What happens when you sign up to the ZoneFox Service?

Transcription

1 What happens when you sign up to the ZoneFox Service? Overview According to the highly respected Verizon 2014 Data Breach Investigations Report 1, 2013 set a new record for the number of data breaches from external threat actors, and the percentage of breaches from internal threat actors continues to increase in percentage terms year on year. Customers usually buy ZoneFox for one of two key reasons they want to minimise the loss from a potential breach of their perimeter defences or else they have already been breached and have lost valuable business data or intellectual property and they want to decrease the time to discover a future breach and minimise any costs resulting from it. ZoneFox s rapid, zero-configuration deployment combined with a tried and tested on-boarding process ensures that you and your data are protected in the shortest time possible. When we start to work with a new customer, we at ZoneFox have a standard procedure to on-board them which ensures: Immediate monitoring of key data and intellectual property Your data is protected using ZoneFox s standard alerting package which is built on best practices from standards including ISO27001, HIPAA and PCI DSS. Your team is trained on how to understand any alerts triggered by suspicious user, machine or process activity within your organisation. In this white paper, we detail the process that we go through with a customer to help them achieve these benefits. 1 Verizon 2013 Data Breach Report

2 ZoneFox s On-boarding process Review Deployment Model 2 Days Project Initiation 2-3 Days Trial and Fact-Finding (Only if Trial not already done) 2-4 Weeks Agree roll-out plan and hardware requirements 2 Days System roll out and early support 1 Week Retrospective Review Security Policy and Core Rule Set 2-3 Days Administrator set up and training 2 Days Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

3 Project Initiation At the outset of the project, we will agree with the customer the key contacts during the project, including: Client-Side: o Business Sponsor o System Administrator(s) o Support-reporters ZoneFox o Account manager o Support contacts We will discuss the aims for the project and what the key success measures are from the client s perspective. We will also agree target dates for the project and discuss any regulatory, audit or other milestones. Based on these discussions, a project plan will be written by the ZoneFox team and agreed with the customer. Indicative Duration: 2-3 Days Trial and Fact-Finding If a customer has not participated in a trial before purchasing ZoneFox, we would strongly recommend that they undertake an initial 2 to 4 week period of system monitoring to build a baseline of gathered data. This is a highly valuable process as it allows us to make more effective decisions if we understand data volumes and other factors specific to the customer. The process of managing a customer data-gathering trial is detailed elsewhere but includes: Agreeing duration of a trial Setup of trial environment (local or cloud-based) Weekly account management call Review of findings from data gathered Indicative Duration: Up to 4 weeks Review Deployment Model One of the key decisions that must be made is the type of deployment that a customer requires on-premises or cloud-hosted. The choice of on-premises or cloud deployment is entirely up to the customer and may be influenced by the following: Appetite for CAPEX versus OPEX expense. An on-premises solution requires the up-front purchase of hardware for a ZoneFox deployment but it brings predictable monthly costs. A cloud deployment has

4 little initial capital expenditure and a variable operating expense depending on the capacity of cloudbased resources required each month Security. Some clients prefer not to stream data to a cloud hosting environment due to perceived security weaknesses. Company strategy and policy may mean that one deployment model is preferred over the other. Prior to planning the roll-out of ZoneFox, a client must decide which of the two models of deployment is preferred. Indicative Duration: 2 Days Review Existing Security Policy and Core Rule Set ZoneFox is deployed out the box with a recommended base rule-set created by the ZoneFox team. These rules have been defined by the Cyber Security team at ZoneFox with reference to ISO27001, HIPAA and PCI DSS security policies. We will explain and review these core rules with the customer. If a client has an existing security policy, the ZoneFox team will additionally review that policy with the customer and plan any additional rules required. Indicative Duration: 2-3 Days Administrator set up and training A nominated individual or individuals will be shown the ZoneFox administration interface and the system will be fully demonstrated to new administrators. This training will cover: ZoneFox terminology, concepts and fundamentals Logging into the administration console Understanding and configuring the Dashboard Using the Alerts page How to configure new rules Searching for historic alerts and events Administration of agents, system status and users Using the Daily and Weekly Summary Reports How to use ZoneFox to conduct a forensic examination of recorded data Some customers require additional, complex rules in addition to the core rule-set and following administer training, we can assist a new client in configuring these additional rules, if required. Indicative Duration: 2 Days

5 Agree roll-out plan and hardware requirements Once the customer has decided on their chosen deployment model (on-premises or cloud-based) and after initial data gathering, the ZoneFox team will assist in planning the hardware requirements for the system and roll-out plan. We recommend a staged roll-out, possibly based on department, geography or corporate function. Indicative Duration: 2 Days System roll out and early support The ZoneFox team will assist with the roll-out of the system and we will be on hand to support any queries that you have regarding the system. Indicative Duration: First week of operation Early-Stage Support We recommend to all new customers that after the system goes live, we hold meetings at the end of weeks 1, 2 and 4 in addition to the regular account management meetings to ensure that the system is working effectively. Indicative Duration: Meetings at the end of weeks 1, 2 and 4. Meetings usually less than 1 hour. Retrospective 3 months after Go Live, ZoneFox will organise a retrospective with the key project stakeholders to review how well ZoneFox met their expectations, discuss whether all the original success criteria have been met and to seek feedback from the customer on improvements that ZoneFox could make to the on-boarding process. Indicative Duration: Meeting lasting up to 2 hours.

6 Conclusion ZoneFox s rapid, zero-configuration deployment combined with a tried and tested on-boarding process ensures that you and your data are protected in the shortest time possible. Whether your concern is the loss of key company data, the theft of your intellectual property, reducing the time taken to discover a breach, or ensuring that your existing controls are effective and aren t being abused, ZoneFox can be set up to start protecting you in less than 24 hours. Using ZoneFox to stop data loss reduces the financial and reputational loss of a data breach, protects your competitive advantage, enables you to safely do business with partners, and demonstrates compliance with your key regulatory requirements.