microsoft internet security and acceleration (isa) server 2004: solution sales aid
TRANSCRIPT
Microsoft Internet Security and Acceleration (ISA) Server 2004:Solution Sales Aid
Solution Sales Aid Contents
Know the Key Players Understand the Organizational Pain Chain Create Interest: Question Examples Initial Value Proposition Example Situation Questions Address Customer Needs with ISA 2004 Solutions Anxiety Creation Example Power Sponsor Letter/E-Mail Example Success Criteria Example Appendix
Business Value Propositions Capability Questions Case Study Summaries
Key Players PainsCEO/President Competitive disadvantage
Not meeting profit expectations Eroding market share Inability to rapidly respond to industry dynamics and
new business opportunities
CFO Declining ROI and ROA Poor investment performance Declining profits Not meeting profit growth objectives Not making budget targets
VP Sales and Marketing
Declining market share Not attracting new customers and or distribution
channels Inability to respond to customers High turnover rate in the sales force Unable to maximize productivity High client-dissatisfaction rate
Know the Key Players
Key Players PainsCSO—Chief Security Officer
Inability to understand exposure to risk Inability to proactively manage and maintain a complex security
infrastructure Not knowing the effectiveness of the security solution Not knowing if the best security partner was chosen Not knowing if enough or too much has been budgeted to
provide ample security Not knowing when the next attack will happen and how severe it
will be
Know the Key Players
Key Players PainsIT Director(CIO/VP MIS)
Inability to meet users’ demands Increasing IT costs and pressure to reduce IT budgets Inability to provide long-term strategy Trouble keeping up with rapid technological changes Lack of rapid deployment and low-cost solutions to
business units Difficulty integrating new systems with legacy systems Inability to share information across the organization Difficulty managing return on IT investments Difficulty responding to needs of business units Poor image within the company Unable to manage growth due to technology changes Increasing time to deliver requested information Inconsistent services around the organization
Know the Key Players
Key Players PainsIT Staff Difficulty managing existing systems and applications while
securing and protecting the environment Inability to make perceived minor changes and deliver ad-
hoc requests Delivery schedule for applications too long Inability to use leading-edge technology Lack skilled resources Lack of user involvement and commitment Inability to attract new people
Know the Key Players
Understand the Organizational Pain Chain
CIOWe are not effectively leveraging our investment in security.
•Enterprise platform security is not aware of what happens enterprise wide•Rising cost of corporate information asset protection•Reacting to security breaches rather than proactively managing them
Title:Pain:
Title:Pain:
VP Sales/MarketingCustomers cannot gain access to Web site in order to order products.
•Compromising client financial data•Loss of productive sales time due to cyber attacks•Leveraging Internet as a viable sales platform
CFOJustifying the cost center of security.
•Financial risk minimized due to security attacks•Safeguarding corporate IP to avoid losing business•Deploying a security model to reduce future costs due to reactive management
Title:Pain:
PresidentCompany at a competitive disadvantage.
•Press attacks from competition•Eroding market share•Reduced production due to downtime
Title:Pain:
Chief Security OfficerCriminal activity is unknown and unpredictable.
•Disparate infrastructure•Limited budget•Lack of dedicated staff•Lack of defined security model
Title:Pain:
This is _________________ with __________. You and I haven’t spoken before. We have
been working with IT executives like you for the last (many) years. One of the
chief concerns we've been hearing (lately) from other CIOs is their frustration about
managing a highly secure network environment with fast, cost-effective Internet access
and secure remote connectivity. We have been able to help our customers address this
issue. Would you be curious to know how?
Prompter—New Customer/Prospect
Create Interest: Question Examples
Prompter—Menu of Pain Option with References
This is _________________ with __________. We haven’t spoken before, but we have
been working with IT executives for the last (#) years. The top-three issues
(concerns) we are hearing (lately) from other CIOs are (1) proactively managing and
maintaining network security, including protecting key applications; (2) providing fast
and cost-effective Internet access; and (3) connecting employees with secure, cost-
effective remote network access. We have been able to help companies address some
of these issues. Would you be curious to know how?
This is ___________________ with __________. You and I haven’t spoken before,
but (customer contact name) from (company name) suggested that I give you a call.
We were able to help him/her address his/her frustration with securing his/her
organization's rapidly expanding networks in an efficient and cost-effective way.
Would you be curious to know how?
Prompter—Upgrade Option: Existing ISA Server 2000 Customer
Prompter—Customer Reference Option:
This is _________________ with __________. You and I have spoken before. You may
have heard about Microsoft's recent release of ISA Server 2004, a next-generation
application-layer firewall, VPN, and Web-cache solution that can help you manage a
highly secure network environment with fast, cost-effective Internet access and secure
remote connectivity. We have been able to help customers like you successfully
upgrade to take advantage of all of the new features and technologies of ISA Server
2004. Are you interested in learning what's new in ISA Server 2004, and why I think you
should consider upgrading?
Create Interest: Question Examples
Initial Value Proposition Example
Enterprises today are continuously challenged to deploy and manage fast, secure Internet connectivity in a cost-effective manner. The dynamic nature of digital threats increases the complexity in securing network perimeters. Microsoft® ISA Server 2004 will provide you with enterprise security, fast Internet access, and integrated management that will enable you to stay vigilant and nimble.
Situation Questions: Assessing Needs
Assessment Stage“How do you assess security vulnerabilities today? Does your firewall filter and protect at the application layer as well as the network layer? Is there an enterprise-centric system to handle intersystem functionality? Are you making the most of your bandwidth?”
Design Stage“How have you defined your layered defensive security model? How are you going to leverage your existing security investment and design a perimeter defense that integrates with your directory, authentication systems, and Microsoft Windows® infrastructure?”
Deployment Stage“Do your current security platforms support security on all layers including the application level? Are you integrating the authentication and management of your firewalls, VPN, and Internet-access gateways? Are you pushing Internet content closer to your users in order to improve performance and save on bandwidth cost?”
Management Stage“How do you manage the protection of your assets today? Do you have a comprehensive network perimeter control process? How do you monitor traffic that enters and leaves your network? How do you ensure that your network is PROACTIVELY secured at multiple layers and controlled to cut down on administrative overhead and bandwidth cost?”
Situation Questions
Multiple Choice “Menu” Approach:
The top-four difficulties we are hearing from CSOs these days include:
• Firewalls that only protect at the network level• Slow, costly Internet connectivity• Limited budget• Lack of dedicated staff
…are you facing any of these issues today?OR
…are you curious as to how we have helped our customers deal with these issues?
The top-three difficulties we are hearing from CIOs these days include:
• Enterprise platform security is not enterprise-aware• Rising cost of corporate asset protection• Reacting to security rather than proactively managing it
…are you facing any of these issues today?OR
…are you curious how we have helped our customers deal with these issues?
Address Customer Needs with ISA 2004 Solutions
Scenario1 “I want to securely and easily make e-mail available to employees outside
the network.”
2 “I want to securely and easily provide intranet information over the Internet.”
3 “I want to enable partners to access relevant information in my network in a secure manner.”
4 “I want to provide secure and flexible remote access to my employees, while protecting my corporate network from malicious traffic.”
5 “I want to enable my branch offices to securely communicate with the main office over the Internet.”
6 “I want to have control over Internet access and protect my clients from malicious traffic on the Internet.”
7 “I want to ensure fast access to the most frequently used Web content in my organization.”
While every Internet-connected organization needs security, there are a number of specific customer needs that present good opportunities for selling ISA Server 2004.
Address Customer Needs with ISA 2004 Solutions
1: I want to securely and easily make e-mail available to employees outside the network.
Business Driver
E-mail is mission critical for many organizations. Access anywhere, anytime is a fundamental requirement for business communications.
Risk Internet-accessible e-mail servers are potentially vulnerable to compromise. E-mail content is potentially vulnerable to eavesdropping, interception, and modification.
Mitigation E-mail servers must be shielded from attack by devices that can enforce legitimate traffic behavior. E-mail content must be encrypted and checked for integrity.
Value Proposition
ISA Server stops attacks against e-mail servers by enforcing proper traffic patterns at the application level. ISA Server protects mail servers from malformed commands that might expose vulnerabilities or reveal too much information useful for reconnaissance. ISA Server can require that all traffic be encrypted.
Unique Value ISA Server provides the best protection for Microsoft Exchange by pre-authenticating users, filtering application traffic, and enforcing encryption.
Address Customer Needs with ISA 2004 Solutions
Business Driver
As with e-mail for communications, more and more business processes require global on-demand access to internal corporate data.
Risk Internet-accessible Web servers are potentially vulnerable to compromise. Web content is potentially vulnerable to eavesdropping, interception, and modification. Additionally, anonymous initial access to resources exposes them to attack.
Mitigation Require conformance to understood network and application protocols to lessen (or in some cases eliminate) entire classes of attacks. Enforce valid authentication before granting access to servers.
Value Proposition
Using Web publishing, ISA Server can inspect the traffic for legitimacy, enforce valid URLs, and pre-authenticate all users before forwarding access to protected resources. Using server publishing, ISA Server disallows direct connections between clients and servers and provides application-aware inspection for some protocols.
Unique Value ISA Server provides the best protection for Web applications (Microsoft Internet Information Services [IIS] and Microsoft SharePoint®) by pre-authenticating users, filtering application traffic, translating links, and enforcing encryption.
2: I want to securely and easily provide intranet information over the Internet.
Address Customer Needs with ISA 2004 Solutions
Business Driver
Business relationships often require interconnecting the networks of partners for information exchange and access to internal data.
Risk The Internet, like all public networks, can’t be trusted. Communications are vulnerable to eavesdropping, interception, and modification. Legitimate connections can be spoofed by attackers. Granting partners complete access to the internal network gives them too much access, which then might be abused.
Mitigation Encrypt and validate the integrity of all traffic between sites. Require authentication for all connections. Establish network connection policies that allow client computers of one partner to access network resources at another and restrict access to only what’s necessary.
Value Proposition
The ISA Server VPN encrypts all traffic between sites, keeping it confidential and ensuring it remains unmodified. All servers authenticate to each other before establishing connections. Access and routing policies limit one partner’s ability to roam on the other’s network.
Unique Value Using S2S VPN with ISA Server, customers will be able to apply flexible policies to their partner connections that restrict access to needed content, while enforcing strict application-filtering rules.
3: I want to enable partners to access relevant information in my network in a secure manner.
Address Customer Needs with ISA 2004 Solutions
Business Driver
Although the Web is a popular medium for on-demand access to applications, sometimes remote clients require full participation in the internal network—file sharing, nonpublished Web sites, and peer-to-peer networking are examples.
Risk Remote client computers often are connected to unknown (possibly hostile) networks. Some remote client computers might be unmanaged (home) devices. Remote clients can infect internal networks with worms and viruses.
Mitigation Inspect the configuration of remote computers and update security configurations before allowing full access. Constrain access to destinations and required resources. Inspect all traffic from and to the remote client.
Value Proposition
Remote access quarantine can ensure that client security (firewalls, virus scanners, software restriction policies) are enabled and up-to-date. Clients can be limited to certain internal resources rather than being granted full access everywhere. ISA Server inspects all content inside VPN tunnels.
Unique Value ISA Server is able to run VPN client checks on remote PCs to enforce corporate software policies, while providing deep content inspection that protects your corporate network from worms and viruses.
4: I want to provide secure and flexible remote access to my employees, while protecting my corporate network from malicious traffic.
Address Customer Needs with ISA 2004 Solutions
5: I want to enable my branch offices to securely communicate with the main office over the Internet.
Business Driver
Installing a single device in a branch office to manage all connectivity and using the Internet to connect branch offices to the main office will save money, save time, and is simple to implement and manage.
Risk Multiple devices are more expensive to acquire and manage and are more vulnerable to configuration errors, possibly leading to compromise.
Mitigation Deploy common configurations of the same device for Internet access, site-to-site connections, and content caching at all branch offices.
Value Proposition
The ISA Server integrated firewall, VPN, and cache provide the best connectivity experience for Microsoft networks.
Unique Value ISA Server is uniquely positioned to deliver an integrated firewall, VPN, and cache solution that helps large corporations lower bandwidth costs, improve user productivity, and protect against advanced attacks.
Address Customer Needs with ISA 2004 Solutions
6: I want to have control over Internet access and protect my clients from malicious traffic on the Internet.
Business Driver Organizations want to control and limit Internet access, thereby improving user productivity, while protecting clients from malicious traffic.
Risk Improper use can affect productivity and in some cases expose an organization to expensive legal action. Consumer instant messaging and peer-to-peer file-sharing applications might be a particular problem for some organizations. Malicious code from the Internet can make a client machine unusable and increase the risk of worm propagation. This costs organizations time and money.
Mitigation Block access to destinations and applications that put an organization at risk or decrease productivity. Apply specific access controls by group and/or job function. Inspect and block malicious traffic from infecting computers. Logs keep track of who went where and when.
Value Proposition
ISA Server can block access to certain sites and content. HTTP inspection can block embedded applications such as peer-to-peer and instant messaging applications as well as malicious traffic. Integration with Microsoft Active Directory® enables building custom access controls for varying organizational roles and job levels. ISA Server traffic filtering prevents many common forms of attack from succeeding: internal clients are not accessible from the outside, incoming reply traffic is checked for validity, and third-party add-ons can check for worms and viruses. Special configurations can also be made to block exploits of new vulnerabilities.
Unique Value ISA Server leading-edge application filtering allows our customers to protect their desktops and servers from advanced attacks, improving the reliability of your environment. Through signature blocking, ISA Server can block non-business applications, helping organizations increase user productivity.
Address Customer Needs with ISA 2004 Solutions
7: I want to ensure fast access to the most frequently used Web content in my organization.
Business Driver
Fast access keeps employees productive and happy. Yet bandwidth is a finite resource, some of which is always required for mission-critical communications.
Risk Web browsing is one of the largest consumers of bandwidth. Left unchecked, it could consume everything, leaving nothing for mission-critical applications.
Mitigation Many users often visit the same sites. Keeping local copies of popular Web content improves the user experience and makes more bandwidth available for other uses.
Value Proposition
ISA Server caching capabilities ensure fast access to popular content. Content can be distributed across arrays of servers, making the best use of storage capacity. The cache obeys restrictions and expirations if present, thus ensuring that content remains timely and current.
Unique Value ISA Server provides enterprise management and control of cached content, while integrating flexible firewall policies.
1. Anxiety Question
2. Capability Question
3. Feature
Situation: Job Title: _____________________________________________ Industry: _____________________________________________
CSO
How would you feel if at the next quarterly meeting you had to explain to the CIO and CFO that we are unable to exchange information freely because we have no reliable method for protecting against the latest types of cyber attacks such as Code Red, all of which is resulting in poor customer satisfaction?
What if there was a way to reduce the spread of script-replication viruses, and reduce the chance of communications being compromised without sacrificing the increased productivity that can be enjoyed by allowing users to securely share the ideas they have developed?
General Industry
Anxiety Creation Example
Microsoft ISA Server 2004 can give you that capability.
Mr. Jim SmithPresidentABC Company
Dear Mr. Smith,
Thank you for meeting with Steve Jones and me earlier today. I believe the time was well spent for both ABC and _____________. You confirmed your primary critical issue is losing competitive advantage in your marketplace.
You and I explored the following reasons for the difficulty:• Press attacks from competition• Eroding market share• Reduced production due to downtime
You indicated that if your company had the following capabilities you thought you could regain that competitive advantage:
• Assist the CIO in effectively leveraging your existing and future investments in security to get products to market sooner• Enable sales and marketing to be more responsive to customers by securely leveraging the Internet as a viable sales platform
• Avoid losing business by proactively deploying a layered security model that safeguards corporate IP When I told you I was confident that we can help you integrate these type of capabilities with your existing systems, you agreed to take a serious look at our ability to do so. Based on my knowledge to date, I am suggesting a short project-oriented evaluation plan for your further exploration of these issues. Look it over with Steve, and I will call you Friday to get your thoughts.
Sincerely,
cc: Steve Jones, ABC Co.
Power Sponsor Letter/E-Mail Example
Success Criteria Base Line Q1 Q2 Q3 Q4
Number of minutes/quarter of unscheduled downtime due to cyber attacks 3,5
#
Number third-party security applications to maintain/quarter 2,5 #
Number of systems administrators/quarter on staff to manage security—authentication, authorization, patches,… 3
#
Number of help-desk calls/quarter related to security 6 #
Estimated number of days sooner a product was brought to market as a result of security 4
#
Short-Term Action Required
1 President 4 VP of Sales/Marketing
2 CFO 5 CSO
3 CIO 6 IT Director
Success Criteria Example
Appendix
FeaturesFeaturesFeaturesFeatures
• Advanced Advanced application-layer application-layer firewall, VPN, and firewall, VPN, and cache solutioncache solution
• Easily maximize Easily maximize existing IT existing IT investments to investments to improve network improve network security and security and performanceperformance
ValueValueValueValue
• Advanced Advanced security for your security for your networknetwork
• Protection for Protection for your Microsoft your Microsoft applicationsapplications
• Helps protect Helps protect your critical your critical business assets business assets and stay on top and stay on top of Web demandsof Web demands
Key Features and Business Values
Business Value Propositions
Return on Technology• Reduced corporate risk• Increased customer retention• Increased productivity
Return on People• Reduced security issues• Faster response• Leverage existing services• Preventative approach
Return on Process• Partner/customer integration• Standards-based insures long-term investment value• Greater agility using infrastructure implementation• Faster time to market
Advanced Protection
Enterprise Firewall ProtectionDo you need an enterprise-class firewall to protect your servers, applications, and data from hackers, crackers, disgruntled employees, intrusions, viruses, and malicious mobile code?
Granular Network Traffic ControlDo you want to control what information is allowed into your network and who can access critical corporate application and data?
Cost-Effective NetworkingDo you want to make the most of your network bandwidth through cost-effective control of digital traffic?
Ease of Use
Integrated Administration ToolsDo you want an integrated approach to managing your Internet access, user access, and firewall security for improved administration?
Centralized Server ManagementDo you want centralized management of multiple ISA servers that scales out for large enterprise deployments? (Be Better)
Capability Questions
Fast, Secure Web Access
Fast and Reliable Web AccessDo you want to increase employee productivity by enabling fast and reliable access to Web content?
Distributed Web ContentDo you want to improve Web access and lower bandwidth cost by storing Web content local to your employees?
Highly Flexible and Extensible
Key Partner SupportDo you need a solution that has leading third-party vendor support?
Platform that Accommodates Future GrowthDo you need a security solution that is flexible and extensible to meet your current and future needs?
Capability Questions
Case Study Summary
Country: United States
Industry: Information technology Customer Profile:Avanade is the leading technology integrator specializing in Microsoft enterprise solutions.
Business Situation:With more than 80 percent of its users working remotely, Avanade wanted a cost-effective security solution with more internal inspection functions and VPN filtering capabilities.
Solution:Avanade selected Microsoft ISA Server 2004 as its firewall, VPN, and Web-cache solution.
Benefits:Faster VPN user accessIncreased remote network securityDecreased Web traffic by 25 percentSimplified managementConfigured multiple networksImproved authentication policyImproved event logging
For more details, please visit http://www.microsoft.com/isaserver.
““The simplicity of ISA Server minimizes the cost of The simplicity of ISA Server minimizes the cost of our operational staff and maximizes the speed of our operational staff and maximizes the speed of our response to events.” our response to events.”
Craig NelsonDirector of IT Technology InfrastructureAvanade
Case Study Summary
Country: United States
Industry: Healthcare
Customer Profile:Clarke County Hospital, located in Osceola, Iowa, serves residents in south and central portions of the state by providing diagnostic outpatient, emergency, medical, and surgical services.
Business Situation:In accordance with HIPAA regulations, Clarke County Hospital wanted a network security system to protect patient information. The hospital also wanted to limit Internet access and Web surfing.
Solution:Clarke County Hospital chose Microsoft ISA Server 2004 to make its network more secure, internally as well as remotely, and to apply a Web-cache solution.
Benefits:Reduces time for medical diagnosisIncreases productivity by 30 percentImproves ability to identify user problemsReduces downtimeProvides insurance against improper Internet access
For more details, please visit http://www.microsoft.com/isaserver.
““I’ve accomplished more in the last I’ve accomplished more in the last two months with ISA Server than I two months with ISA Server than I did in the six months prior to did in the six months prior to installation.” installation.”
Jodi ReindlAssistant to DirectorsClarke County Hospital
© 2004 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, SharePoint, Windows, and the Windows logo are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA
© 2004 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, SharePoint, Windows, and the Windows logo are registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA