security lifecycle review - exclusive networks · social media usage [particularly those with...
TRANSCRIPT
SLRSecurity Lifecycle Review
Davide Rivolta - Exclusive Networks
2 | ©2016, Palo Alto Networks, Inc.
SLR Overview
3 | ©2016, Palo Alto Networks, Inc.
As a partner, why should I run SLRs for my customers?
38%Increase in Security
Incidents in 2015
From 2014*
* PwC The Global State of Information Security Survey 2016
New EU
LegislationsNetwork Information
Security (NIS)
General Data Protection
Regulation (GDPR)
The best approach is to help
your partners find out where
they’re at risk today — and to
take action immediately
80%Of customers that undertake an
SLR go on to buy a Palo Alto
Upsell Opportunity
Demonstrate the added benefits
that subscriptions can bring for
your customers' networks
4 | ©2016, Palo Alto Networks, Inc.
Seeing Is Believing – Our Sales Process
Discovery & Demo
• Customer Presentation
• Remote Demo System
• Demo training and scripts
Run an Evaluation
• NFR (not for resell) units
• Training on running an Evaluation
• Eval checklist
Present SLR
• Eval-based Application Visibility & Risk reports
• Presenting an SLR training
Technical Decision
• White Papers
• References
Business Close
• Success Stories
• Public References
© 2011 Palo Alto Networks. Proprietary and Confidential.
1) SeeThe Value
2) ExperienceThe Value
3) RefineBusiness Case
4) CloseThe Deal
~45 Day Sales Cycle 8-to-9 out of 10 = Initial Sale
Present SLR
5 | ©2016, Palo Alto Networks, Inc.
Secure Application EnablementLearn, Enable, Confirm, Validate… based on Apps, Users & Content!
1) Learn: Which apps, which users
and what content
2) Enable:Create
& deployapp, users
and contentpolicies
3) Confirm:View and
monitor logsto confirm
enablement policies
4) Validate:Generate reports
based onapps, usersand content
policiesApp-IDUser-ID
Content-ID
6 | ©2016, Palo Alto Networks, Inc.
What is an Security Lifecycle Review?
Uses prospect data to show how
we can help them safely enable
applications, users and content
Builds a powerful business case
for Palo Alto Networks with
executives and budget holders
Can shorten the evaluation cycle -
places boundaries and timeframes
around the evaluation/POC
Helps make our solution a must
have, not a nice to have
7 | ©2016, Palo Alto Networks, Inc.
Quick facts: Security Lifecycle Review (SLR)
Available now for Palo Alto
Networks SEs and Partners
Replaces the AVR and ERR
Accessible via Salesforce.com or
Partner Portal
Run during Evals and as a touch-
point for current customers
Appropriate for C-level audiences
8 | ©2016, Palo Alto Networks, Inc.
What you’ll learn today
What configuration tasks should ideally be completed
prior to the on-site installation?
What's the best way to connect to a customer's network?
What are some proven "next-steps" that you can use during a
Palo Alto Networks evaluation?
How can you use the Security Lifecycle Report to close the
deal?
9 | ©2016, Palo Alto Networks, Inc.
Agenda
1. Eval Installation Prep
2. Coordinating with the Customer
3. Installing the Eval Device
4. Examining Customer Data
5. Closing the Deal
6. DEMO!
7. MARKETING SUPPORT from Exclusive Networks
Step 1
Before You Arrive Onsite
With Your Eval Unit
11 | ©2016, Palo Alto Networks, Inc.
Overview of Steps: Pre-Install Checklist
1. Delete previous customer data
2. Configure management interface
3. Install licenses
4. Install new OS and latest content
5. Collect information and schedule next event
Note: These steps may take an hour or two to complete, that is
why you need to perform this *prior* to going onsite.
Step 2
Coordinating the Evaluation
13 | ©2016, Palo Alto Networks, Inc.
Duration of SLR Evaluations
Establish the dates:
1 Day - Place in monitoring mode
7 Days - Data Collection period
2 Days - Generate Stats Dump, Customize report
Last Day – Onsite: present SLR, schedule removal of unit
SLR Stat-Dump is limited to 7 Days
Don’t run during/over holidays
Make sure most staff are working during the capture period
Don’t run over summer/school breaks
Step 3
Onsite Eval Install
15 | ©2016, Palo Alto Networks, Inc.
If you did your prep work, the hard stuff is done
Software version is updated
Dynamic updates are very recent
You may need to update while onsite
Anti-virus signatures are updated daily
Application and threat signatures are updated Tuesday night
Emergency updates can occur anytime
The update interval is now configured
At least every day
This is more critical than you might think
16 | ©2016, Palo Alto Networks, Inc.
Steps While at the Customer Site
1. Mount device, power on, configure MGT interface appropriately
2. Attach network cables as appropriate
Tap mode: attach network cable between tap mode interface and the span/mirror port on the switch
Vwire or L3: during a maintenance window, attach the cables
3. Connect into GUI, and have the customer view/configure the following screens:
a. Network tab >Interfaces
b. Policies tab > Security Policies
c. Objects tab > Security Profiles > (all screens)
d. Monitor tab> Logs > (all screens)
4. Configure User-ID (can be done in a web meeting later)
Step 4
Examining Customer Data
18 | ©2016, Palo Alto Networks, Inc.
What’s Next?
After the device has been inline a few days, set up another customer
meeting to review what the device found
Point out to the customer the “strange” items found in the network
Drill down in the ACC and demonstrate its power
Configure emailing of reports (optional)
Before the meeting ends, retrieve the stats-dump file so you can create
the SLR report
19 | ©2016, Palo Alto Networks, Inc.
Statsdump file
Device > Support
20 | ©2016, Palo Alto Networks, Inc.
What Are You Looking For?
Good things to dig for are:
People going to malicious/inappropriate/newly registered/interesting web
sites [by interesting, we mean job sites, gambling sites, foreign sites, etc.]
Social Media usage [particularly those with gaming, chatting, file sharing,
etc.]
Bandwidth hogs. These demonstrate the value of application visibility,
beyond the security implications.
SSL. In most networks, this is a blind spot – PAN boxes shine a light here
when SSL decryption is turned on after the PO is signed…
Botnet traffic. Enough said.
Keep a weather eye out for other interesting Easter Eggs…
21 | ©2016, Palo Alto Networks, Inc.
Always Have a Next Step…
ACC
Application usage
Virus/Malware/Vulnerabilities
Drill-down into the logs
Use the details magnifying glass
Reporting
Custom reports
Automation
PDF summary reports
Security Lifecycle Review… AGAIN!!
22 | ©2016, Palo Alto Networks, Inc.
Use Our SLR Tool to Close Deals
Our Security Lifecycle Review (SLR) is a key tool for closing business
Access the Partner Portal, Browse to the appropriate opportunity, Request an SLR report, then upload customer Statsdump files.
23 | ©2016, Palo Alto Networks, Inc.
Leveraging the SLR
Provide as a service
Many people would gladly pay for this
Use as an enticement to get the evaluation in the door
Leave something when the evaluation is over
Do NOT email the SLR report to the customer!
Huge opportunity
The SLR is an incredibly valuable document
Contains information impossible to obtain otherwise
You should be live and in-front when presenting
Yes, print it; on paper
24 | ©2016, Palo Alto Networks, Inc.
Leveraging the SLR (cont.)
Never leave the Eval without requesting a follow-up meeting for presenting the
SLR!!
You might want to consider creating two SLRs – one to make your champion
in the account look good, and one with all the nasty stuff you might find…
Note that the stats dump for the SLR looks at the last 7 days of data by
default…
If the box has been offline for a while by the time you get to it, just set the
system clock back to the last day of the 7 day window you'd like to run the
report on and run a stats dump.
Step 5
Closing the Deal
26 | ©2016, Palo Alto Networks, Inc.
The Rubber Meets the Road
So, you’ve configured the Eval box, put
it in place, had the customer run traffic
through it, created an SLR, and made
use of Wildfire; now it’s time to close the
deal.
Be targeted in your communication
– focus on what was found that is of
interest, why, and what it means to
the customer.
Make it meaningful and relevant to
each customer, each time
27 | ©2016, Palo Alto Networks, Inc.
Run at multiple points, not just at Eval
Initial Evalvisibility
Compare results from 1st
report
Showcase value
C-level / directors as touch point
Review with
champion first
as
appropriate
7 days 14 - 30 days 3 months Ongoing
28 | ©2016, Palo Alto Networks, Inc.
Reminder: best practices
Before the meeting
Meet with your champion to review the review
Look for anomalies/topics to investigate further
Use the Eval box, external sources, your experience to build the story
Review the story with your champion
Presenting the review
Present what the review and added investigation found
Make the connection - technology value – business reward
Great chance to position yourself as strategic, value-added
Address open issues/questions, Ask for the order!
Agree on details needed to submit solution proposal/cost
Most important: storytelling and context
DEMO!
MARKETING SUPPORT
from Exclusive Networks
Engaging your customers
31 | ©2016, Palo Alto Networks, Inc.
Campagna Marketing Dedicata
Se desideri avviare una campagna di marketing congiunta utilizzando il tuo database di
clienti, siamo pronti ad assisterti.
Abbiamo tutte le risorse necessarie per aiutarti:
HTML localizzabili in italiano
Landing Page dedicate e personalizzate con il vs logo ed il form da compilare per richiedere SLR
I lead generati in questa attività congiunta con Palo Alto Network saranno segnalati come tuoi e
pronti per le tue attività di follow-up.
32 | ©2016, Palo Alto Networks, Inc.
Landing Page e HTML
Se desideri avviare una campagna di marketing congiunta utilizzando il tuo database di clienti,
siamo pronti ad assisterti.
Landing Page
• Testo in italiano con il vs logo. Form di registrazione per richiedere un SLR gratuito.
• Vantaggi per i vs clienti nella realizzazione di un SLR
3 diversi modelli di HTML disponibili ognuno per uno specifico target:
• 1. Prima fase/scarsa consapevolezza
• 2. Cliente potenziale
• 3. Cliente esistente
Exclusive Networks si offre di aiutarti nella realizzazione della landing page e dei 3 HTML:
in italiano e con il vs logo
33 | ©2016, Palo Alto Networks, Inc.
34 | ©2016, Palo Alto Networks, Inc.
Next steps
Cosa fare una volta inviate le email ai vs contatti
All’interno del documento in pdf «SLR campaign How to Guide» sono presenti esempi di testi per le telefonate che il tuo
sales team può utilizzare per fissare degli appuntamenti mirati a realizzare un SLR. (rif: pag 13 – pag 17)
Sempre all’interno del documento trovate degli spunti interessanti per promuovere il report SLR:
35 | ©2016, Palo Alto Networks, Inc.
A chi chiedere informazioni
Per richiedere il supporto di Exclusive Networks nella realizzazione di un report SLR [email protected]
Per richiedere il supporto di Exclusive Networks e sviluppare la tua campagna Marketing personalizzata scrivi a:[email protected]@exclusive-networks.com
Non dimenticare di informare il team Palo Alto Networks (Channel Manager) su eventuali candidature da parte dei tuoi clienti per un report SLR
36 | ©2016, Palo Alto Networks, Inc.
Qui di seguito trovi alcuni link ad altre risorse utili:
• Linee guida per il branding di Palo Alto Networks
https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-market
• 3 email in HTML disponibili
Early Stage/Awareness
Existing Prospect
Existing Customer
Email Banner
• Link al video SLR
https://www.paloaltonetworks.com/resources/videos/slr
• Visualizza un esempio di report
https://www.paloaltonetworks.com/content/dam/pan/en_US/partners/training/SLR_example.pdf
• Visualizza la guida rapida (informazioni più tecniche)
https://www.paloaltonetworks.com/content/dam/pan/en_US/partners/training/slr-partner-guide.pdf
• Scopri di più dalla guida passo-passo (tecnica)
https://www.paloaltonetworks.com/content/dam/pan/en_US/partners/marketing/docs/slr-merging-multiple-statsdump.pdf
Q&A
Secures the Network