enVision Platform Sales Guide - Lightspeed...
Transcript of enVision Platform Sales Guide - Lightspeed...
Sales Guide
RSA® enVision™ Platform
2 3
RSA® enVision™ Platform Sales Guide
Contents
Introduction 4
ManagingSecurity,EnhancingCompliance:theRSAenVisionPlatformSolution 5
The Channel Advantage 6
Business Drivers 7
Meeting Business Needs 8
RSA enVision Platform Solution Overview 9
Benefits of the RSA enVision Platform 10
Identifying Customers 12
Discovery Questions 14
Positioning Statement 16
Attaching and Follow-up Opportunities 17
Presentation of Solution 18
Objection Handling 20
FAQs 21
ES-1060 Demonstration Appliances 22
How to Quote RSA® enVision 23
Competitive Analysis 27
Appendix A: Useful Resources 29
PresentationMaterials 29
RSASecurWorldPartnerLocator 29
RSASecured®SolutionsDirectoryandImplementationGuides 29
RSAOnline 30
RSASecurCare®Online 30
Contacts 31
AmericasHeadquarters 31
CorporateHeadquarters 31
InternationalHeadquarters 31
LocalOffices 31
RSASecurityDistributors 31
Legend
Business Drivers
Identifying Customers
Discovery Questions
Positioning Statements
Presentation of Solution
Objection Handling
How to Quote
Other guides in this series include:
BuildingSuccesswiththeRSASecureWorld™PartnerProgram,theRSASecurity®ValueProposition,
theRSASecurID®AuthenticationSalesGuide,theRSASecureIDforMicrosoft®Windows,VPNs,Wirelessand
Citrix®SalesGuides,theRSASecurIDApplianceSalesGuideand
theRSASecurIDCompetitiveSalesStrategies.
4
RSA® enVision™ Platform Sales Guide
5
RSA® enVision™ Platform Sales Guide
Introduction
Managing Security, Enhancing Compliance: the RSA enVision Platform Solution
Increasinglycomplexnetworkinfrastructuresandagrowingbodyofregulatorymandatesposedualchallengesforenterprisesstrivingtomanagesecurityandensurecompliance.Thousandsortensofthousandsofeventsoccurringacrossanorganization’snetworkseverysecondmaybeloggedusingtraditionalnetworkmanagementtools,butunlessthisrawdataisanalyzedandconvertedintoactionableintelligence,securityrisksmaygoundetectedandregulatorycompliancerequirementsmaynotbeadequatelymet.
TheRSAenVisionplatformprovidesacomprehensiveinformationmanagementframeworkforcomplianceandsecurity.Itdirectlyaddressestheneedtolognetworkeventsandproducemeaningfulintelligencefromthisdata.Indoingso,theRSAenVisionplatformimprovestheefficiencyofITdepartments,strengthenstheabilityofsecuritypersonneltorecognizeandrespondtointernalandexternaldatasecuritythreatsandhelpsensurecompliancewithstateandfederalregulationsandindustrystandardsthatmandateaccountability.TheRSAenVisionplatformistheonlyinformationmanagementplatformforcomprehensiveandefficienttransformationofeventdataintoactionablecomplianceandsecurityintelligence.Thesolutionisdeployedasastandardserverandstoragesolutiontocollectlogsfromnetworkdevices,servers,applicationsandstoragedevices.Addingadditionalappliancesinresponsetoariseindatatrafficorexpansionofthenetworkinfrastructurecanbeaccomplishedsimplyandefficiently.
Increasesindatatraffic—aninevitablebyproductofbusinessesrelyingmoreandmoreontheInternetforoperations—addtothedifficultyofmanagingandcontendingwithgrowingvolumesoffilesandensuringthatsensitivedataissafeguarded.Theplatformapproachtologmanagement,usedbythissolution,scaleseffectivelytomoredemandingenterpriserequirements—evenwhenthoserequirementsentailmanagingmassivevolumesofdataandtransactions.Adoptedbymanyoftheworld’sleadingenterprises,theRSAenVisionplatformprovidesvaluefarbeyondsimplycapturingandloggingrawdata.Byeffectivelyleveragingnetworkdata,extractingintelligenceandusefulinformationfromdatapatternsandevents,theRSAenVisionplatformaddressessecurity,complianceandbusinessoperationchallenges—therebyprovidingacomprehensivecomplianceandsecurityinformationmanagementlifecyclesolution.
TheRSA® enVision™ Platform Sales Guide,partofTheEssentialGuideseries,deliverspractical,real-worldsalesadviceaboutthiscomplianceandsecurityinformationmanagementsolution.Thisguidehelpsyoutoidentifycustomerrequirements,topresenttheRSAenVisionplatformsolutiontocustomerseffectivelyandtoclosedeals.
TheresourcesinthesepagesprovidesalespersonnelwithcurrentinformationonRSAenVisionplatformcomponentsandcompetingproductsinthemarket.Thetopicsprogressthroughatypicalsalescycle,includingaproductoverview,marketdrivers,productpositioning,discoveryquestions,objectionhandling,pricequotingandcommonquestions.Thisguidegivessalespeopletheinformationandtoolstocreateopportunitiesandgenerategreaterrevenues.
6
RSA® enVision™ Platform Sales Guide
7
RSA® enVision™ Platform Sales Guide
Business DriversThe Channel Advantage
TheRSAenVisionplatformeffectivelyaddressesanumberofchallengesthatimpactbusinessaroundtheworld.Thekeydriversinclude:
Growing Network Complexity H :Loggingeventsandmonitoringactivitiesonthesprawling,high-volumenetworksthatcharacterizemodernorganizationsplacesalargeburdenonITstaffmembersandin-housesecurityprofessionals.Piecemealsolutionsandend-pointapproachesfailtoaddressthescopeoftheproblemorprovideaneffectiveresolutionfortracking,loggingandextractingintelligencefromavastseaofdataactivity.AdministrativeandITbudgetsrequiredtocounterthischallengearerisingandmanyorganizationsarefeelingoverwhelmedastheystruggletocontendwiththreatmanagementwhileconcurrentlymonitoringnetworkactivitiesforsecuritypolicycompliance.
Heightened Network Security Concerns: H AsorganizationsincreasinglyrelyontheInternet,webservices,andmobilityapplicationsforconductingdailybusinessoperations,theriskvectorsfordatatheftandfraudulentactivityriseinconcertwiththesophisticationofcomputerhackingtechniques.Giventheexpandinginfrastructurerisks,businessesandorganizationsneedtoolstokeepbusinessoperationssecure.Riskscanbemitigatedbymonitoringpotentiallythreateninguseraccessesandactivities,detectingbaselineanomaliesandissuingappropriatealerts,andkeepingtrackofreal-timeeventsacrosstheuniverseofdevicetypesinusewithintheorganization.
Regulatory Mandates: H Inthecurrentclimateofprivacyconcernsandregulationshighlightingaccountabilityanddataprotection,achievingcompliancewithregulatorymandatesisavitalconcernofbusinesseseverywhere.Penaltiesforfailingtoprotectanindividual’spersonaldataorfailingtoverifyandauthenticateusersaccessingsensitivenetworkdatacanresultinsteepfinesoreventheimprisonmentofcorporateofficers.AnumberofrecentregulationsandindustrystandardsadoptedintheU.S.andaroundtheworld(includingHIPAA,Sarbanes-Oxley,EUDataProtectionDirectiveandGramm-Leach-Bliley)aimtowardimprovinguserauthentication,protectingdataaccessandmaintainingclearaudittrails.Becauseoftheseregulatoryrequirements,manyorganizationsarere-assessingtheend-to-endsecurityoftheirinfrastructureandconsideringenterprise-calibersolutions.
Thissolutiontargetslogmanagement,securityoperationsandregulatorycomplianceissues,givingbusinessesastrong,scalabletoolforimprovingbusinessoperationsandstrengtheningtheirsecurity.Thefollowingsectionhighlightsthewaysinwhichthissolutionmeetsvitalbusinessneeds.
RSASecurityhelpsensurethat,asachannelpartner,youcansatisfyyourcustomers’requirementsthroughsuccessfulplanningandimplementation.CustomersdeployingthissolutionacrosstheirorganizationcanquicklymaximizetheirROIandimprovetheproductivityandefficiencyofbusinessprocesses.
PartnerscanachievemaximumsuccesssellingRSAenVisionplatformcomponentsbyleveragingthefollowingfactors:
Becausethesolutionfocusesonenterpriserequirements,salestypicallyleadtolarger Hrevenuesasorganizationalneedsgrowandnetworksexpand.
ThecompletesolutionoftenleadstocomplementaryproductsalesofadditionalRSA HSecurityproducts.
Thesolutionprovidesabundantopportunitiesforstrategicplanninganddeployment Hservices.
8
RSA® enVision™ Platform Sales Guide
9
RSA® enVision™ Platform Sales Guide
RSA enVision Platform Solution Overview
TheRSAenVisionplatformcollectsandmanagesAlltheData™acrossanorganization’snetworkresources,deliveringpractical,intelligentanalysisofeventsforenterpriselogmanagement,complianceandsecurity.Asanappliance-basedsolution,theRSAenVisionPlatformoffersaneffectivealternativetosoftware,eliminatinghiddencostsinpricingmodels,simplifyingdeploymentandprovidingconsistent,predictableperformanceandresults.
Meeting Business Needs
TheRSAenVisionplatformaddressesprimarybusinessneedsinthefollowingways:
Centralizes and streamlines data logging and management: H ThedemandsonITdepartmentsandrequisitebudgetscanbesignificantlyreducedthroughthecapabilitiesoftheRSAenVisionplatform,providinggreatervisibilityintobusinessoperations,compliant-friendlytrackingofindividualnetworkactivitiesandanalyticaltoolsthatcanbeconfiguredtogeneratealertswhenpotentialsecuritybreachesorillicitnetworkactivitiesaredetected.IntegrationwithotherRSAproducts,suchasRSASecurID,helpscreateanintelligentframeworktoprotectdataassetsandnetworkresources.
Strengthens data security by identifying potential threats: H ThesecurityeventmanagementfeaturesoftheRSAenVisionplatformhelpsecuritystaffmembersidentifyandrespondtodevelopingrisksinvolvingnetworkaccessandfilemovements.Throughthesolutionfeaturesthatsupportthegenerationofactionableintelligencebasedontrackedandcorrelatedsecurityevents,RSAenVisionimprovestheefficiencyandeffectivenessofsecuritypractices.
Provides reporting and analysis tools to help meet regulatory requirements: H SecurityinformationmanagementfeaturesofRSAenVisionareideallysuitedfororganizationsofallsizes,includinglargeorganizationswithsizablenetworks.TheinformationmanagementanddataretentionfeaturesaidincomplyingwithreportingrequirementsmandatedbySOX,GLBA,PCIandothercurrentlegislation.Byprovidingextensive,system-widerecordingandtrackingofdataeventsandtransformingthisdataintoaformthatsimplifiesregulatorycompliance,organizationscanavoidfinesandpenaltieswhileensuringdataintegrityforcustomers,vendors,andstakeholders.
10
RSA® enVision™ Platform Sales Guide
11
RSA® enVision™ Platform Sales Guide
Benefits of the RSA enVision Platform
TheRSAenVisionplatformsolutionconsistsoftheseelements:
RSA enVison platform appliance: H EachRSAenVisionplatformapplianceisacontrolledsecureenvironment,featuringalocked-downandhardenedversionoftheMicrosoftWindowsoperatingsystemandtheenVisionsoftwareapplicationpre-installed.Thiscontrolledenvironmentensuresthattheusualthreatstosystemoperation—includingbugs,viruses,andworms—areeffectivelyeliminated,ensuringsafe,reliableperformance.SeveraldifferentmodelsoftheRSAenVisionplatformappliancealloworganizationstoselectthelevelofequipmentcorrespondingwiththenumberofdevicesandthevolumeofdataeventstobecapturedandprocessedinreal-time.
Internet Protocol Database: H Theinnovative,patent-pendingRSAInternetProtocolDatabase(IPDB)istailoredtoefficientlycollectandprotectAlltheDatafromanyIPdeviceonthenetwork.Thisdatabaseletscustomersconstructarobustlogmanagementplatformwiththeabilitytomonitorandcorrelatehighvolumesofdataeventsandextractintelligencethroughsophisticatedanalytics.Storagerequirementsfordatacollectedareminimizedthroughcompressiontechniquesandperformanceisenhancedthroughauniqueapproachthatworksefficientlywithunstructureddataformats.
Built-in tools H :Thebuilt-intoolsandfeaturesoftheRSAenVisionplatformprovidetheflexibilitytocollect,analyzeandviewdatainnumerouswaysandtoconfigurebehaviorstosuitthesecurityandcompliancerequirementsofmanydifferenttypesoforganizations.Amongthetoolsandfeaturesincluded:advancedvulnerabilityandassetmanagementfeatures,tasktriageandticketingsystemintegration,watchlistalertingandreporting,eventexplorerandextensivefeaturesformaximizingavailability.
RSAisamarket-provenleaderintransformingenterprise-widedataintocomplianceandsecurityinformation.TheRSAenVisionplatformisbuiltonanarchitectureequaltothedemandsofhigh-trafficnetworkoperations,collectingandprotectingAlltheDatathatdriveseachcustomer’sbusiness.
TheRSAenVisionsolutionofferstheseadvantagestoorganizations:
Exceptional scalability H :theopenarchitectureandmodularhardwarecomponentsoftheRSAenVisionplatformachieveaveryhighlevelofscalability,capturingthousandsofdataeventspersecond.Thescalabilityofthesolutionallowseventhelargestenterprisestosuccessfullycapture,monitorandanalyzedatainaconsistent,predictableway.
Favorable Return on Investment: H Byavoidingthehiddencostsofsoftware-onlysolutions(additionalhardwareinvestments,managementexpenses,storagecostsandsoon),theRSAenVisionplatformdeliversstrongbusinessvalueandarapidReturnonInvestment(ROI).
Fast deployment: H Theappliance-basedRSAenVisionplatformsolutioncanbeattachedtothenetworkandconfiguredinaveryshortperiodoftime,typicallyintherangeoftwohours.Software-basedsolutionssetupforasimilarappliancemaytakeanywherefromadaytoaweektobecomefullyoperational.
Industry-leading reliability: H Thecontrolled,secureenvironmentsrepresentedbytheRSAenVisionplatformappliances,runningahardenedandlockedversionofMicrosoftWindows,deliveraveryhighdegreeofreliability.Appliancesareimmunetothird-partydriverconflicts,bugs,worms,virusesandsimilarthreatstodataintegrityandconsistentoperation.
Unique IP-based database advantages: H TorapidlycaptureandanalyzeIP-baseddataandinformation,thesolutionreliesonaninnovativedatabaseapproach:InternetProtocolDatabase(IPDB).IPDBprovidesuniquedataadvantagesandstoragebenefitsthatunlockmanyofthecapabilitiesofthissolutionforreal-timeoperations.
ManyRSASecurityandEMCproductsworktogethereffectivelysothatcustomerscandeploycompletesolutionsthatencompassalloftheirsecurity,networkmanagement,informationmanagementandcompliancerequirements.Forexample,theRSAenVisionplatformcomplementsRSASecurIDtechnologytogivepartnerstheopportunitytostrengthencomplianceandnetworkmanagementwiththeprovenbenefitsoftwo-factorauthentication.ThissolutionalsocomplementsEMC’svisionforinformation-centricsecurityandisintegratedwithEMCCelerra,CLARiiON,SymmetrixandCentera.
12
RSA® enVision™ Platform Sales Guide
13
RSA® enVision™ Platform Sales Guide
Identifying Customers
KeyindicatorsthatanorganizationcaneffectivelytakeadvantageoftheRSAenVisionplatformare:
No unified system in place for monitoring and analyzing network events: H Organizationsthatlackacentralized,unifiedmeansforcollectingandanalyzingnetworkdataeventsriskpotentialsecuritybreaches—internalaswellasexternal—andoftendevoteexcessivetimetotryingtointerpretandmakedecisionsonuncorrelateddatacollectedbynon-intelligentloggingtools.Streamliningdatacollectionandextractingkeyintelligencefromitcangreatlysimplybusinessoperations,strengthensecurityandreduceITcosts.
Existing network logging tools do not adequately meet regulatory mandates: H Morestringentregulationsinvolvingaccountability,authenticationandauditingofnetworkactivitieshaveemergedinrecentmonths,creatinganeedforcompaniestoreassesstheeffectivenessoftheirexistingpiecemealorlesscomprehensivesolutionstologgingandmonitoring.Rawinformationmaybecollected,butoftentheintelligencecomponentislacking,makingitdifficulttovieworevaluatethedata,ortopresentitinawaythatmeetsmandatoryrequirements.
Costs of IT administration: H Inefficient,non-centralizedapproachestosecurityinformationandeventmanagement(SIEM)candriveupthecostsofITadministration,requiringmanualinterventionformanyprocessesthatshouldbeautomated.
TheRSAenVisionplatformsolutionsuitsdeploymentsinmid-sizetolargeorganizations,aswellasglobalenterpriseswhereextremelyhighdatatrafficonthenetworkistypical.Primaryindustriesinclude:
Financialservices H
Outsourcersandmanagedserviceproviders H
Retailandhospitalityservices H
Healthcareindustry H
Energyandutilityindustry H
Publicsectorandnon-governmentalorganizations H
Organizationsthatareconcernedwithsecurityandinformationmanagement—forimprovedprotectionofdataresources,regulatorycompliance,andenhancedbusinessoperations—generallyrespondfavorablytothefeaturesandcapabilitiesoftheRSAenVisionplatform.
Strongly regulated industries—suchasfinance,government,pharmaceutical,andhealthcare—facesubstantialregulatorymandatesandcompliancerequirements,whichcanbemetwithaproperlydeployedRSAenVisionplatformsolution.
TypicalprospectsfortheRSAenVisionplatformhavethesecharacteristics:
Awiderangeofcomputingdevicetypesaccessingnetworkresources H
Largevolumesofcriticalapplicationsandsensitivedatainuse H
ComplexnetworkinfrastructuresrequiringsubstantialITmanagement H
Stringentcompliancerequirementsatstate,federalandinternationallevels H
Increasingly,organizationsarerecognizingtheimportanceofmanagingcomplianceandsecurityeventlogdatamoreeffectively—fromthetimetheeventdataaregeneratedtothetimeitnolongerneedstoberetained(accordingtoregulatoryguidelines).
14
RSA® enVision™ Platform Sales Guide
15
RSA® enVision™ Platform Sales Guide
Discovery Questions
Thefollowingquestionsfocusonconcernsofthetypicalmanager:
Given your current capacity and existing configuration for storing security information, for how long a period can you retain the data?
What do you estimate it costs your IT group each year to log and manage data events?
What systems are in place to monitor access control, privileged users and configuration controls?
Do you feel that your company’s critical applications and data are sufficiently protected against external threats?
Can you analyze all of the data logged in real-time and apply it to forensic situations?
Foroperations personnel,thesequestionsmayhelpdetermineafit:
How will your organization create a compliance program in a cost-effective manner?
Are their multiple departments or groups collecting security audit information? Do additional groups have a need to collect this information?
When a security threat is identified, are you able to cross-reference it with the rest of the network?
How do you keep up with real-time monitoring, threat detection and malicious code detection without being overwhelmed by false positives?
Are you able to add proprietary applications to extend the collection of source devices in use on the network?
Do you need to produce frequent compliance reports or reports for many different audiences?
Usingthesesamplequestionstostimulatediscussionswithpotentialbuyers—basedontheirdemonstratedconcerns—helpsdiscovertheunderlyingbusinessneedsandbuyermotivations.This,inturn,cansuggestthemostcompellingpointstofocusthesalespresentation.
TheRSAenVisionplatformiswellsuitedtoorganizationsofallsizes,butitisidealforamediumtolargeenterprisesale.Youcaneffectivelyfocusasalesengagementbyaddressingthesecurityandcompliancefunctionsandaskingbasicqualifyingquestions.Inquiringaboutacustomer’scurrentenvironmentandexistingsecurityandcompliancestrategiesisoftenagoodplacetostartthediscussion.Ideally,youcanleadthediscussiontowardthegoalofsellingacombinedsolutionthataddressesthesecurityandcomplianceneedsofmultiplestakeholdersintheorganizationandthatincludesdevelopmentandimplementationservices,thecoreproductandanappropriateEMCstorageplatform.
PotentialdecisionmakersfortheRSA®enVisionsolutiontypicallyfitintothreecategories:
Executives: H Haveconsiderableinfluence;concernedwithshareholdervalues,revenueissuesandregulatorycompliance.
Managers H :Haveinfluenceoverbudgetandprojectimplementations;concernedwithcustomerrelationships,costcontrolsandbusinessobjectives.
Operations personnel: H Focusedprimarilyonimplementationstrategies,resourcesandtechnologyissues.
Sellingeffectivelytothesethreecategoriesofbuyersrequiresaskingquestionstohighlighttheindividual’sconcernsandofferingsolutionsintermsthataddressthechallengesfacedbytheorganization.Focusthediscussiononthekeymotivationsidentifiedforeachbuyer.
Effectivequestioningstrategiestargeteachindividual’smostimportantconcerns.Forexample,whentalkingwithanexecutive,thefollowingquestionscanhelpleadthesalesdiscussion:
Have you found a satisfactory way to monitor and track network data events across your infrastructure for compliance and security?
Are your network data resources protected against emerging security threats
Are your security investments working? Can you easily prove it?
Do you need to make your compliance reporting more effective while consuming fewer resources?
Do you have a compliance initiative in effect that mandates improved accountability and data retention?
16
RSA® enVision™ Platform Sales Guide
17
RSA® enVision™ Platform Sales Guide
Attaching and Follow-up OpportunitiesPositioning Statement
ProperlytrainedpartnersandRSAcanoffercustomersadditionalservicestoaccompanytheproductsaleofRSAenVisionplatformcomponents,including:
UniversalDeviceDevelopment H
SureStart H
ReportandAlertDeveloper H
ComplianceAssessmentandEnablement H
SecurityAssessmentandEnablement H
Aspartofanoverallnetworksecuritystrategy,andtostrengthenthecomplianceandsecurityaspectsofnetworkaccessanduse,othercomplementaryproductsofferingsomeopportunityfortheadditionalsalesinclude:
Addition of RSA SecurID: H Authenticationisaprimeaspectofcomplianceregulations,aswellasabest-practiceapproachtonetworksecurity.RSASecurIDprovidesindustry-leadingtwo-factorauthenticationforcomplianceandimprovedsecurity.
Addition of Use of a Certificate Authority: H Customersusingcertificateauthorities,suchasRSADigitalCertificateSolutions,haveanongoingneedfortheprotectionofcertificatesandkeys.RSASmartCardsandRSAUSBAuthenticatorsensureprotectionofeachuser’sprivatekeys.
RSA SecurID Tokens: H Customerslookingfortightersecuritythanpasswordscanprovidewillbeinterestedinusingmulti-factorauthentication.FornewcustomersthiswillleadtosalesofRSASecurIDtokensandsoftwarelicenses.ForexistingRSAcustomers,itmaymeananexpansionofthenumberoftokensinuse.
ThisRSAenVisionsolutionprovidesaprovenframeworkforstrengtheningenterprisesecurityandensuringcompliance.YourcustomerscanalsoleverageexistingRSASecurityinvestments,suchasRSASecurIDtokensorRSAKeon®digitalcertificates,combiningacomprehensiverangeofsecuritytoolswithinanframework.
Facedwithincreasinglycomplexnetworkenvironments,emergingdatasecuritythreatsandstringentcompliancerequirements,manyorganizationsareturningtocomprehensiveinformationlifecyclemanagementsolutions,lookingfortoolsthatsupportbestpracticesforsecurityinformationandeventmanagement.Giventhecomplexitiesofplanningandimplementingsolutionsinthisarea,appliance-basedsolutionsdesignedaroundanopenarchitecturemodelhavesignificantadvantagesintermsofcost,reliability,scalabilityandinstallation.
TheRSAenVisionplatformoffersclearadvantagesinanumberofareas,providingSIEM Hcapabilitiesthatdirectlyaddresskeycustomerrequirements.Presentedaspartofasolutionsalesapproach,thisplatform:
Providesascalablelogmanagementplatformthatenablescomplianceandsecurity,and Hdeliversbusinessintelligencetoenhanceoperations
Offersacomprehensive,open-architectureapproachtoSIEMthatintegrateseffectivelywith Hexistingnetworkequipmentandsupportshigh-volumedataenvironments
Expandsthevalueofdataonthenetwork,analyzingAlltheDatatosupportarich, Hinformation-centricsecuritystrategy
Inthiscontext,theRSAenVisionplatformhelpscustomerseliminateredundantsilosofinformationandcreateaunifiedframeworkthatspanstheenterprise,turningrawdataintoactionableintelligence.
18
RSA® enVision™ Platform Sales Guide
19
RSA® enVision™ Platform Sales Guide
Presentation of Solution
Asafull-featured,scalable,enterprise-classsolution,thebusinessvalueofRSAenVisionisrealizedinlarge-scaledeployments—wheredataeventloggingtypicallyreachesthousandstotensofthousandofeventspersecond.However,withtheselectionoftheappropriateenVisionappliance,thissolutioncanbecosteffectiveinmuchsmallerdeploymentswhereeventoccurrencesrangefromthetenstothehundredsofinstancespersecond.
Industriesthathaveparticularlystrictregulatorycomplianceconcerns—suchastheinsurance,financial,andgovernmentsectors—canrelyonintegrationwithRSASecurIDtoensureanevenmorecomprehensivesecuritysolution.Completesolutionsinthesecurityrealmshouldencompassaccessandtransactioncontrolthroughouttheorganization’sinfrastructure,aswellasensuringaclearaudittrailanddefinitiveloggingofalleventactivity.
TheRSAenVisionplatformfitswellinenvironmentswherecustomershaveastrongneedtocentralizeandunifyloggingandinformationmanagementactivitiesinresponsetoadesireforimprovedsecurity,moreefficientoperationsthroughgreaterdatavisibility,andenhancedregulatorycompliance.
TheRSAenVisionplatformisbuiltaroundasolidframeworkofinformationmanagementcapabilities—recognizingthattransformingeventdataintoactionablecomplianceandsecurityintelligenceisafundamentalnecessityformodernbusinessesandlarge-scaleorganizations.
Withprovenperformance,exceptionalscalability,aninnovativedatabasetunedforhandlingIP-generateddataandbest-in-classanalyticaltools,theRSAenVisionplatformequipscompaniesforsuccessincomplianceandsecurityoperations.TheRSAenVisionplatformrespondstotheneedforsecurityandcomplianceintelligenceatasystemlevelandprovidesgreateroverallreturnoninvestment.Forthesereasons,RSAenVisionplatformtechnologyleadstheindustryineffective,provenSIEMsolutionsandhasbeensuccessfullydeployedinhundredsoforganizationsworldwide.Figure1illustratestheplatformcapabilitiesforthissolution.
Solution: RSA enVision AnInformationManagementPlatformforCompliance&SecurityOperations
20
RSA® enVision™ Platform Sales Guide
21
RSA® enVision™ Platform Sales Guide
FAQsObjection Handling
Does the RSA enVision platform integrate easily with storage systems from other vendors?
ThesolutionprovidesintegrationwithNASsystemsfromNetworkAppliance(NetApp),aswellasfullintegrationwithDAS-andNAS-basedEMCstoragesystems,suchasCLARiiON,Celerra,Symmetrix(withtheCelerraGateway)andCentera.EMCofferstheDesignandImplementationforSecurityInformationManagementservicetohelporganizationsconfiguretheRSAenVisionplatformwithEMCstoragesystems.
Do agents have to be installed for use with enVision?
TheuniquearchitectureanddatacollectiontechniquesemployedbyenVisiondonotrequiretheuseofagentsortraditionaldata-filteringtools.EfficientstorageofcapturedIPdataandintelligentapplicationofanalyticaltoolsarekeytodeliveringreal-timeeventinformationtodecisionmakers.
Will RSA enVision work with security products from other vendors?
RSASecurity’ssolutionsleadtheindustrywhenitcomestointeroperabilitywithothervendors’productsandsystems.Widespreadproductinteroperabilitymeansthatthesolutionscanbeeasilyincorporatedintoheterogeneousenvironments,allowingbusinessestogetupandrunningandbecomeproductivefaster.
What other RSA Security components work in combination with the RSA enVision platform?
Componentsthatworkwellwiththissolutionincludetwo-factorauthenticationusingRSASecurID,RSASecurityUSBauthenticators,RSASmartCards,RSADigitalCertificatesolutionsandRSAClearTrustwebaccessmanagement.
Is it difficult to deploy the RSA enVision platform solution?
Becauseoftheappliance-baseddesignandpre-testingofcomponents,RSAenVisioncanbesetupanddeployedinminimaltime.Oncepoweredupandattachedtothenetwork,ittypicallyrequiresabouttwohourstobeginloggingandmonitoringdataevents.
What kind of device and application compatibility features are available?
Formaximuminteroperability,RSAenVisionplatformusesanopenarchitectureframework,ensuringsupportforawiderangeofapplications,devicesandstoragesystems.UniversalDeviceSupportincludesnativesupportforover150devices,withadditionaldevicesupporteasilyavailable.TheextensibleRSAenVisionplatformlogmanagementfunctionscanalsobeintegratedwithotherSIEMcomponentsandanalyticaltools.
ThefollowingaretypicalobjectionsyoumightencounterwhileattemptingtoselltheRSAenVisionplatform.Responsestotheseobjectionsareincludedtohelpyoukeeptheprospectinyoursalespipelineandclosethedeal.
We have dedicated teams in place that perform monitoring, reporting, and similar analytical activities.
TheRSAenVisionplatformisarobustenterprisesystemthatcanmaketheseactivitiesmoreefficient,moreresponsive,andlessresource-intensive.Betterconfigurationmanagementcanalsoenhanceyourabilitytomeetregulatorycompliancemandates.
We don’t need a system like this.
Changingregulatoryframeworksandincreasedincidentsofdatasecuritybreachesandnetworkintrusionsmakeitessentialforeveryenterprisetohaveasecuritystrategythatincludescomprehensivereal-timemonitoring,intelligentloggingandverifiablecompliancemanagement.
We already have a system that collects and correlates events from our network devices.
Eventmanagementandreal-timealertingarebasicfeaturesofmanysimilarsolutions,buttheRSAenVisionplatformputsgreateremphasisoncompliancereportingcapabilities,aswellasprovidingsophisticatedreal-timeandforensictoolsforanalyzingandrespondingtologgedeventdata.
A platform like this will be too expensive for our organization.
ThecapabilitiesoftheRSAenVisionplatformcanbeleveragedacrossmultiplegroups,includingsecurity,IToperations,businessoperations,andcompliance.Externalspecialistresourcesaregenerallynotnecessarytooperateandmaintaintheplatformcomponents,whichhelpsminimizeongoingcosts.Adheringstrictlytoregulatorymandatescanalsohelpavoidcostlyfinesandpenalties,aswellaspotentiallossofcompanyreputationifdatabreachesgoundetected.
The reporting requirements in our organization are very unique and specialized.
TheRSAenVisionplatformfeaturesveryflexiblecustomreportingcapabilitiesinadditiontostandardreportingfunctionsthataddressthemostcommonregulatoryrequirements.Evencomplexreportingrequirementscanbehandledefficiently.
22
RSA® enVision™ Platform Sales Guide
23
RSA® enVision™ Platform Sales Guide
How to Quote RSA® enVision ES-1060 Demonstration Appliances
RSAenVisionplatformcomponentscanbeobtainedthroughthenetworkofRSASecurWorlddistributionpartners.Forthemostcurrentpricinginformation,refertotheRSASecurWorldPartnerProgramonlinepricelists(https://www.rsasecurworld.com/secureworld/node.asp?id=2773)orcontactyourdistributordirectly.AcompletequoteforanRSAenVisionplatformsolutiontypicallyincludesthefollowingcomponents:
Oneormoreappliancesandassociatedhardware. H
Additionalstoragedevices.ForESSeriesappliances,additionalstoragedevicesareoptional Hiftheestimatedeventactivityanddataretentionrequirementsexceedbuilt-instoragecapacities.ForLSSeriesappliances,NASdevicesarerequired.
Software,includingEventExplorersoftware(tobesoldonlytocustomerswhoare HpurchasingoralreadyownanRSAenVisionappliance)
Maintenance H
Professionalservices H
Note:AllRSAenVisionplatformordersarecurrentlyshippedfromtheUSA.PartnerssituatedinEMEAorAPwillincuradditionaldeliverycharges,basedonchargestothedistributor.Ifdeliveriesaremadedirectlytoareselleroracustomer,thedeliverycostischargedtothatresellerorcustomer.
Followthesestepstoconstructaquoteforacustomer:
Step 1: RSA enVision platform hardware — Determine the appropriate device or devices.
a)Howmanynetworkdevicesdoesthecustomerwanttosupportandhowmanyeventsperseconddothosedevicesgenerate?
RSASecurWorldSolutionsPartnerscanpurchaseRSAenVisionES-1060demonstrationappliancesforaspecialprice.Theseappliancescanbeusedforeducation,training,demonstrationsandpilotprojectdeploymentsatcustomersites.PartnersareallowedtoreselleachdemoES-1060unitonce.
RSASecurWorldSolutionsPartnerscanorderES-1060kitsthroughtheMyAccountssectionoftheRSASecurWorldPartnerPortalorthroughRSASecurWorldAuthorizedDistributor.Maintenanceonthesekitsis75percentofstandardcostforSolutionsPartners;AccessPartnerscannotpurchasedemonstrationunits.
Forbestpracticesintermsofsettingup,managing,andreusingthedemokitfordifferentevaluationsandlivedemonstrations,contacttheGlobalResellerTechnicalAccountManagerforRSASecurity.ThecurrentcontactinthispositionisDanBreslinbreslin_dan@rsa.com
Cost: USD 9000.00
24
RSA® enVision™ Platform Sales Guide
25
RSA® enVision™ Platform Sales Guide
How to Quote RSA® enVision
Table 2. Simultaneous Event Explorer users
Model ES-560 ES-1060 ES-2560 ES-5060 ES-7560 LS-A60
Max.EventExplorerUsers
1/5 2/5 3/5 4/5 5/5 5/15
Note:ThemaximumnumberofEventExplorerusersisnotapplicabletothesemodels:LS-D60,LC-L605,LS-L610,LS-R601,andLS-R602.
Hint:Thenumberofmaintenancelicensespurchasedmustequalthenumberofsoftwarelicensespurchased.Forexample,customerswhopurchase3EventExplorerlicensesmustalsopurchase3maintenancelicensesforEventExplorer.
Step 4: RSA SecurCare® — Determine the Type of Maintenance Coverage.
a)Therearetwotypesofmaintenancecoverage:
1. RSASecurCareStandardMaintenance—8:30am–5:30pm,Monday-Friday
2.RSASecurCarePremium—24hoursx7daysx365days
Hint:Standardmaintenanceispricedat17percentoftheappliancelistpriceperyear.Partnumbersshouldbeexpressedintheformat:SSP-[APPLIANCE]-12M.Premiummaintenanceispricedat27percentoftheappliancelistpriceperyearPartnumbersshouldbeexpressedintheformat:PSP-[APPLIANCE]-12M.
Note:TheRSASecurCarecontractmustmatchtheuserleveloftheRSAenVisionplatformlicense.Itisvalidfor12months.
Step 5: Professional Services — Calculate the costs of any professional services the customer will need. The chart on the next page shows the services that may be required based on the existing customer environment:
ThefollowingtableshowstheratedcapacitiesoftheES-andLS-seriesappliances:
Table 1. Rated capacities of RSA enVision platform appliances
Model EPS Level Device Count
Storage (standard usable)
Projected Data Retention (maximum EPS and devices)
ES-560 500 100 300GB 12months
ES-1060 1000 200 300GB 6months
ES-2560 2500 400 300GB 2–3months
ES-5060 5000 750 2.7TB(DAS-2000) 12months
ES-7560 7500 1250 2.7TB(DAS-2000) 7–8months
LS-L605 5000 1500 3.5TB(NAS-3500) 15months
LS-L610 10,000 2048 3.5TB(NAS-3500) 7–8months
Note:ForallLSSeriesconfigurations,approvalisrequiredbythecorrespondingRSAenVisionFieldAccountManagerorRSAenVisionplatformSalesEngineer.ThecomplexnatureofLSSeriesconfigurationsmakesitessentialthatthefunctionalityandfeasibilityofselectedcomponentsareappropriatetothecustomer’sconfigurationanddeploymentplans.
Step 2: Storage Requirements — Does the customer need additional storage devices, based on length of data retention and anticipated events per second?
Hint:Forlow-endappliances,suchastheES-560model,theonboardstorageistypicallysufficienttosupport100devicesatmoderatedataactivitylevels.Formid-rangedevicesuptotheES-7560,additionalNASorDASdevicesaregenerallyrecommended.ForLSSeriesappliances,addingNASisarequirement.
Note:TheStorageCalculatortool,anExcelworkbookthatisincludedontheRSAenVisionPlatformSalesTrainingCD,providesdetailedmodelingofcustomerenvironmentstocalculateonlineandnear-linestoragerequirements.
Step 3: Determine the appropriate number of license seats for each of the software packages to be purchased, including Event Explorer.
ThenumberofsimultaneousEventExplorerusersincludedandthemaximumforeachappliancetypeisshowninthefollowingtable.
26
RSA® enVision™ Platform Sales Guide
27
RSA® enVision™ Platform Sales Guide
How to Quote RSA® enVision Competitive Analysis
AnumberofothercompaniesoffercompetitiveSIEMsolutions,eachofwhichhasitsownuniqueadvantagesanddisadvantages,asdiscussedinthissection.
ArcSight:SolutionsfromArcSightofferadvancedanalyticsandsophisticatedfunctionality.TheArcSightDiscovermoduleautomatesanalysisofmaliciousthreatsandcomplianceviolations,simplifyingsecurityandregulatoryconcerns.Theuserinterface,whichprovidesnumerouswaystographicallyviewdata,providesaneffectivewaytocorrelateandassesslargevolumesofdataeventsinsignificantdetail.
Thearchitecture,however,usesarelationaldatabaseback-endandemploysagents.Tomaintaindataanalysisinnearreal-time,datamustbeheavilynormalizedandfiltered.Thecomplexityofplanninganddeploymentisalsosubstantial,oftenrequiringseveralweeksofworkandagreatdealofhardware.ThissolutionisalsooneofthemostexpensiveSIEMsolutionsonthemarket.
IBM Consul:Consulhasbeenavailableonthemarketfor20yearsandfocusesonmainframeexpertise,compliancereportingfeaturesandprivilegedusermonitoringandauditingcapabilities.Itispitchedasbeinghighlyscalable,butbecausetheproductisRDBMsbased,itdoesnotscaleverywell.
Thissolutionisveryexpensivetopurchaseandtodeploy,requiringagreatdealofprofessionalservicessupport.Thesolutionalsolacksreal-timeprocessingandreliesonasiloapproachforimplementations,makingitineffectiveatenterprise-widesecurityoperationsorlarge-scaledataanalytics.Integrationisproblematic,theuserinterfaceisunfriendlyandtheinstalledbaseisminimal.
LogLogic:InexpensivesolutionsfromLogLogicundercutRSA’s60Seriesappliancesonprice.Themodulararchitectureisbasedonappliancesandisveryeasytosetupanddeployinawidevarietyofconfigurations.
Thetoolsincluded,however,havelimitedanalyticswithmodestreal-timecorrelationcapabilities.Anotherweaknessistheuseofarelationaldatabaseback-endusinganintelligentqueuingsystem.Thisapproachexhibitsalltheperformanceandstorageoverheadassociatedwithrelationaldatabases.Finally,LogLogicoffersnothreatdetectionordatacorrelationfeatures,whichweakensitsusefulnessforsecuritypurposes.
SenSage:Unliketheothercompetitors,SIEMsolutionsfromSenSagedonotrelyonarelationaldatabaseforloggingandmonitoringdataevents.Thesesolutionshavescalabilityanddataretentioncapabilitiesthataresuperiortoalloftheothercompetitors—exceptfortheRSAenVisionplatform.
28
RSA® enVision™ Platform Sales Guide
29
RSA® enVision™ Platform Sales Guide
Appendix A: Useful ResourcesCompetitive Analysis
Twocategoriesofpartnershipexist:RSASecurWorldAccessPartnersandRSASecurWorldSolutionsPartners.Eachcategoryhasitsownbenefitsandcriteria,andrequiresthatprospectivepartnersmeettheappropriateparticipationcriteriaandcontinuetocomplywithspecificrequirementsthroughoutthedurationoftheirmembership.
Presentation Materials
TheRSASecurWorldPartnerPortaloffershighlyeffective,professionallydesignedpresentationmaterialsthatdrivehomethekeymessagesandenhanceyoursalesefforts.
Sales PresentationsinMicrosoft®PowerPoint®formathighlightproductbenefitsandprovideaguidedtourthroughthemostimportantsalespoints.
Customer case studieshelpyourcustomersvisualizehowproductsmaymeettheirspecificrequirements.
DatasheetsprovidethedetailsthatanITgrouporCTOmayneedtoauthorizepurchaseofRSASecurityproducts.
Leave-behindsofferawell-rounded,technicallycompletepictureofoure-securityproductstohelpyouclosesales.
RSA SecurWorld Partner Locator
http://partnerfinder.rsasecurity.com/PartnerLocator/plhome.aspx
RSASecurWorldPartnersareexperiencedindeliveringauthenticationandsecureaccesssolutionsinnearly50countries.TheRSASecurWorldPartnerLocatorprovidesatoolforcustomerstofindapartnerthatwillmeettheirneeds.ToensureyourdetailsaredisplayedcorrectlyonthePartnerLocator,pleasekeepyourCompanyProfileup-to-datebymeansoftheMyAccountsectionofthePartnerPortal.
RSA Secured® Solutions Directory and Implementation Guides
www.rsasecured.com
TheRSASecuredSolutionsDirectoryhaslongbeenavaluableresourceforcorporateITandISdirectorslookingforsecurityproducts,andthegeneralInternetuserwhoisconcernedaboute-security.ThedirectorylistsvendorproductsthathaveRSABSAFE®encryptiontechnologiesincludedintheirproductsandvendorproductsthatarecompatiblewithRSASecurID,RSAAccessManagerandRSADigitalCertificatetechnologies,aswellaslinkstoImplementationGuidesforeachindividualproduct.
Thestoragetechniquesused,however,consumefarmorestoragespacethanwhatRSArequiresforthesameamountofinformation(ontheorderofsixtimesmore).SenSagesolutionsalsohavelimitedanalyticalcapabilities,nocorrelationfeaturesandminimalreportingviews.
Competitive Summary:TheRSAenVisionplatformisdesignedtoofferacomprehensive,enterprise-wideinformationmanagementsolutiontotransformlog/eventdataintoactionablecomplianceandsecurityintelligence.Assuch,itisuniquelydesignedtocollect,manageandanalyzelargevolumesoflogdatathataremanagedcentrally,butthatcanbedeployedgloballyinasecureandefficientmanner.KeyattributesthatuniquelypositiontheRSAenVisionplatformversusthecompetitionareasfollows:
AlltheData H ™
AlltheTime H
Proven,SecureIPDB H
Agent-lessArchitecture H
Industry-leadingScalability H LocalDataCapturewithGlobalDataAnalysis FineGrainedRole-BasedAccessControl
Bullet-proofcompliance H
Rapidtimetovalue(TTM)andfarlowertotalcostofownership(TCO) H
FullILMstrategy H
Architectedforbothreal-timeandforensicdataanalysiswithpredictable,high-performance Hresults
Appliance-basedapproachthatdeliversacompletelyintegratedsolution H
PLUS:
The proven strength and resources of EMC and RSA H
Indirectcomparisonwiththecompetition,theRSAenVisionplatformhassignificantperformanceadvantagesbecauseofinnovativeIPDBstoragetechniques,superioranalyticalcapabilities,deploymentadvantages,strongscalabilityandafeatures-versus-costratiothatdeliversexceptionalbusinessvalue.Thissolutionalsoexcelsatreal-timeandforensicapplicationsandisunparalleledatprovidinganextensiblemanagementplatformforcomplianceandsecurityoperations.Incomparisonwiththeothercompetitors,thissolutionprovidesexceptionaltotalcostofownership(TCO)values.
30
RSA® enVision™ Platform Sales Guide
31
RSA® enVision™ Platform Sales Guide
ContactsAppendix A: Useful Resources
Americas Headquarters
Corporate Headquarters
RSASecurityInc.174MiddlesexTurnpikeBedford,MA01730Tel:+1781-515-5000+1800-732-8743(800-SECURID)Fax:+1781-515-5010
Local Offices
TolocateanRSASecurityofficenearyou,visitthislink:http://www.rsasecurity.com/node.asp?id=1052
RSA Security Distributors
AcurrentlistofRSASecurityAuthorizedDistributorscanbefoundontheRSASecuritypartnerlocator.Tosearchforadistributorinyourareavisit:
http://partnerfinder.rsasecurity.com/PartnerLocator/plhome.aspx
Theinformationinthisdocumentissubjecttochangewithoutnotice.Thisdocumentisbelievedtobeaccurateandreliable,butthestatementscontainedhereinarepresentedwithoutexpressorimpliedwarranty.
International Headquarters
RSASecurityUKLtd.RSAHouseWesternRoadBracknellBerkshireRG121RTUnitedKingdomTel:+441344781000Fax:+441344781010
RSASecurityAustraliaPtyLtdLevel3,110WalkerSt.NorthSydney,NSW,2060AustraliaTel:+61294638400Fax:+61299550826
RSA Online
www.rsasecurity.com/go/rsaol_reg.asp
RSAOnlineisacomprehensiveandevolvinge-Businesssolutiontoprovideourcustomersandbusinesspartnerswithindustry-leadingaccesstoorderinformationandRSASecurity’sproductcatalogovertheweb.ThisserviceisprovidedatnoadditionalchargetoselectRSASecurityenterprisecustomersandpartners.Separateregistrationisrequired.
RSA Online offers:
Apersonalizedsecureinterface H
Real-timeaccesstoorder-trackingandhistoryinformation H
Quickandeasylicenselookups H
Proactivemaintenancerenewalnotifications H
SameinformationusedbyRSASecurityCustomerOperations H
RSA SecurCare® Online
https://knowledge.rsasecurity.com
RSASecurCare®OnlineisafreeserviceforRSASecuritycustomerswithanactivesupportcontract,aswellasresellersandpartners.Thisweb-basedcustomersupportapplicationcanhelpyoufindanswerstoyourmostpressingtechnicalquestions.YoumustberegisteredwithRSASecurCareOnlinetousethisservice.
©2007RSASecurityInc.Allrightsreserved.RSA,RSASecurity,SecurWorld,SecurID,SecurCare,enVisionplatform,BSAFE,RSASecuredandConfidenceInspiredareeitherregisteredtrademarksortrademarksofRSASecurityInc. intheUnitedStatesand/orothercountries.Microsoft, Windows,Windows Server and Active Directory are either registered trademarks or trademarks of Microsoft Corporation inthe United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. SWEGenV0907
www.rsa.com/securworld