Embed Size (px)
Citation preview
Q U A L I F Y I N GQ U E S T I O N S
Managed Security
SOLUTION QUESTIONS POSSIBLE ANSWERS WHY WE ASK IT1. What security solutions have you invested in to protect your network?
Firewall, SIEM, IDS/IPS, outsourced vulnerability scanner service, another MSSP, etc.
Other MSSP’s/vendors could be Dell SecureWorks, Alert Logic, Soutionary, IBM/NTT, FireEye, Palo Alto Networks, eSentire.
Most internal IT resources (with other responsibilities) are not security experts. As a result, they have limited ability to do data correlation effectively. It can quickly become a “big data” problem.
Masergy’s UES takes data from all sources and puts them through our Behavior Correlation Module. The customer gets a real-time, prioritizes, and actionable list of potential threats, that have been investigated by our security experts. If its externally monitored, find out who it is, why they chose them, who made the decision, and when. Masergy’s SOC (experts, not ticket takers) act as an extension of their IT department. We’re always monitoring their network and are available to engage with customers, 24/7.
a. What type of corporate information (the jewels) are you trying to protect?
Variety of answers - customer and/or brand information, intellectual property, bank/financial - but its important that they articulate their security priorities.
To get a specific understanding about how their business functions, what is the most valuable information they are trying to protect, and how well their current solution works to protect that information.
b. How long has the current system been in place?
Could be fully installed/up & running, or in the process of being installed but not fully functional.
The threat landscape changes/evolves very fast, so an older solutionmay not be effective in today’s environment. But, if they are in the middle of an implementation, the timeline could extend several months before they consider adding a new solution. Many purchased security solutions (SIEM/IDS/IPS boxes) take several months to install, program, test, and launch commercially.
Q U A L I F Y I N GQ U E S T I O N S
Managed Security
SOLUTION QUESTIONS POSSIBLE ANSWERS WHY WE ASK IT2. What motivated the implementation of the current security solution? (Regulatory compliance, past breach, competitive advantage, other)
Variety of answers - past breach, compliance requirements (PCI, HIPPA, ISO), customer dictated requirement, industry best practice, Board directive, etc.
Several companies have implemented a security solution because it's a "buzz word" in today's business environment. Any company that accepts, transmits, or stores any cardholder data MUST be PCI compliant, which requires them review/manage logs for APTs (basic SIEM functions). If they are required to have other certifications, their solution should be more robust. Keep digging into their compliance requirements.
a. (If a breach has occurred previously) Have you quantified the negative impact the breach had to the company? = (financial, customer, or brand impact)
Hopefully, yes. Get them to recall what happened during the breach, but know they may be reluctant to give you details about where they are vulnerable, initially. The nature of "security" is to be secret.
Quantifying the negative impact ($$) to their business is key to position the value of the Masergy UES solution and knowing how our solution would reduce the risk of a similar breach. We want to take the discussion away from "price" and focus on the business value/risk mitigation of our solution.
b. (If NO breach has occurred) What would be the negative impact if there were a breach?
Variety of answers Ask them to quantify or put a dollar figure on what a breach COULD cost their company. Again, this will highlight the potential risk and anchor the Masergy from a "value" position. Keep that number handy and use it later in the presentation/future meetings.
c. What are the issues/challenged you’re trying to solve for today? (Why did you take the meeting?)
Variety of answers Understand the customer’s specific motivation and purpose for meeting with us. We need to know their goals for exploring other security solutions and how Masergy can be a fit.
Q U A L I F Y I N GQ U E S T I O N S
Managed Security
SOLUTION QUESTIONS POSSIBLE ANSWERS WHY WE ASK IT3. How many resources (both internal and external) are available to investigate potential threat events?
Typically, there is one person or a few internal IT resources (who have other responsibilities), or they have hired an outside firm monitoring.
Most internal IT resources (with other responsibilities) are not security experts. As a result, they have limited ability to do data correlation effectively. It can quickly become a "big data" problem. Masergy’s UES takes data from all sources and puts them through our Behavior Correlation Module. The customer gets a real-time, prioritizes, and actionable list of potential threats, that have been investigated by our security experts. If its externally monitored, find out who it is, why they chose them, who made the decision, and when. Masergy's SOC (experts, not ticket takers) act as an extension of their IT department. We're always monitoring their network and are available to engage with customers, 24/7.
a. Are they dedicated to security? Typically not. Masergy's SOC staff is dedicated to our security customers, only.
b. Are they available 24/7? Typically not, unless outsourced. Their internal resources could be “on call”, but are not actively monitoring and investigating potential threats the network 23/7.
4. How do you track, correlate and prioritize events/incidents over time?
Variety of responses, but depending on their set up - they typically rely on their internal IT resources to do this function, along side the vendors of their chosen solutions. (Firewall, IDS/IPS, SEIM, etc.)
Assuming they have a combination of internal IT resources and a multi-vendor solution, there is probably no documented end-to-end process for tracking, correlating, and prioritizing threat information over time. This is the main function of Masergy’s Behavior Correlation Module. From there, information populates into the customer’s dashboard to provide a real-time, prioritized, actionable list of threat alerts (and suggested remediation plan) that have been investigated by our SOC. Best combination of machine intelligence and human interaction by security experts.
a. If there is a security alert, what happens?
We investigate to see if it’s a legit threat and work on a remediation plan.
Masergy and our customers establish a joint security communication plan that will be followed by our SOC. Remediation steps are specific to their network; never a "canned" response.
Q U A L I F Y I N GQ U E S T I O N S
Managed Security
www.masergy.com US +1 (866) MASERGY (627-3749)EMEA +44 (0) 207 173 6900
© Masergy Communications, Inc.
SCOPING QUESTIONS WHY WE ASK IT1. How many sites do you have, both domestic and international? (If International, which countries?)
To understand the scope of the potential solution from a location perspective.
2. How many users, including remote, do you have on your network? General scoping question, as the UES solution is configured/sized based on the size of network it’s monitoring.
3. How many internet access points? Important to know, as UES’s DPM sensors are typically placed at the ingress/egress points of the network.
4. How many externally connected partners? As with the Target breach that originated from a hacker accessing a partner’s website to get into Target’s network, this information ensures Masergy understands other potential attack vectors.
5. How many log sources are currently being monitored? Again, UES is configured based on the network traffic and amount of log sources being monitored.
PROCESS QUESTIONS WHY WE ASK IT1. What is the decision making process if you found a solution that improved your current security posture?
Important for forecasting this potential opportunity and defining the direction of next steps
2. Who else is involved in the decision? It’s important to understand both the BTL and ATL contacts. This could be a good point to ask for an intro to CIO/CISO to ensure multiple touch points within the account.
3. For decisions or changes like this, how long does that process typically take?
Important for forecasting this potential opportunity.
4. Is there a contract term with your existing vendor that we need to be aware of?
Important from a forecasting perspective
5. Is there a target implementation date for this project? Use this date as a guidepost for all planning and to keep the opportunity moving forward.
6. Is there an existing budget allocated for security? This is key to understanding their commitment to security and to change/expand their solution with Masergy.
