VPN Yes Yes Yes Yes
NGFW Additional Functions Yes Yes Yes Yes
Sonic Wall
Firewall (TZ & NSA Series) Yes Yes Yes Yes
Sophos
Firewall (TZ & NSA Series) Roadmap , pending justification
CISCO
ASA Yes Yes Yes Yes
Meraki (MX / MS / MR) Yes Yes Yes Yes
FirePOWER Yes Yes Yes Yes
ASR / ISR (routing) Yes Yes No No
Catalyst/IOS (switching) Yes Yes No No
Nexus/XOS (switching) Yes Yes No No
WLC Yes Yes No No
WatchGuard
Firewall (TZ & NSA Series) Roadmap, pending justification
Other Services MA1 MA2 MA3 MA4
Servers
Windows Yes Yes No No
Domain Controllers Yes Yes No No
Unix / Linux Yes Yes No No
Apple Yes Yes No No
Standalone IDS
Snort Yes Yes No No
IDS-as-a-service On Hold, unlikely to progress
AV - Anti-Virus
CB Defense Yes Yes Yes Yes
Cyphort Yes Yes No No
Cylance Yes Yes No No
Kaspersky Yes Yes No No
McAfee EPO Yes Yes No No
Trend Micro Deep Security Yes Yes No No
SentinalONE Yes Yes No No
Sophos Roadmap, pending justification
Traps Roadmap, pending justification
WebRoot Roadmap, pending justification
SIEM / Log Management
Splunki Yes Yes No No
VMWare Log Insight Yes Yes No No
Authentication
Duo Yes Yes No No
RSA Authentication Manager
Roadmap, pending justification
Load Balancers
F5 BIG-IP Roadmap, pending justification
Citrix Netscaler Yes Yes No No
Proxy & Mail
ProofPoint Roadmap, pending justification
Managed Vulnerability Assessment
OpenVAS Bases Solution Roadmap, pending justification
CASB
NetSkope Roadmap, pending justification
IPAM / DNS
Roadmap, pending justification
FIM
OSSEC Roadmap, pending justification
Quoting Questions:1. Number of locations where the devices in scope reside? How are the sites
inter-connected? Please send a network diagram if available.2. Make/Model of all infrastructure in scope? (If you have OS version, that
would be great. We can’t take on service for out of support devices).3. Functionality used per device (FW/VPN/IDS/etc)? This is common for Next
Generation Firewalls. 4. If services Firewalls, please specify if they are Single or HA configuration?5. Service Level Desired (Standard or Premier)?6. When does the client need this level of service Live?7. For Vulnerability Scanning and Pen Testing: Please specify if internal and
external testing is needed and the number of IP’s for internal and external.
COMMON OBJECTIVES & HOW TO
HANDLE THEM
We already have a resource for that (could be internal or external)
acknowledge it, then question: how do you decide which partners to work with? Do you rotate your suppliers (for consulting)? Is your resource internal or external?
GOAL – get the conversation flowing. Tell them many of our clients told us the same thing when we first spoke.
No immediate need or concern ask probing questions: I don’t hear that very often! What IS your top concern? Most clients we speak to struggle with managing resources to stay on top of security. How are you handling that? How do you assess and address cyber risks? Be prepared with statistics or stories to use, such as “It sounds like you have a lot on your plate Jim. We’re working with a lot of retail client to help them meet the
latest PCI DSS 3.2 regulations. How are you handling that”? Or “Healthcare organizations have such a challenge to protect data from being stored or transmitted securely, how do you handle that?
I don’t feel comfortable discussing our security with youThis is the right attitude to have – you could be phishing them so you need to make them com-
fortable: I agree, let’s just talk in general terms to determine if there is a reason to have a deeper conversation”. (Then lead into open-ended question, such as a common industry challenge). What
can I do to make you feel comfortable? Maybe they want an NDA, or to schedule a time to call us back after viewing our website or your LinkedIn profile to confirm who is calling. How
can we get to know each other better or Is meeting the only way to get to know you, or could we set up a 15 minute introductory call? Prepping for calls can help with
this. If you view their LinkedIn profile, you may have people in common that you can mention to build credibility. Connecting with them provides
opportunity to let us share information with them and build a relationship over time.
Trouble with SIEM SIEM Challenge Foresite SolutionSIEM expenses are often more than anticipated
Cost of implementation, ongoing resources and billing by usage
Foresite includes use of our proprietary tool, onboarding and ongoing support and tuning. No usage, per event or change requests fees. The annual service cost is consistent across the contract length.
Configuration is complex
Implementation often costs as much as the solution
Our ability to lever client’s VMs, minimal licensing costs and competi-tive onboarding fees make ProVision a lower cost of entry
Staffing costs are higher than expected
Requires at least one person with the skills to manage
Our SOC team assign a TAM who will handle all onboarding and ongo-ing management, including tuning
SIEMs generate noise More than 50% of users complain about the amount of noise gener-ated by their SIEM tool
ProVision includes the SOC team. They review all events generated by the logs and business rules to eliminate the noise. The TAM makes sure the rules are updates to tune out false positives where appropriate.
Lack of visibility Most manufacturers will only accept feeds from their own devices
ProVision is vendor agnostic. We help clients determine which feeds are necessary during scoping and can include feeds from a variety of devices and endpoint solutions
More long term storage needed
Compliance may require logs to be stored for years. Most SIEMs can only hold logs for 30-60 days
We can store logs for as long as necessary, either locally or in our secure cloud archives
Task automation is often missing
Automated responses to events and event correlation is not included in most SIEM solutions
When automation is not practical, our SOC team is providing responses for managed clients and event correlation is handled by a combination of our customised parsers and our threat intelligence team
Supported Technologies
Foresite Offers:Security monitoring and alertingProVision is our multi-tenant, cloud robust platform is a proprietary solution that we use to deliver managed security services to our customers. If you would like to see a fully transparent, top-down view of your security operations through in-depth reporting and analysis, our ProVision Platform is the perfect solution.Foresite provides monitoring and management of security infrastructure and systems. Our services include managed firewall, intrusion detection, vulnerability scanning, and endpoint management services. We have high-availability security operation centers providing 24/7 services designed to reduce the number of operational security resources and investments an enterprise needs to retain to maintain an acceptable security posture and adhere to compliance mandates.• Threat Intelligence• Security device management• Incident response• Security testing and assessments• Social engineering
top related