Managed Security Monitoring Quick Guide 5/26/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

Transcription

2 2 Managed Security Monitoring - Overview Service Positioning EarthLink s Managed Security Monitoring offers a 24x7 Security Operations Center to monitor your Point of Sale (POS) endpoints, routers, servers, network equipment and more to alert you of suspicious security events according to your customized escalation procedures. Available vulnerability and remediation services (with Gold and Platinum packages) allow you to take proactive action to reduce risk. Vertical Positioning Retail: Protect your POS endpoints and network from threats before they turn into costly and brand-damaging data breaches. EarthLink helps you understand your security risks, guard against them and be prepared to react quickly to isolate threats as soon as they appear. The mean time between an initial malicious network attack and when a data breach is detected is 134 days. The average cost of a data breach in the U.S. is $5.85 million in remediation costs, lost revenue and brand damage. 22% of businesses are likely to have a data breach in a 24 month period involving at least 10,000 data records. Healthcare: Protect your valuable patient data and ensure compliance with HIPAA regulations. Financial Services: Keep your network and client data safe from threats that can turn into costly and embarrassing security breaches. Value Proposition Focus on innovation: Direct resources from day to day maintenance to strategic initiatives Protect your brand: Proactively identify and remediate threats before they result in costly security breaches Stay compliant: Ensure compliance with requirements such as PCI, HIPAA, GLBA, ISO 27001/2 and SOX

3 3 Benefits Watch Over and Protect Your Network 24x7 Security Operations Center constantly monitors your network, servers, routers, POS endpoints and more. Escalations and notifications are based on defined SLAs, with pre-defined incident response escalation procedures. Actively protects from breach attempts Manage Threats Before They Become Disruptive Events Detect and correct security events before they turn into costly data breaches. Continuous vulnerability assessment data delivered for Gold and Platinum managed services is used to take proactive action to reduce risk as vulnerabilities are detected. Reduce Your Operational IT Burden Spend less time reacting to security issues and more time focusing on strategic IT activities. Peace of Mind Keep your business and customer information safe and your brand protected. Confidence EarthLink s proprietary intelligence tools and methodologies protect over 1 million customers and block over 200 million threats each day. We maintain one of the most sophisticated threat catalogs in the world, containing over 1.2 billion attack vectors. Differentiators - why EarthLink EarthLink is a comprehensive service provider with focus on security practice, rather than collection of security products. o No one but EarthLink offers solutions that address security across the entire threat ecosystem (servers, endpoints, networks). Affordable solutions tailored for retail and retail-like enterprises. Compliance expertise (PCI, HIPAA, GLBA, SOX) Significant experience in security solutions. EarthLink s proprietary intelligence tools protect over 1 million customers and block over 200 million threats each day. Extensive capabilities: EarthLink maintains one of the most sophisticated threat catalogs in the world, with over 1.2 billion attack vectors. Each day over 200,000 new threats are added to the catalog.

4 4 Key Features MANAGED SECURITY MONITORING Scalability EarthLink s Managed Security Monitoring provide simultaneous protection to multiple customers with thousands of locations. Our Security Incident and Event Management (SIEM) system can identify over 10,000 security events per second. Multiple Devices and Log Formats Security log data is supported in multiple formats and from multiple device types, including Point of Sale (POS) endpoints, routers, authentication servers, network devices, security devices, firewalls and customer applications. Multiple Security Zones and VPNs EarthLink s Managed Security Monitoring supports multiple security zones, DMZs, VLANs and site-to-site VPNs. Security Event Review Service Level Agreements EarthLink s Managed Security Monitoring provides Service Level Agreements for the frequency of Security Event Reviews according to service type as follows: Silver one instance per day; Gold and Platinum 24x7 availability with a one hour response. These Service Level Agreements are documented along with predefined incident response escalation procedures and support agreements. Flexible, Web-Based Reporting Web-based customer dashboard and reporting features available in mylink include the following: Ticket tracking to view alerts Ticket and remediation details Number of events monitored Number of corrective actions taken Threats mitigated Open/closed/escalated issues Customer security posture over time

5 5 Vulnerability Identification EarthLink s Managed Security Monitoring offers a vulnerability management service that can scan customer network, server or mobile devices for security vulnerabilities. This service is only available for Gold or Platinum level customers. Vulnerability Remediation Vulnerability remediation including patching and/or reconfiguration is available through integration with either Server Management (Basic package) or Unified Endpoint Management. This service is available only for Platinum level customers. Target Customers Retail or retail-like businesses Businesses with 50 or more devices (typically multi-location) Businesses with industry compliance requirements Prospects and existing customers Customer Profile Potential Decision Makers Chief Security Officer (CSO) VP/Director of Information Security VP/Director of IT Risk Management VP/Director of Operational Security Chief Information Officer (CIO) VP/Director of Information Technology VP/Director of Strategic IT Management Potential Influencers Chief Executive Officer (CEO) Chief Financial Officer (CFO) VP/Director of Finance Chief Revenue Officer (CRO) Chief Marketing Officer (CMO) Chief Operational Officer (COO) VP/Director of Operations VP/Director of Retail Operations VP/Director of Supply Chain (Sourcing) VP/Director of Investments and Special Operations Chief Technology Officer (CTO)

6 6 Probing Questions General Security and Compliance Questions: What is your biggest challenge with respect to information security? Have you encountered a security breach to date? If so, what was the impact to your company? Do you have dedicated resources assigned to address security? If so, what is the cost of those resources? How are you currently meeting your PCI requirements? Do you have any other regular requirements such as HIPAA, GLBA or other? If so, how are you meeting those requirements? Are there network or architectural changes needed to better meet those requirements? Inbound/Outbound Vulnerabilities: How do you protect against new threats from the Internet? How and when do you implement vulnerability and system patches? How many hours per month do you estimate it is taking to keep your security policies, patches, etc. up to date? Monitoring and Reporting: How recently was your network offline, and for how long? How quickly were you notified? Do you monitor your network security today? Is your incident monitoring 24x7x365? If yes, is the incident monitoring proactive or reactive? Who is responsible for the response to incidents? Do you need regular reporting for compliance? Do you do 24x7x365 remediation? Business Rules Managed Security Monitoring is available to any retail or retail-like customer with 50 or more devices in any service sector in the United States. This service is available either bundled with other access products or IT services or as a stand-alone service. Platinum-level customers will require either EarthLink Unified Endpoint Management and Security or EarthLink Server Monitoring and Management.

7 7 EarthLink Scope of Responsibilities Providing the Log Manager and the Threat Manager, (if applicable) for event log monitoring. Alerting customer of security events based on levels described in the Service Description. Provide periodic vulnerability scanning for Gold and Platinum. Incident response based on service level option. Customer Scope of Responsibilities Deploying the devices at each specified location. Identifying technical points of contact and availability for escalations. Assistance with completion of the Service Commencement Worksheet (SCW) Corrective action based on incident response.

8 8 Competitive Benefits EarthLink AT&T, Verizon, CenturyLink Megapath IRG Virtella Trustwave Self Service Proprietary Threat Detection Silver: Daily Log Monitoring A la carte 24x7 Monitoring A la carte Vulnerability Scans Gold: 24x7 Monitoring, Vulnerability Scans Platinum: 24x7 Monitoring, Vulnerability Scans, Remediation

9 9 Selling vs. Competition EarthLink is a better choice than MegaPath because: We use a proprietary threat protection engine that is proven. As part of our Platinum service, we offer threat remediation services. EarthLink is a better choice than IRG because: We use a proprietary threat protection engine that is proven. We offer cost-effective protection packages including 24x7 Monitoring with Vulnerability Scans (Gold) and 24x7 Monitoring, Vulnerability Scans and Remediation (Platinum). EarthLink is a better choice than Virtella because: We offer cost-effective protection packages including 24x7 Monitoring, (Silver), 24x7 Monitoring with Vulnerability Scans (Gold) and 24x7 Monitoring, Vulnerability Scans and Remediation (Platinum). EarthLink is a better choice than Trustwave because: We use a proprietary threat protection engine that is proven and much of its value proposition is based on the packaging of MSSs with its own security technologies. Trustwave s customers have indicated delays in expected feature improvements to Trustwave products that are the platform for its MSS delivery, such as SIEM. Trustwave MSS portal currently lacks role-based data access support, correlation of vulnerability data and integration with customer ticketing systems EarthLink is a better choice than Dell Secureworks because: We use a proprietary threat protection engine that is proven. As part of our Platinum service, we offer threat remediation services. One major advantage that EarthLink has over Dell is that we are a full service provider of both managed network and managed security with Dell Secureworks only being able to focus on security service.