2. Your Challenges
• Threat identifycation?
• Data Breach detection?
• 24x7 Security Monitoring?
• Compliance?
3. Threat Landscape
• Advanced Persistent Threats target
every industry
• Companies of all sizes are at risk
• Attacks compromise valuable trade
secrets, financial & customer data
• Near impossible to discover without a
finger on the pulse
• 66% of breaches take months or
more to discover
Source: Verizon DBIR 2013
“ [This] isn't the first company to be
breached after getting a clean bill of
health for PCI compliance, and it
won't be the last.”
Bank Info Security, February 2013
“Top three recent [healthcare] data
breaches affected about 1.3 million
people”
Health IT Security, July 2013
“A data breach investigations report
from Verizon, released
Tuesday, showed that small businesses
continue to be the most victimized of
all companies.”
CNN, April 2013
4. What is an effective security program?
• A set of processes and best practices
developed and implemented
– Based on industry standards
Process
Technology
• Immediate and comprehensive visibility
into the “Threat”
– Remove silos and connect the dots
People
• Trained, experienced Information Security
professionals
– Must be operational 24 x7
5. What EiQ’s SOCVue Delivers:
• SANS Critical Security Controls Automation
– Continuously analyze your IT environment against Security best
practices
– Identify weak Links in your security posture
Process
Technology
• EiQ SecureVue
– Log Management & Security Monitoring
– Correlation & Forensic Analysis
– Compliance Reporting
– Asset Discovery
People
• EiQ SOCVue Service
– Certified Security & Product engineers
– 24x7 Monitoring
– Alert Notification and Remediation Guidance
– On-Demand Investigation
– Daily/Monthly Reporting
6. The Value of EiQ SOCVue
Timely
Notification of
Security Incidents
& Remediation
Guidance
Malware
Attacks
IP Spoofing
Excessive traffic
Unapproved traffic
Behavior anomaly
Policy violation
Failed event
collection
Ongoing Critical
Security Control
Assessment
No unknown assets
No unapproved
software/ports/protocols
Anti-malware in place
Vulnerabilities are
addressed
Proper logging in place
Security &
Compliance
Reporting &
On-Demand
Investigations
PCI
HIPAA
GLBA
NIST
On-Demand
Investigations
7. EiQ SOCVue®
• A subscription based service that enables EiQ Security Analysts to
remotely manage the on-premise SecureVue® implementation.
EiQ Security Analysts
• EiQ SOC Team consists of security analysts who are certified security
& product engineers.
• This team will continuously monitor and notify you of potential
issues.
The SOCVue Experience
7
8. • Service Includes
– Events of Interest Monitoring & Incident Management
– Daily Reporting
– Daily Solution Health Snapshot
– Monthly Summary Reporting of Security Concerns
– Monthly Solution Health Review
– Up to 2 Investigation Requests per Month
– One-on-One Review Session Once a Month
Service Offering – Core Service
Features
8
9. Summary
• We address all your challenges
• Next Steps
– SOCVue Evaluation
– Trial Date
Notas del editor
Thank you once again for taking time out of your busy schedule to meet with us today. Let me take a moment to introduce everyone on the call. On the EiQ side I am Jane Doe and will serve as your account manager(We also have John Doe who is my Team Lead and will cover the presentation today and) Bob Smith the Solution Engineer who will demonstration our solution and address any technical questions you may have Could you take a moment to introduce the ACME Corp. team?CUSTOMER: [introduces all of their members and roles/responsibilities]ISR:Ok, great… Thank you. And just to confirm, is everyone able to be with us for the entire 30-minute session today?CUSTOMER: YesISR:Great! Thanks Jane! Today’s presentation is centered on how EiQ is enabling organizations like [insert company] with an effective and proven security program based on industry best practices to address Security monitoring and Compliance challenges. First I would like to recap the challenges that you mentioned that you would like to address.
Prep call Challenges Captured Here – THIS SLIDE NEEDS TO BE UPDATED BASED ON PREP CALL PRIOR TO THE DEMO CALLWhen we last spoke you stated that [company name] is looking for a Security Monitoring solution to detect breaches and identify threatsLog Management and SIEM that you wanted to ensure you meeting PCI-DSS [or replace with other applicable compliance need such as HIPAA, GLBA, etc.] compliance needs. And that this project has been approved and funded for implementation by [X] date. Is that still the case?CUSTOMER: YesISR: Excellent! Let’s start with looking at the threat landscape. CUSTOMER: Sounds good.
In spite of deploying signature based security solutions like Firewalls, Anti-Virus, Anti-Spam AV, IPS, every day a new story hits the news talking about how companies of all sizes are becoming a victim of targeted attacks. It’s also common to find a majority of these companies are compliant with industry regulations, but are still breached. Examples like: Target, Nieman Marcus, Hannaford are prime examples.Research shows that every organization is either already breached or is going to be breached. According to the 2013 Verizon Data Breach Investigative Report – almost no organization, including small businesses, are immune to security breaches.The two questions you have to ask yourself is “How will you know when a breach happens to your organization and what will be the impact?” Verizon DBIR strongly recommends that companies implement a comprehensive security program based on the SANS Critical Security Controls to improve cyber defenses.
Based on industry research and our experience in dealing with some of the largest organizations in the world, an effective security program should include a delicate balance of process, technology and people: The process should allow you to manage your IT infrastructure based on industry best practices and deliver continuous visibility into your security posture. Technology should automate the implementation of security best practices and identification of potential problem areas while providing guidance on the appropriate remediation actions in order to minimize risks. People – A successful security program must have dedicated security staff with knowledge of the current threat landscape and expertise to address issues as they arise. Your end goal should be a well-thought out information security program that addresses the challenges discussed earlier.
Now let’s take a look at how EiQ is helping organizations like yours put process, technology and people in place utilizing a unique service offering called SOCVue.Process:The cornerstone of EiQ’sSOCVue service offering is a well thought out Process.This includes:Continuous assessment of your IT infrastructure against the SANS Critical Security Controls. As part of this process we will deliver a concise daily and monthly report on how you fare against SAN CSC in a simple to understand Red/Green/Yellow dashboard. We will identify items such as Inventory of authorized and unauthorized nodes on your network Inventory of authorized and unauthorized Software on your networkVulnerable nodes on your networkMalware defenses, etc.24X7 security monitoring, Identification and prioritization of critical issues, along with guidance on how to address themDaily reporting summarizing issues of the dayMonthly reporting summarizing the issues of the month as well as compliance needs such as PCI, HIPAA, GLBA, etc. Technology:EiQ’s solution, called SecureVue, is deployed on-premise thus allowing you to keep all of your sensitive data within your control.Key modules include log management & Security monitoring, Compliance Reporting, Forensic Analysis and Critical Security Control (CSC) automation.With EiQ, organizations will understand what is on the network, whether IT systems are secure, important areas of concern, and guidance on what to do when security incidents are detected. People: Through EiQ’s one-of-a-kind SOCVue service, EiQ’s security analysts will remotely monitor and manage your environment. They will provide 24x7 monitoring, continuous fine-tuning of alerts and correlation rules, and analysis of your security data to help detect suspicious activity and provide remediation guidance. The EiQ SOC Team will become an extension of your security team. The entire program is available via a low-cost monthly subscription.
What does this mean for you? The EiQ security offering has become the information security hub for our customers, and you’ll receive the following deliverables. After this slide, we’ll demonstrate the interaction for each of these deliverables that our customer’s receive from our SOC Team.Key deliverables of SOCVue service include:Through advanced correlation and analysis of security data, and real-time alerting, (our secret sauce that’s the culmination of years of expertise and knowledge housed collectively by our SOC and R&D teams), the team configures & fie tunes the SecureVue solution to provide timely detection, notification and documented remediation guidance of relevant security issues that are most likely unknown today. Detailed daily and monthly reports that drive continuous improvement on the security infrastructure, as well as compliance reports that can be used internally or externally to assist with industry specific regulations such as Pci, HIPAA, GLBA, etc –.On-Demand investigative analysisShould an important security event occur, or simply a policy or HR violation, our SOC team an provide full context and guidance around the incident in questionAnd last, and most importantly, you’ll receive daily report on how your environment is faring against security best practices to gain an on-going assessment of the most important critical security controls and guidance on how to address problem areas. Now, we’ll show you examples of SOCVue thesedeliverables so you can get a feel of what the interaction with EiQ’sSOCVueteam is like. Any questions before we demonstrate the deliverables?
We believe it is important for you to understand what the SOCVue service delivers and therefore Chris Cook, our Solution Engineer, will now take you through, what we like to refer to as “The SOCVue Experience”… it will give you a true feel for what to expect from the service.-----------[Hand over to Chris Cook]As [ISR Name ]mentioned, our solution is made up of 2 major components; EiQ SOCVue®SOCVue service is a subscription based offering which enables EiQ SCO team of Security Experts to serve as an extension of your team.SOCVueenables EiQ Security Analysts to remotely manage the on-premise SecureVue® implementationIt provides 24x7 security monitoring and automated SANS critical security controls assessment EiQ Security AnalystsEiQ SOC Team consists of security analysts who are certified security & product engineersThis team will continuously monitor and notify you of potential issues This team also provides researches issues as they arise and provides you with remediation guidanceWith that said, lets explore what the deliverables are with the SOCVue Experience.
The Core Service Deliverables of the SOCVue service are: -Events of Interest Monitoring & Incident Management; which focused on ……. [walk through the Sample ALERT NOTIFICATION email and remediation guidance]-Daily Security Snapshot; this is a daily report you will receive which….. . [walk through the Sample DALIY REPORT and remediation guidance]-Monthly Summary Reporting of Security Concerns; …. . [walk through the Sample MONTHLY REPORT and remediation guidance]-Monthly Solution Health Review: ….. [Talk about it briefly]-Investigations:;…. [talk about Forensic Analysis briefly]- PCI-DSS Compliance Report – (Select appropriate Compliance Report based on customer challenges) …… . [walk through the Sample PCI-DSS REPORT]-1-on-1; …. [briefly describe this]Mr/Mrs [customer] do you have any questions before I hand it off to [ISR Name]
Thanks Chris,In summary, as you can see, EiQ provides the process, technology, and people to implement an effective cyber security program. As Chris demonstrated we help you address all the challenges you mentioned. We also address them in a cost effective fashion through a subscription pricing.As a next step, we offer a free 2-week SOCVue trial where we can implement SOCVue in your environment, and you can get a feel what a relationship with EiQ would be like.When should we set that up?