Archives For siem

SIEM viewpointWhat The Lazy MSP Companies Aren’t Showing Their Clients

Assessing Risk is the fastest way to land new logo business in the MSP arena. And if you want to build a long term, profitable business, you’re MSP is going to have to go MSSP…

(Note: I’ve purposely left out the heavy technical jargon to make this readable by sales – if you actually do the engineering work, you’re probably wanting a more technical deep dive. My goal here is to help sales reps sell the one thing that will overcome any IT budget objection.)

While 90% of the tech companies I speak to CLAIM they do security (on their website), only a handful actually do.  If you want to set yourself apart, learning to discover urgent issues (already present) on your client’s network will do it.

Over the past several months I’ve written numerous articles on how to sell, deliver, and convert assessments to long term annuity business.  This one last step in the actual assessing process is arguably the most important.

You Can’t Just Look At Perimeter Scans and Configurations

2017-06-22_07-57-50

In this YouTube video (published by Alienvault – below), the speaker is explaining the dangers of connecting to Tor or using BitTorrent, as examples of traffic symptomatic of botware. Check out 0:48 in the video below for more threats he uncovers…

These are the urgent issues you need to move deals forward!!!!

Traffic patterns also reveal reconnoissance efforts underway by hackers – thieves gathering information to be used in a future attack.

You also want to know if malware is already installed or in the process of being installed through phishing attacks or web-threats of any kind…port scans in most cases will not do this.

The problem is, most assessments I review in my coaching calls show nothing regarding traffic or connection activity between workstations and the outside.  Why?

Because it’s not easy.

In other words, the MSP providing the assessment is either too lazy or too cheap to do it, or just doesn’t know what they’re doing.

If you sell (or use pro bono) assessments, with the goal of opening new doors in the accounts you serve, make sure your professional services team understands the importance of traffic analysis and has the tools to do it….

Lots Of Data, No Connection, Equals Meaningless Data

AV SIEM

Today’s technology is great at logging data…but not so great at drawing out intelligence.

That is unless you know SIEM…Security Information & Event Management.

The ability to take all of that data from AV software, UTM firewalls, IPS devices, etc. and make sense of it has been a road block for just about any company short of large enterprise…

Until now…

There are several options including some UTM firewalls, products like AlienVault and Arctic Wolf (positioned for mid market), and BlackStratus’ recent entry into mid-market and SMB…Cybershark (Which can be white-labeled and offered with full SOC services – with little of no investment!)

With SIEM now available as a cloud offering, there’s really no excuse for not doing this.

Key Point in the video below (at 2:35) – None of this information is actually interesting unless you can get the analysis, and make the data actionable.

Unfortunately, most SIEM technology won’t really do this for you (Even  though AlienVault and others claim to). In the end, you (The Rep) must read the report and see if your client is going to be moved by it.

If not, rewrite the execute findings as a separate report – more to come on that in a future post.

This takes us back to an earlier article on QUESTIONS TO ASK…The most important part of the interview process is in gathering the mission critical data offered only by executive management.

MTD, RPO, Etc…think Business Impact Analysis…all security issues are disasters and should be viewed just like Disaster Recovery…But you’re competition isn’t doing this.

Key Moment In The Video (3:50)

2017-06-22_08-25-43

At 3:50, this video shows actual malware infections being installed – not only is this type of activity undetectable with simple observation, your Network Patrol Product is not going to see it either!

Only with something that looks at host intrusion does this become evident.  The good news – once you have an MSSP offering installed to do this type of analysis, it’s easy to justify keeping it there – this is annuity business that self-justifies.

Check Out The Entire Video Right Here

But Remember, this is not the most important tool – your QUESTIONS are.

Armed with the intelligence that comes from talking with executives and other asset owners, this information suddenly makes sense in helping a client determine their true threat levels, while providing you with the justification you need to move forward with MSSP.

Copyright 2017, David Stelzl

For more insights on how to sell assessments and larger security deals, check out one of the only books written to resellers and MSP providers on how to sell Security: The House & The Cloud…

Last week I met Brian NeSmith, President of Arctic Wolf out in Sunnyvale California. Great solution for small and medium business resellers who need a detection solution supporting their MSSP offering! Take 2 minutes to watch this video…this is what I’ve been preaching for the last decade.

© 2016, David Stelzl

plug and playSelling Security is Not The Same As Selling Insurance

You can spin security a million ways to make it sound like there’s a return on investment, but you’re only kidding yourself.

So how exactly do you sell something that many people think they don’t need more of, and that really has no ROI?

I just wrapped up two training days with Brian NeSmith, President and CEO, and his team at Arctic Wolf, a security operation center that targets small and medium businesses.  As always I’m sure I learn more than anyone at these meetings.  And I have to say, I’m impressed with the technology and the team.

Arctic Wolf is exactly what small and medium businesses need as they move toward more IoT, mobility, and BYOD.  This morning as I’m wrapping things up and getting ready to head home for the weekend, a few key principles are on my mind…these are foundational mindsets every sales person must have if they want to sell security or managed services.

  • Security is not a product. Even if you are selling a product, don’t present it that way.
  • Every small and medium business needs more security. Specifically, they need the intelligence and insight into what’s going on in their network as they create and use data.  According to Gartner, 80% of these companies are working without any realtime detection element. Even if they have the UTM firewall, they probably don’t watch it. And if they did, they wouldn’t understand it. That means every one of these companies is a qualified prospect.
  • If budget comes up, something is wrong. Security is sold based on high impact of a likely event. Most decision makers won’t understand their risk, so start there. That means you’ll need to gain access to those decision makers early in the sales process – but not to show them your corporate presentation. Instead, talk to them about technology trends like IoT that will be used to grow their business.  That’s what they want to hear…then transition to the security risks that come with new technology.
  • The sale requires justification. Justification comes with getting them to see they have urgent issues – risk. Most assessments, like 90%, show urgent findings.  That’s justification. If you still can’t close, you are either talking to the wrong people, or hiding the urgency in the language you use. Be bold and upfront – be clear. People from China are potentially in your data!
  • Whatever you do, don’t get bogged down in the technology and how it works. This discussion can come later with the IT people – but the sale is made at the business level, and should be conceptually made before diving into the weeds.

For more on how to effectively sell security, check out The House & The Cloud…you can get it here for a limited time for $1.00 – free shipping, and no strings attached.

$1 HC Book Ad

 

Today I’m out in Sunnyvale visiting Arctic Wolf – A Cyber SOC company that provides the detection element of security so many are missing!  We really do need more detection…check out this video. If the hacker hadn’t announced himself, the victim would still be clueless.

This Story Tells It All – Man Hacked On Go-Go Wireless. It could have been Starbucks, City Wireless, McDonalds, or any other public wireless network. Something you should be passing on to your clients who still think their firewall is keeping them safe – even when they are working at Starbucks.

Copyright 2016, David Stelzl