Archives For check point

marriottThe Security Opportunity In Chicago

Last night, thanks to Check Point and Tech Data for their sponsorship,  I presented some of the most important information for a reseller’s future success…adding security to the MSP program.

The response was clear – MSP business is a commodity, if you don’t have something more than, cost reduction or greater efficiency as your value proposition. I spoke with one sales manager after the program – his company is fairly new in security, but their initial reaction from their customers and prospects makes it clear that this move is necessary. If you want to grow your business, start with security – everyone needs it, it’s urgent, and it creates a long term value proposition as you move your clients to manage their risk.$1 HC Book Ad

Check Point followed my presentation with a compelling message – the need to add the detection elements at the perimeter, but also on all end-nodes; especially tablets and phones.  David Wheeler,  the local SE for Check Point, demonstrated a simple hack on his phone, which then recorded everything he said for the next five minutes. There was no indication the phone had been hacked. In fact, the screen was dark – it was just sitting on the podium. He then launched an app from his laptop which replayed his comments. Not only that, it gave us all kinds of information gathered from the phone including personal details you would not want broadcasted to the world! What if this were a financial review meeting or strategy session in one of your client’s conference rooms?

Several people left with plans to get more involved in security – a great first step would be setting up your next lunch & learn to educate your clients and prospects on these trends. My book, The House & The Cloud provides the talk-tracks you need to take your client through the Impact vs. Likelihood risk discussion, The House & Cloud message to show them they are at risk, and an assessment process (on page 194) that will build the undeniable justification you need to move forward into remediation projects, product sales, and longterm managed security contracts.

© 2015, David Stelzl

Advertisements

IMG_9025We All Need To Keep The Learning Process Going

Spending Time With Successful People

How do I keep up?  Well it doesn’t hurt that I interview experts every month.  Last month I had the equivalent of an MBA course in HIPAA, preparing for and speaking with Marc Haskelson of the Compliancy Group.  Over the past several months I’ve had opportunities with former NSA and CIA agents, owners and presidents of highly successful resellers, and some of the highest producers at larger companies like Dell Secureworks, Accuvant, and Check Point Software.

Next month I’ll be hanging out with some million dollar producers in my own business in a 2 day planning and strategy mastermind meeting.  There’s nothing better than learning from your peers when you see them doing something great.

Morning Reading – Krebs, WSJ, Etc.

Another thing I do is read.  I always have a book going.  Right now I am working through an audio book on building your online platform, by Michael Hyatt.  I also read the WSJ CIO section each morning, and subscribe to Krebs on Security.  Here’s a tidbit from this morning’s post I found interesting … How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.”

Conferences Are Great For Networking and Learning

And today, as you read this post, I am headed out to Denver Colorado to attend the Information Marketers Summit with Robert Skrob, President of the Information Marketing Association.  IMA is code for online training programs like the Security Sales Mastery Program on my website.  If you’re in the high tech industry, you can’t afford to work so hard that you don’t have time to read, network, and attend training.  As you start looking at your 2016 two things I recommend doing. First, figure out when you are going on vacation, and block that time out.  Also block out any important days such as your spouses birthday or your anniversary.  Second, figure how what kind of training you need to get and how you’re going to get it.  If you’re not growing, you’re shrinking.

© 2015, David Stelzl

PS. Don’t forget, many of you qualify for free training. I have several sponsors who are willing to put you through the Security Sales Mastery Program – normally $450/seat!  Contact me to find out if you qualify for a seat!

malwareWhat’s the Likelihood I’ll be Hacked Over the Next 12 Months?

That’s the question every business leader should be asking.

The answer – it’s likely.  Over the past week two of my kids have been hit by fraudsters. Neither ended up paying, but both were initially confused. Had it not been for the constant security awareness training that happens in our home, they might have paid the bill.

It could have been malware, but in this case it was a pop-up.  “Call Our Support Desk Now!  You’ve been infected by malware,” the message read. My 20 year old son had one on his iPad; my 21 year old daughter had one on her company laptop. Both came by inadvertently clicking on a pop-up ad.  In my daughter’s case, she did call the number to see what was up (her system was completely frozen at this point.)  The technician on the line wanted to access her system, which is no longer on any Apple support contract. For $250 he promised to set her up on an annual support agreement and remove the malware on her system.

At that point she called me in to talk with him.  First I asked him how he knew we had malware on this system.  He reported that he had received a message from our system telling him.  I probed further to understand what he was planning to do to fix our computer. His explanations were technical but vague. I asked him about malware, bots, and signs of intrusion.  He wouldn’t tell me specifically what the problem was. So then I started asking about remediation steps. Was this a scan, patch, firmware upgrade, etc. He couldn’t explain. It was clear he didn’t know what he was talking about, but he was adamant that we needed a solution. Finally I said, how do I know you work for Apple. He explained that his firm, BTS, was contracted by Apple for this type of support. I took down his number, thanked him, and called Apple. He was a fraudster.

In my son’s case, he simply called Apple support directly, ignoring the phone number on the screen. It too was fraudulent. Apple gave us the right tools to scan both systems to clear them of any adware or malware. And, using Apple’s chat software, the entire process was free.

Your Client’s Don’t Know Any Better

The problem is, your clients don’t know any better. What are the chances they would call and pay?  They’re working hard, trying to get through their day, and suddenly a message pops up, and like my son’s tablet, the system is locked. Apple walked my son through a hard-reset to get back to functionality. How many of your clients would simply call the number and pay the support fee?  Sure, if they work for IT, they’re probably savvy enough to do the right thing. But what about the countless office workers, especially those working in small businesses without dedicated IT support people?

Fortunately, in our case it was a simple hard-reset. It could have been ransomware, malware installed through a support link, or some destructive virus. The point is, your clients are highly likely to be hit with some sort of fraud scheme, malware, or ransomware in the near future. If all you provide is basic managed services, or possibly firewall support, these attacks will continue, and your client is likely to pay for it. Educating them on this is the first step. But then, every one of your clients really does need someone to monitor, detect, and respond to these types of problems. They will only get worse over time.

© 2015, David Stelzl

cloudcomputingSo How Secure Is The Cloud Really?

The Cloud Means Many Things – Not All Clouds Are The Same

If you’re clients are considering a move to the cloud, what should you tell them. I’ve had technology-provider clients steer people away from the cloud. Gartner, The Wall Street Journal, and I agree – people are going to move to the cloud, regardless of what you or I think about security. Telling them “No” is only going to hurt your business. Instead, start thinking of ways to help them make the move in a secure fashion.

The Cloud Is More Secure Then Their Company Network

This idea was underscored in a WSJ article this morning where United States Chief Information Officer Tony Scott offers his opinion.  Like keeping your money in the bank, you can’t duplicate bank security at home. He’s talking about cloud offerings like Google, Amazon, and Microsoft, not some fly-by-night could outfit. These companies are under the microscope everyday, facing attacks and audits. If anyone is secure they are. Most businesses are not going to build this themselves anymore than you are going to recreate bank-level security at home.

Note, I am not saying big cloud providers can’t be broken. Read my book The House & The Cloud. Simply put, if it’s connected to the Internet, it can be hacked. Google and their competition will always be under fire, and occasionally we’ll hear of a breach. I am also stating this for the majority of US companies which happen to be small and medium business. Many of the larger financial institutions are doing just as a good a job, or better with security. But as we saw with JP Morgan last year, nothing is impenetrable.  On the other hand, healthcare organizations seem to be way behind, both in their understanding of risk vs. compliance, and their ability to put a secure computing infrastructure in place. Most of them should probably just move to the cloud. They’re too far behind to pull it together themselves.

On the small and medium business side, two problems exist that can’t be fixed. First, it’s far too expensive to put in the right security measures – these smaller businesses just can’t afford it.  Second, and potentially a larger concern, the small and medium businesses can’t staff people who know what they’re doing when it comes to security.  For one thing, they can’t afford these people. But they also can’t keep them. An experienced security engineer is faced with security issues every day. That’s what interests them, and that’s what keeps them up-to-date and growing. Take someone like that and put them in a small business for 6 months, and they’ll be worthless.  Meanwhile, the larger cloud companies are constantly in motion, pushing their already talented security people up.

Your Advantage – Your Value Proposition

As a reseller or technology provider you have the same edge if you have an MSSP offering. As long as you have enough clients to keep you busy working on security challenges, you’re people will continue to grow. And the more you do, the better you’ll be. The SMB businesses out there benefit greatly from the centralized offerings you provide.

The One Challenge

The one challenge is education. These companies are going to the cloud to save money, not for better security. While they’re thinking about cloud, and before they make the move, is the best time to insert your expertise. Help them figure out what kind of risk them have. Then help them find the best cloud offering, including security. From there, take on their end-node security challenges, and their front line security detection and response program.  Right now is the time to act.

If you’re looking for a better message – consider going through the Security Sales Mastery Program…if you’re a reseller, chances are I can get you a seat sponsored by one of many technology providers you resell.  Give us a call to see if you qualify.

© 2015, David Stelzl

Adding Security to Managed IT

Security is the most important part of your managed program.

Last Thursday I spoke to resellers in Atlanta, sponsored by Check Point Software.  This all day event included several important updates for resellers on what to consider in your managed program.  Keeping patches up-to-date and backing up data is important, but just about any reseller can do this.

What Small and Medium Size Businesses are Missing is the Ability to Detect Security Issues  

Following my session, was an excellent overview on how Check Point manages security at the end node. Small businesses are not going to stop their people from using their own phones and tablets for work (BYOD).  So how will these companies stop all the mobile device malware coming out?  This is a perfect role for the future SMB MSSP.  Can your company detect when a mobile device has been compromised? Are you able to help your clients make sure unauthorized users are not connecting to their wireless network? What about monitoring their IPS or correlating their events and providing reporting to show attacks you are blocking?  It’s all about intelligence. Helping small businesses (the businesses most targeted by today’s hackers) detect when someone is trying to access their data, and then responding to stop it.

It’s Not Just Technology – Marketing Science I Needed

In my session I showed how resellers should market and sell this. Not all business owners immediately see the need. As an example, the event I did last week in Richmond had over 30 attendees – every attendee (with the exception on one person who left early) signed up for an assessment provided by the hosting reseller. But I can tell you, not all of these attendees thought they had a need when we started the meeting. It was only after they heard the message.

This is the place to start.  These attendees where business level people, interested in keeping their businesses safe and growing. Assuming they are pretty safe, their focus is on profit and growth.

They may not all need more security, but the assessment process we are using is designed to uncover urgent issues such as compromised end nodes. If we don’t find problems, they should just keep checking. But we almost always do.

I spoke with one reseller yesterday who performs several assessments every month. While just about every assessment shows urgent issues, his assessment-to-project conversion is only about 15% (Which is average for our industry). Something is wrong here. If all of the assessments reveal urgent issues, why is the conversion rate so low?  It’s the assessment process. It’s designed to uncover vulnerabilities, but not designed to convert clients.

In my session I reviewed how to move business people from thinking they are fine, to understanding the truth about security. From there, we talked about how to assess and convert, to help businesses take the right actions to keep their data secure. Once things are under control, the MSSP offering should be designed to maintain an acceptable level of risk.

Providing this to your customers will make you one of their most important strategic partners.

© 2015, David Stelzl

P.S. if you’re interested in selling more security, consider the Security Sales Mastery Program – contact us to see if your company is eligible for training sponsored by Check Point Software, or one of several other well known security manufacturers.

Ingram Webinar ScreenYou Can’t Afford to Ignore The Security Trends

This Just May Be Your Biggest Growth Opportunity

On Sept 18th Ingram Micro invited me to to present a security update to resellers.  This is one of the most important messages you’ll see this year as you consider what to do to prepare for 2016. Don’t let the Q4 rush keep you from doing some serious planning.  The next 5 years of your business depend on it!

Replay the webinar right here  (CLICK).  << Access the webinar replay now…

Growth Opportunities:

  • Don’t forget, Ingram Micro, along with numerous security manufacturers including Websense, Bit9, Cisco, Fortinet, and more, are offering free seats from my Security Sales Mastery Program!  You can contact my team through this blog to find out if you’re business qualifies for these free seats.
  • Both Check Point Enterprise and Check Point SMB resellers may also qualify for Check Point Sponsored seats in the Security Sales Mastery Program – Contact us through this blog if you are a reseller, or are considering Check Point as a partner.
  • HIPAA Compliance! Do you work with businesses that must become and maintain HIPAA Compliance? This may seem out or reach, but it’s not.  If you’re interested in learning how you can build a strong HIPAA practice, contact my team. We have recently partnered with The Compliancy Group and can help you make the jump into this lucrative market!
  • Marketing Events Are More Successful Than Ever! Next Wednesday I will be presenting to 30 business leaders in the Mid Atlantic Area.  The sponsor, a local reseller, was able to attract 30 business leaders in about 4 weeks using our Marketing Success Kit.

© 2015, David Stelzl

bill sieglein videoBack from my Florida vacation, and into snowy Boston.  This afternoon I’ll be speaking to IT leaders in Boston (Many thanks to IOVations and Check Point for their sponsorship and participation!) Education is critical right now….I had the opportunity to interview Bill Sieglein, Founder of the CISO Executive Network, earlier this week. (Part of my SVLC Insiders Circle) Perfect timing in preparation for this event.

There’s a lot of buzz out there right now about information sharing, Obama, Sony, and most recently the catastrophic losses at Anthem (Where a Hackers stole data on up to 80 million current and former Anthem health care customers, including names, birth dates, Social Security and medical ID numbers, email addresses, street addresses, telephone numbers and employment data , including income.)

Mr. Sieglein works with thousands of CISOs throughout the U.S. through a series of roundtables where they discuss the current trends, share ideas, and look for answers. I had the opportunity to ask Bill about this Obama info sharing proposal. Will this actually help? He and I both agree, it’s not the answer. This morning the WSJ published an article on this subject written by Steve Norton. who I’ve also met through past CSI interactions.  The bottom line – “Focusing solely on sharing specific threat information “only addresses one facet of a very complex space,” Mr. Libicki said in prepared remarks. “It is therefore highly questionable whether efforts to achieve information-sharing deserve the political energy that they are currently taking up.” More government oversight won’t stop hackers.

However, education can go a long way. Sieglein made the comment, “CISOs struggle to get the attention they need from other senior managers.” He went on to say, they do recognize that this is not about compliance – security and compliance are very different. It’s about predicted security and risk management.

In this afternoon’s session I plan to spend some time on the growing trends of mobility, cloud, and consumerization, and how these initiatives affect security. I’ll spend some time on the two big things companies are doing right now that are leading to big losses – one of them is, as I wrote in Data@Risk, the detection strategy is weak, or non-existent.

This issue us growing. If you’re not out there educating, you’re missing a great opportunity to help companies gain ground in the security battle. This is not a product sale. It’s a chance to help – which is a win/win for technology providers who understand the problem, and who have equipped their team to help solve it.

P.S. Next month’s SVLC Insider’s Circle Interview is with John Sileo – ID Theft Expert and Author of Privacy Means Profit. You can join us if you sell security technology or MSSP services – HERE.