security matters - foresite · cisco asa yes yes yes yes meraki (mx / ms / mr) yes yes yes yes...

11
Security Matters... HOW DO I TELL MY CLIENTS?

Upload: others

Post on 24-Jul-2020

21 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

Security Matters...

H O W D O I T E L L M Y C L I E N T S ?

Page 2: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

Security Monitoring and Alerting:

ProVision is our multi-tenant, cloud robust platform is a proprietary solution that we use to deliver managed security services to our customers. If you would like to see a fully transparent, top-down view of your security operations through in-depth reporting and analysis, our ProVision Platform is the perfect solution.

Foresite provides monitoring and management of security infrastructure and systems. Our services include managed firewall, intrusion detection, vulnerability scanning, and endpoint management services. We have high-availability security operation centers providing 24/7 services designed to reduce the number of operational security resources and investments an enterprise needs to retain to maintain an acceptable security posture and adhere to compliance mandates.

• Threat Intelligence

• Security device management

• Incident response

• Security testing and assessments

• Social engineering

2

S E C u r I T Y M aT T E r S . . .

Page 3: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

3

C O N T E N T S

COMMON OBJECTIVES

THE TROUBLE WITH SIEM

QUOTING QUESTIONS

SUPPORTED TECHNOLOGIES

CONTACT US

DESK SHEET

Contents

Page 4: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

4

“ W E A L R E A D Y H A V E A

R E S O U R C E F O R T H A T ( C O U L D B E

I N T E R N A L O R E X T E R N A L ) . ”

“ I D O N ’ T F E E L

C O M F O R T A B L E D I S C U S S I N G

O U R S E C U R I T Y W I T H Y O U . ”

“ N O I M M E D I A T E N E E D O R

C O N C E R N . ”

Common Objectives & How to Handle Them

Here are a few common objectives you may run into while promoting security services along with a few suggestions of how to get past them.

Page 5: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

5

& H O W T O H a N D L E T H E M

acknowledge it, then question: how do you decide which partners to work with?

Do you rotate your suppliers (for consulting)? Is your resource internal or external?

GOAL – get the conversation flowing. Tell them many of our clients told us the same

thing when we first spoke.

G O A L : G E T T H E C O N V E R S A T I O N F L O W I N G !

We Already Have a Resource for That

No Immediate Need or Concernask probing questions: I don’t hear that very often! What IS your top concern? Most

clients we speak to struggle with managing resources to stay on top of security. How

are you handling that? How do you assess and address cyber risks?

Be prepared with statistics or stories to use, such as “It sounds like you have a lot on

your plate Jim. We’re working with a lot of retail client to help them meet the latest

PCI DSS 3.2 regulations. How are you handling that”? Or “Healthcare organizations

have such a challenge to protect data from being stored or transmitted securely, how

do you handle that?

A S K P R O B I N G Q U E S T I O N S !

This is the right attitude to have – you could be phishing them so you need to make

them comfortable: I agree, let’s just talk in general terms to determine if there is

a reason to have a deeper conversation”. (Then lead into open-ended question,

such as a common industry challenge). What can I do to make you feel comfortable?

Maybe they want an NDA, or to schedule a time to call us back after viewing our

website or your LinkedIn profile to confirm who is calling. How can we get to know

each other better or Is meeting the only way to get to know you, or could we set up a

15 minute introductory call? Prepping for calls can help with this. If you view their

LinkedIn profile, you may have people in common that you can mention to build

credibility. Connecting with them provides opportunity to let us share information

with them and build a relationship over time.

T H A T I S T H E R I G H T A T T I T U D E T O H A V E !

I Don’t Feel Comfortable Discussing Our Security With You

Page 6: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

While SIEM tools seem like a complete solution to many, there are several areas where they are still lacking. Here are seven situations where our ProVision solution addresses dif ficulties of ten caused by SIEM tools.

The Trouble With SIEM

Page 7: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

Cost of implementation,

ongoing resources, &

billing by usage.

SIEM expenses are more than expected.

Foresite’s quotes include licensing of our proprietary tool, onboarding, and ongoing support and tuning. No usage or per event or change request fees. The annual service cost is consistent throughout the term of the agreement.

Implementation often costs as much as the

solution.

Configuration is complex.

Our ability to leverage a client’s virtual machines, minimal licensing costs, and very competitive onboarding fees make ProVision a much lower cost of entry.

Staffing costs are higherthan expected.

Foresite’s SOC team assigns a Technical Account Manager (TAM) who handles ongoing management and tuning of ProVision, taking this burden off the client.

Requires at least one dedicated person with the skills to manage.

SIEMs generate noise.

ProVision includes our SOC team. The SOC team reviews all events generated by the logs & business rules to eliminate the noise. The TAM makes sure the rules are updated to tune out false positives where appropriate.

More than half of users complain about too much noise from the

SIEM.

Lack of visibility.

ProVision is vendor agnostic. We help clients determine which feeds are needed during scoping, and can include feeds from a variety of leading manufacturers’ devices and endpoint solutions.

Most manufacturers’

solutions that only accept feed from their own devices.

More long-term storageneeded.ProVision can be configured to store logs for any amount of time, either locally or in our secure cloud archives.

Compliance may require logs to be stored for

years. SIEM solutions often can only

store 30-60 days.

Task automation is often missing.

When automation is not practical, Foresite’s SOC team is providing responses for managed clients and event correlation is handled by a combination of our customised parsers and our threat intelligence team.

Automated responses to

events and event correlation is not included in most SIEM solutions.

7

T H E T r O u B L E W I T H S I E M

Page 8: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

Number of locations where the devices in scope reside? How are the sites inter-connected? Please

send a network diagram if available.

Make/Model of all Infrastructure in scope? (If you have OS version, that would be great. We can’t take on service for out of

support devices)

Functionality used per device (FW/VPN/IDS/etc)? This is common for Next

Generation Firewalls.

If services Firewalls, please specify if they are Single or

HA configuration?

Service Level Desired (Standard or Premier)?

When does the client need this level of service Live?

Testing: Please specify if internal and external

testing is needed and the number of IP’s for internal

and external.

8

Q u O T I N G

Quoting

Questions

Page 9: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

9

P r O V I S I O N P O r T F O L I O O F S u P P O r T E D T E C H N O L O G I E S

ProVision Portfolio of Supported TechnologiesVendor MA1 MA2 MA3 MA4

Firewalls / Network & Security

Check Point

SMB FW & IDS (700 Series) N/A N/A Yes Yes

SMB Other Blades N/A N/A Yes Yes

NGFW & VPN Yes Yes Yes Yes

Next Generation All Other Blades Yes Yes Yes Yes

Juniper

SRX Yes Yes Yes Yes

SSG Yes Yes Yes Yes

SA / MAG (Pulse SSL VPN) Yes Yes No No

EX / MX (switching / routing) Yes Yes No No

Wireless (WLC ) Yes Yes No No

Palo Alto

NGFW & VPN Yes Yes Yes Yes

NGFW Additional Functions Yes Yes Yes Yes

Panorama Yes Yes Yes Yes

Fortinet

FW & VPN Yes Yes Yes Yes

NGFW Additional Functions Yes Yes Yes Yes

Sonic Wall

Firewall (TZ & NSA Series) Yes Yes Yes Yes

Sophos

Firewall (TZ & NSA Series) Roadmap , pending justification

CISCO

ASA Yes Yes Yes Yes

Meraki (MX / MS / MR) Yes Yes Yes Yes

FirePOWER Yes Yes Yes Yes

ASR / ISR (routing) Yes Yes No No

Catalyst/IOS (switching) Yes Yes No No

Nexus/XOS (switching) Yes Yes No No

WLC Yes Yes No No

WatchGuard

Firewall (TZ & NSA Series) Roadmap, pending justification

Other Services MA1 MA2 MA3 MA4

Servers

Windows Yes Yes No No

Domain Controllers Yes Yes No No

Unix / Linux Yes Yes No No

Apple Yes Yes No No

Standalone IDS

Snort Yes Yes No No

IDS-as-a-service On Hold, unlikely to progress

AV - Anti-Virus

CB Defense Yes Yes Yes Yes

Cyphort Yes Yes No No

Cylance Yes Yes No No

Kaspersky Yes Yes No No

McAfee EPO Yes Yes No No

Trend Micro Deep Security Yes Yes No No

SentinalONE Yes Yes No No

Sophos Roadmap, pending justification

Traps Roadmap, pending justification

WebRoot Roadmap, pending justification

SIEM / Log Management

Splunki Yes Yes No No

VMWare Log Insight Yes Yes No No

Authentication

Duo Yes Yes No No

RSA Authentication Manager Roadmap, pending justification

Load Balancers

F5 BIG-IP Roadmap, pending justification

Citrix Netscaler Yes Yes No No

Proxy & Mail

ProofPoint Roadmap, pending justification

Managed Vulnerability Assessment

OpenVAS Bases Solution Roadmap, pending justification

CASB

NetSkope Roadmap, pending justification

IPAM / DNS

Roadmap, pending justification

FIM

OSSEC Roadmap, pending justification

Page 10: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

www.foresite.com

Contact Us

ForesiteEast Windsor, CT1 Hartfield Blvd, Suite 300East Windsor, CT, 06088 USA1 (800) 940-4699

ForesiteOverland Park, Kansas7311 West 132nd Street, Suite 305Overland Park, KS 66213 1 (800) 940-4699

ForesiteUnited KingdomCody Technology Park (Building A8)Ively Road, Farnborough, Hants. GU14 0LX+00800-900-400-21

Page 11: Security Matters - Foresite · CISCO ASA Yes Yes Yes Yes Meraki (MX / MS / MR) Yes Yes Yes Yes FirePOWER Yes Yes Yes Yes ASR / ISR (routing) Yes Yes No No Catalyst/IOS (switching)

Desk Sheet

Vendor MA1 MA2 MA3 MA4

Firewalls / Network & Security

Check Point

SMB FW & IDS (700 Series) N/A N/A Yes Yes

SMB Other Blades N/A N/A Yes Yes

NGFW & VPN Yes Yes Yes Yes

Next Generation All Other Blades Yes Yes Yes Yes

Juniper

SRX Yes Yes Yes Yes

SSG Yes Yes Yes Yes

SA / MAG (Pulse SSL VPN) Yes Yes No No

EX / MX (switching / routing) Yes Yes No No

Wireless (WLC ) Yes Yes No No

Palo Alto

NGFW & VPN Yes Yes Yes Yes

NGFW Additional Functions Yes Yes Yes Yes

Panorama Yes Yes Yes Yes

Fortinet

FW & VPN Yes Yes Yes Yes

NGFW Additional Functions Yes Yes Yes Yes

Sonic Wall

Firewall (TZ & NSA Series) Yes Yes Yes Yes

Sophos

Firewall (TZ & NSA Series) Roadmap , pending justification

CISCO

ASA Yes Yes Yes Yes

Meraki (MX / MS / MR) Yes Yes Yes Yes

FirePOWER Yes Yes Yes Yes

ASR / ISR (routing) Yes Yes No No

Catalyst/IOS (switching) Yes Yes No No

Nexus/XOS (switching) Yes Yes No No

WLC Yes Yes No No

WatchGuard

Firewall (TZ & NSA Series) Roadmap, pending justification

Other Services MA1 MA2 MA3 MA4

Servers

Windows Yes Yes No No

Domain Controllers Yes Yes No No

Unix / Linux Yes Yes No No

Apple Yes Yes No No

Standalone IDS

Snort Yes Yes No No

IDS-as-a-service On Hold, unlikely to progress

AV - Anti-Virus

CB Defense Yes Yes Yes Yes

Cyphort Yes Yes No No

Cylance Yes Yes No No

Kaspersky Yes Yes No No

McAfee EPO Yes Yes No No

Trend Micro Deep Security Yes Yes No No

SentinalONE Yes Yes No No

Sophos Roadmap, pending justification

Traps Roadmap, pending justification

WebRoot Roadmap, pending justification

SIEM / Log Management

Splunki Yes Yes No No

VMWare Log Insight Yes Yes No No

Authentication

Duo Yes Yes No No

RSA Authentication Manager

Roadmap, pending justification

Load Balancers

F5 BIG-IP Roadmap, pending justification

Citrix Netscaler Yes Yes No No

Proxy & Mail

ProofPoint Roadmap, pending justification

Managed Vulnerability Assessment

OpenVAS Bases Solution Roadmap, pending justification

CASB

NetSkope Roadmap, pending justification

IPAM / DNS

Roadmap, pending justification

FIM

OSSEC Roadmap, pending justification

Quoting Questions:1. Number of locations where the devices in scope reside? How are the sites

inter-connected? Please send a network diagram if available.2. Make/Model of all infrastructure in scope? (If you have OS version, that

would be great. We can’t take on service for out of support devices).3. Functionality used per device (FW/VPN/IDS/etc)? This is common for Next

Generation Firewalls. 4. If services Firewalls, please specify if they are Single or HA configuration?5. Service Level Desired (Standard or Premier)?6. When does the client need this level of service Live?7. For Vulnerability Scanning and Pen Testing: Please specify if internal and

external testing is needed and the number of IP’s for internal and external.

COMMON OBJECTIVES & HOW TO

HANDLE THEM

We already have a resource for that (could be internal or external)

acknowledge it, then question: how do you decide which partners to work with? Do you rotate your suppliers (for consulting)? Is your resource internal or external?

GOAL – get the conversation flowing. Tell them many of our clients told us the same thing when we first spoke.

No immediate need or concern ask probing questions: I don’t hear that very often! What IS your top concern? Most clients we speak to struggle with managing resources to stay on top of security. How are you handling that? How do you assess and address cyber risks? Be prepared with statistics or stories to use, such as “It sounds like you have a lot on your plate Jim. We’re working with a lot of retail client to help them meet the

latest PCI DSS 3.2 regulations. How are you handling that”? Or “Healthcare organizations have such a challenge to protect data from being stored or transmitted securely, how do you handle that?

I don’t feel comfortable discussing our security with youThis is the right attitude to have – you could be phishing them so you need to make them com-

fortable: I agree, let’s just talk in general terms to determine if there is a reason to have a deeper conversation”. (Then lead into open-ended question, such as a common industry challenge). What

can I do to make you feel comfortable? Maybe they want an NDA, or to schedule a time to call us back after viewing our website or your LinkedIn profile to confirm who is calling. How

can we get to know each other better or Is meeting the only way to get to know you, or could we set up a 15 minute introductory call? Prepping for calls can help with

this. If you view their LinkedIn profile, you may have people in common that you can mention to build credibility. Connecting with them provides

opportunity to let us share information with them and build a relationship over time.

Trouble with SIEM SIEM Challenge Foresite SolutionSIEM expenses are often more than anticipated

Cost of implementation, ongoing resources and billing by usage

Foresite includes use of our proprietary tool, onboarding and ongoing support and tuning. No usage, per event or change requests fees. The annual service cost is consistent across the contract length.

Configuration is complex

Implementation often costs as much as the solution

Our ability to lever client’s VMs, minimal licensing costs and competi-tive onboarding fees make ProVision a lower cost of entry

Staffing costs are higher than expected

Requires at least one person with the skills to manage

Our SOC team assign a TAM who will handle all onboarding and ongo-ing management, including tuning

SIEMs generate noise More than 50% of users complain about the amount of noise gener-ated by their SIEM tool

ProVision includes the SOC team. They review all events generated by the logs and business rules to eliminate the noise. The TAM makes sure the rules are updates to tune out false positives where appropriate.

Lack of visibility Most manufacturers will only accept feeds from their own devices

ProVision is vendor agnostic. We help clients determine which feeds are necessary during scoping and can include feeds from a variety of devices and endpoint solutions

More long term storage needed

Compliance may require logs to be stored for years. Most SIEMs can only hold logs for 30-60 days

We can store logs for as long as necessary, either locally or in our secure cloud archives

Task automation is often missing

Automated responses to events and event correlation is not included in most SIEM solutions

When automation is not practical, our SOC team is providing responses for managed clients and event correlation is handled by a combination of our customised parsers and our threat intelligence team

Supported Technologies

Foresite Offers:Security monitoring and alertingProVision is our multi-tenant, cloud robust platform is a proprietary solution that we use to deliver managed security services to our customers. If you would like to see a fully transparent, top-down view of your security operations through in-depth reporting and analysis, our ProVision Platform is the perfect solution.Foresite provides monitoring and management of security infrastructure and systems. Our services include managed firewall, intrusion detection, vulnerability scanning, and endpoint management services. We have high-availability security operation centers providing 24/7 services designed to reduce the number of operational security resources and investments an enterprise needs to retain to maintain an acceptable security posture and adhere to compliance mandates.• Threat Intelligence• Security device management• Incident response• Security testing and assessments• Social engineering