Secure Computing Partner Survival Guide

Transcription

Secure Computing
Partner Survival Guide
Secure Computing® is a
global leader in Enterprise
Security solutions. Powered
by our TrustedSource™
technology, our award-winning
portfolio of solutions help
our customers create trusted
environments inside and
outside their organizations.
Secure Computing Partners
Survival Guide
Table of Contents
Working with Secure Computing Distributors....................................................................................3
Web Resources...................................................................................................................................3
Who’s Who at Secure Computing......................................................................................................4
Introduction to Secure Computing....................................................................................................5
How to Sell: Secure Computing..................................................................................................6
Secure Firewall (Sidewinder) – Net It out...........................................................................................10
How to Sell: Secure Firewall (Sidewinder)...................................................................................11
Secure Mail (IronMail) – Net It Out...................................................................................................15
How to Sell: Secure Mail (IronMail)............................................................................................16
Secure Web (Webwasher) – Net It Out..............................................................................................19
How to Sell: Secure Web (Webwasher).......................................................................................20
How to Sell: Secure Web Protection Service..............................................................................24
How to Sell: Secure Web SmartFilter..........................................................................................27
Secure SafeWord – Net It Out..........................................................................................................30
Secure Computing Corporation
Corporate Headquarters
55 Almaden Blvd., 5th Floor
San Jose, CA 95113 USA
Tel +1.800.379.4944
Tel +1.408.494.2020
Fax +1.408.494.6508
European Headquarters
Berkshire, UK
Tel +44.(0).1344.312.600
French Headquarters
Paris la Defense, France
Tel +33.1.46.67.27.27
German Headquarters
Unterschleißheim, Germany
Tel +1.49.89.710.461.10
How to Sell: Secure SafeWord....................................................................................................31
Secure SnapGear – Net It Out..........................................................................................................34
How to Sell: Secure SnapGear...................................................................................................35
TrustedSource – Net It Out...............................................................................................................39
How to Sell: Secure Support and Services........................................................................................41
How to Sell: Payment Card Industry Data Security Standards (PCI DSS)..........................................44
How to Sell: Secure Web 2.0 Anti-Threat Initiative (SWAT)...............................................................47
Cyber Security for Critical Infrastructure...........................................................................................50
Product Promotions.........................................................................................................................53
Using Domain Health Check for Lead Generation............................................................................53
Product Evaluations and Demonstration Units..................................................................................53
Cross Selling Secure Computing Solutions.......................................................................................55
Middle East Headquarters
Dubai, United Arab Emirates
Tel +971.4.3913504
Netherlands Headquarters
Hilversum, Netherlands
Tel +31(0)35.64.62.616
Swedish Headquarters
Kista, Sweden
Tel +46(0)8.588.370.40
© 2008 Secure Computing Corporation. All rights reserved. Secure Computing, IronMail,
MobilePass, SafeWord, SecureOS, SecureSupport, Sidewinder, SmartFilter, SnapGear,
Strikeback, Type Enforcement, and Webwasher are trademarks of Secure Computing
Corporation, registered in the U.S. Patent and Trademark Office and in other countries.
SecureWire, SmartReporter, and TrustedSource are trademarks of Secure Computing
Corporation.
Secure Computing Partner Survival Guide – Company Confidential, Version 1.0 – Q2, 2008
Working with Secure Computing
Distributors
Partners are advised to utilize the services provided by
their preferred Secure Computing Distribution Partner.
Distributors can offer a range of “value added” services,
for example:
• Assist with the sales training of partner staff
white paper lead generation programs, seminar or
Webinar activities, telemarketing programs, and event
support.
a. https://partner.securecomputing.com/
i. Password and username are required. Please
contact [email protected] to
request access
b. Web-based training and demos (https://partner.
securecomputing.com/index.cfm?skey=24)
• Handle queries relating to order status
• Log and chase product renewals
i. Sales accreditation (https://partner.
• Maintain and design marketing plans
ii.Technical (https://partner.securecomputing.com/
index.cfm?skey=24)
• Apply for market development funds
• Participate in planning meetings (marketing and sales)
• Create custom reseller-branded marketing programs
• Present at partner seminars
c. Quarterly promotions (https://partner.
securecomputing.com/promos.cfm)
d. Export rules (https://partner.securecomputing.com/
index.cfm?skey=518)
• Provide demonstration facilities
• Provide literature
• Provide pre-sales and post-sales technical support
• Provide product evaluations • Provide sales training
e. Success stories (https://partner.securecomputing.com/
our_customers.cfm)
f. Knowledge base (https://partner.securecomputing.
com/supportkb.cfm)
g. Product manuals (https://partner.securecomputing.
com/techpubs.cfm)
• Provide scalability testing facilities
h. SecureFlash newsletter (https://partner.
securecomputing.com/news_current.cfm)
• Provide systems engineer resources
• Respond to part number queries
i. Branding guidelines, graphics and logos
(https://partner.securecomputing.com/graphics.cfm)
• Respond to pricing queries
• Installation services by certified technicians
• Offer financing programs at no additional cost
j. Literature order form (https://partner.
securecomputing.com/litorder.cfm)
Web Resources
k. Localized materials (https://partner.securecomputing.
com/index.cfm?skey=686)
as of May 13, 2008
The following is a list of where to find additional product
and sales information located on either public or private
sites.
1.Quick reference
m.Contacting Secure Computing (https://partner.
securecomputing.com/sales_info.cfm)
a. Partner one-stop shop for all information:
PartnersFirst
n. Finding an authorized Secure Computing distributor
(https://partner.securecomputing.com/distributor_
locator.cfm)
b. Customer-facing materials, Webcasts, news:
Secure Computing Web site
o. Evaluation Agreement Forms ( request forms from
your Secure Computing account manager)
3.Secure Computing Web site Content
2.PartnerFirst Content
Marketing tools are available to help you with the creation
of marketing campaigns to generate leads. Contact your
Secure Computing Distributor, Channel Account Manager
or Regional Marketing Specialist for assistance with
3
l. Competitive information (https://partner.
a. Visit http://www.securecomputing.com
b. White papers
c. Case studies
d. Product overviews
e. Pre-recorded Webcasts/Webinars/videos
f. Links to weekly product Webinars
3.Secure Computing EMEA Marketing
a. For general marketing enquiries:
[email protected]
b. Director, EMEA Marketing
i. Katy Sutcliffe
g. 3rd-party product reviews
ii.+44-1344-312630
h. 3rd-party authored papers and research
[email protected]
i. Upcoming events
j. SecureNews newsletter
k. Press releases
Who’s Who at Secure Computing
as of May 20, 2008
The following provides contact information for
Secure Computing.
1.Quick reference
a. For EMEA partner sales assistance: Contact your
regional sales office, details below.
b. For EMEA partner marketing assistance: Contact
EMEA Marketing, details below
c. For customers needing technical support, training
or professional services: Contact Support, Network
Services and Training, details below.
2.Secure Computing EMEA Sales Offices
a. UK, Ireland, Israel, South Africa & EMEA HQ
i. +44 (0) 1344.312.600
b. Central & Eastern Europe
i. +49 (0) 89.71.04.61.10
c. Southern Europe & North Africa
i. +33 (0). 46.67.27.27
d. Nordic
i. +46.0(8).588.370.40
e. Benelux
i. +31.35.6462.616
f. Middle East
i. +971.4.391.3504
c. EMEA Marketing Specialists
i. Dan Trotman – Northern Europe:
[email protected]
d. Natalie David – Southern Europe & Middle East:
i. [email protected]
e. Ilka List – Central & Eastern Europe:
i. [email protected]
4.Support, Network Services, and Training
a. VP Support and Network Services
i. Gary Bibeau
ii.+1 (651) 628-5363
[email protected]
b. Director, Firewalls
i. Ron Johnson
ii.+1 (651) 628-1560
[email protected]
c. Director, Web Gateways and Authentication
i. Christopher Cinnamo
ii.+1 (651) 628-6263
[email protected]
d. Director, Mail Gateways
i. Doug Borse
ii.+1 (678) 904-9263
iii. [email protected]
e. Director, Services and Training
i. Julie Cota
ii.+1 (651) 628-5379
iii. [email protected]
4
Introduction to Secure Computing
• Secure Computing® is one of the largest pure-play security companies in the world
• Secure Computing is public (SCUR), profitable, and global
• Secure Computing 2007 annual revenues were $238 million USD
• Secure Computing has over 22,000 customers in 106 countries
• Secure Computing has ~ 1000 employees with offices in 20 countries
»» Over 400 hardware and software engineers
»» Over 175 support personnel
• Secure Computing has over 2600 partners worldwide
• Secure Computing’s portfolio consists of the following major products:
»» TrustedSource
– The leading global intelligent reputation service in the world, TrustedSource™ technology scans
hundreds of billions of items a month and assigns reputation scores to IP addresses, URLs,
domains, email messages and images. Secure Firewall (Sidewinder), Secure SnapGear, Secure
Mail (IronMail), Secure Web (Webwasher), Secure Web SmartFilter, and other 3rd party products
use TrustedSource’s reputation scores to instantly recognize attacks, even the first time they are
encountered.
»» Secure Firewall (Sidewinder)
– Secure Firewall is the leading application layer firewall appliance on the market. It is the number
one choice with enterprises that need to secure the most important data in the world.
»» Secure SnapGear
– Secure SnapGear is the leading UTM firewall for small, branch or remote offices or for home
use. Managed centrally with Secure Firewall, SnapGear can provide a complete security firewall
solution.
»» Secure Mail (IronMail)
– Secure Mail is the leading email security appliance for its unique ability to stop inbound threats
and prevent outbound data loss all in one unit.
»» Secure Web (Webwasher)
– Secure Web protects your desktop machines from Internet threats. Uniquely positioned to
counter Web 2.0 threats, Secure Web stops more malware with fewer false positives than any
other solution available.
»» Secure Web Protection Services
– Secure Web Protection Service offers exceptional Web security through a reliable, hassle-free
security-as-a-service (SaaS) deployment option. With no applications or hardware to install
or deploy, organizations simply redirect Web traffic to a Secure Computing data center for
exceptional protection.
»» Secure Web SmartFilter
– Secure Web SmartFilter is the leading URL filtering product in use with schools and enterprises
worldwide. Secure Web SmartFilter prevents users from traveling to unwanted Web sites, ensuring
policy compliance and eliminating risks associated with the Internet.
»» Secure SafeWord
– Secure SafeWord is a line of strong two-factor authentication devices and software to ensure that
only known users can access critical data.
5
How to Sell: Secure Computing
Who Is Secure Computing?
Secure Computing is a global leader in Enterprise Security
appliance and software solutions. Our TrustedSource
technology, integrated with our award-winning portfolios
of email, Web, and firewall security solutions provides the
world’s most extensive real-time reputation scoring.
Our products provide anti-hacking, anti-spam, anti-virus,
anti-phishing, anti-malware, and anti-spyware protections
to ensure Web security, network security, and email security, as well as prevention of data leakage, compliance with
regulations, auditing, reporting, and, strong authentication
and identity management.
• Founded in 1984 – more
than 24 years of enterprise
security leadership
• More than 22,000 customers, including a majority of
the Dow Jones Global 50
• Used by the most securityconscious enterprises and
government agencies in the
world
• Over 150 patents issued or
pending
• Worldwide network of
partners
• Approximately 1,000
employees
• Headquartered in San Jose,
CA, with offices around the
globe
• Publicly traded on NASDAQ (SCUR) since 1998
• 2007 Fiscal Revenues:
$237.9m
How Does Secure Computing
Help Our Customers?
Business Benefits
• Protection of valuable network infrastructure:
Companies invest significant resources in their enterprise
networks, and protecting that investment is paramount
to ensuring the integrity of corporate data and equipment. Our products have been proven time and again
to be best-of-breed solutions for the most demanding
corporate, government and educational networks in the
world.
• Corporate reputation preservation: A high-profile
hack can devastate a company’s image and inflict serious
long-term damage to its reputation. By securing their
networks against external attack and against leaks from
the inside, we help our customers ensure they stay out
of the headlines for the wrong reasons and maintain
healthy relationships with customers and partners.
• What happens in the network stays in the network:
Product roadmaps, design information, customer databases, financial records, and countless other types of
critical data reside on, and travel across, enterprise
networks every day. This information is crucial to an
organization’s success and if obtained by the competition
or a malicious hacker, the entire organization could be
decimated, and perceived competitive advantage lost.
Secure Computing products keep the most important
corporate intellectual property and information safe from
prying eyes.
• Staying on the right side of the law: Laws around the
world require companies to take steps to protect their
networked information. Penalties for violations of these
acts, i.e. PCI, HIPAA, GLBA, SOX and others, range from
monetary fines to prison time for violators. The investment in Secure Computing products pales in comparison
to the potential financial and legal damage that could
occur if private information is leaked. Secure Computing
helps ensure that our customers are in compliance with
information security regulations, and can help customers
create specific rules pertaining to their industries.
Technical Benefits
• Peace of mind: Secure Computing deserves its leader
reputation in the enterprise security space. Our Secure
Firewall (Sidewinder) has an unblemished reputation, and
has never been hacked; Secure Mail (IronMail) is consistently placed in the Leaders Quadrant in Gartner’s annual
review of messaging gateway appliances; Secure Web
(Webwasher) consistently ranks #1 out of 29 products
evaluated in an on-going anti-malware study. In addition, Secure Computing has never had to issue a single
security patch.
• Automatic real-time updates via TrustedSource:
TrustedSource monitors reputations of Internet senders and does not require a database to be installed on
local appliances. As such, all of our products integrated
with TrustedSource are automatically kept up-to-date on
the latest threats. This allows our customers to focus on
revenue-generating activities rather than be distracted by
manual maintenance requirements.
• World-class research and development: The depth and
breadth of our Research team allows us to consistently
lead the way in identifying new threats and developing
solutions to stop them. Our primary focus has been on
security from day one, and we’ve proven time and again
that we’re the best at what we do.
TrustedSource: The Cornerstone of
Secure Computing Products
The most precise and comprehensive Internet host reputation system in the world, TrustedSource characterizes
Internet traffic and makes it understandable and actionable.
TrustedSource’s unrivaled effectiveness is a direct result of
Secure Computing’s unique view into enterprise Internet
traffic. By accumulating data from thousands of sensors
located in 51 countries, TrustedSource creates a profile of
all “sender” activity on the Internet and then utilizes this
profile to watch for deviations from expected behavior. The
system then generates multiple “reputation scores” based
on the behavior of the sending host and content of the
materials. This score is incorporated into Secure Computing
products to enable them to quickly and accurately reject
unwanted traffic. You can see TrustedSource’s power for
yourself at www.trustedsource.org.
6
Secure Computing Products
Secure Computing has developed a portfolio of securityspecific offerings that are each proven by years of use,
strong industry acceptance, and numerous awards and
certifications. No other pure-play security vendor in the
world can offer such a broad spectrum of enterprise
security offerings.
Secure Mail (IronMail)
Secure Mail delivers a centrally managed, integrated,
best-of-breed messaging gateway security appliance for
enterprises of all types and sizes.
Secure Mail features an integrated, policy-based
encryption solution that automates and enforces corporate
IP protection policies with no end-user intervention.
Network World Magazine recently named the Secure
Computing Encryption solution the “Clear Choice Test”
winner for enterprise email encryption.
• TrustedSource integration provides best-in-class,
behavior-based reputation scoring to proactively block
up to 80 percent of inbound connections before they
ever reach the enterprise mail servers
• Eliminates the need to archive spam messages for up to
7 years
• Inbound threat protection from spam, viruses, phishing,
hackers and denial-of-service attacks
• Outbound leak prevention helps protect against
regulatory or corporate policy compliance violations or
theft/leakage of confidential information or intellectual
property
• Provides multiple encryption standards, as well as “push”
and “pull” security
• Scalable to meet the needs of any business, from ISPs and
carriers to large enterprises, as well as small-to-medium
businesses
Secure SafeWord
• Positively identifies
users of missioncritical applications
using remote access
such as VPN, Citrix,
and Outlook Web
Access
• Tokens provide
unique, one-time
pass codes for secure login
• Delivers an easy, fast installation experience that runs on
existing servers
• Streamlines administration and deployment
• Establishes proof-positive identity of remote users
Secure Firewall (Sidewinder)
Secure Firewall (Sidewinder) is the world’s strongest
self-defending firewall/VPN. Built with a comprehensive
combination of high-speed application proxies,
TrustedSource reputation-based global intelligence,
and a complete arsenal of signature-based security
services, our Unified Threat Management (UTM) firewalls
defend networks and Internet-facing applications from all
types of malicious threats, both known and unknown.
• Consolidates all major
security functions under a
single management interface
• Defends networks and
Internet-facing applications
from all types of malicious
threats including encrypted
• High-speed application proxies
streams
• TrustedSource reputation• Blocks viruses, spyware and
based global intelligence
spam & secures employees
use of the Internet
• Signature-based security
services
• Creates a forensic-quality
audit trail for regulatory
• VoIP security
compliance and reporting
• Proven to be the world’s
strongest self-defending
firewall
The Secure SafeWord Identity
and Access Management
solution provides proofpositive user identity for users
of VPNs, Citrix applications,
Webmail, Outlook Web Access and other Web applications,
and Windows and UNIX logins.
Secure Web SmartFilter
• Designed for Microsoft environments; offers tight
integration with Active Directory
• Proven database of more
than 20 million blocked
Web sites in 90+ categories
• Easy to install and easy to use
• Secure SafeWord comes tailored to work with any remote
access system, including Citrix, Cisco, Check Point, and
Nortel environments
• With tokens that never expire, Secure SafeWord offers
the lowest total cost of ownership of any authentication
solution
7
Secure Web SmartFilter protects organizations from the
risks associated with employee Internet use. By controlling
inappropriate Internet use with Secure Web SmartFilter,
organizations can enhance Web security, reduce legal
liability, increase productivity, and preserve bandwidth for
business-related activities.
• With more than 30 supported platforms, Secure
Web SmartFilter products fit
seamlessly into almost any
network and work with the
most popular proxy servers,
caching appliances, firewalls, and security solutions
• One very competitive price
covers everything including
all software and upgrades,
the Secure Web SmartFilter
database subscription, and full
access to Secure Computing’s
award-winning 24x7 support
• Secure Web SmartFilter EDU
(Software for Education)
provides education-specific
categories for schools
Secure SnapGear
The Secure SnapGear firewall/UTM appliance line provides
small-to-medium businesses (SMB), small offices, home
offices, retail stores, etc. a very cost-effective security gateway with all of the primary VPN components necessary to
secure any connection.
• Consolidates all major
security functions under
a single management
interface
• UTM feature set: Firewall,
anti-virus, Intrusion detection, anti-spam, URL filtering
• True appliance - no moving
parts
• TrustedSource reputationbased global intelligence
provides proactive (not
merely reactive) security
management
• Blocks viruses, intrusions,
and spam; secures employee
use of the Internet
• Most cost-effective UTM
appliance on the market
• Provides more efficient
virus and malware scanning
while reducing the amount
of disk storage required
compared to traditional
caching solutions
Secure Web 2.0 Anti-Threat (SWAT)
• SWAT’s purpose is to demonstrate how Secure’s solutions
protect against Web 2.0 threats.
Payment Card Industry Data Security Standards
(PCI-DSS)
• Can support an unlimited
number of VPN tunnels,
leveraging VPN offloading
technology; can compete
with VPN concentrators
Critical Infrastructure Protection (CIP Standards)
• SnapGear’s OEM options
allow customers to tailor the
appliance to their specific
needs, including customized
branding and functionality
Secure Web (Webwasher) adds an urgently needed layer of
security for today’s Web environment which includes both
inbound and outbound threats from the Web 2.0 world.
Secure Web provides immediate protection against threats
such as malware hidden in blended content, encrypted
SSL traffic, and email. This in-depth security also protects
organizations from outbound threats such as potential loss
of confidential information that can leak out on all key Web
protocols (HTTP, HTTPS, and FTP).
• Secure Web Cache –
Industry’s first and only
security-aware cache for
Web 2.0 powered by
TrustedSource global
reputation. Secure Web
Cache uses a revolutionary
new design that employs
proactive scanning and
security reputation prior to
delivering a cached object
to an end user
Secure has launched solutions-oriented initiatives that are
targeted, multi-product sets that address specific issues.
• Feature set rivals that of
enterprise firewalls that cost
10x as much
Secure Web (Webwasher)
• Includes URL filtering,
anti-virus, anti-spam,
anti-malware, SSL scanning, content reporting,
and IM and peer-to-peer
security
Secure Computing Initiatives for 2008
• Combines local behavior
analysis with TrustedSource
global reputation security
technology
• Self-tuning security network
for Web-based threats
• Best malware protection in
the business
• Provides protection for
encrypted traffic
• High-performance proxy
• Inbound and outbound
defenses
• Flexible deployment
options
• Secure’s PCI initiative highlights our solutions that can
jumpstart a compliance project.
• Secure has a long history of protecting critical networks
(power, water, oil and gas, etc.). This initiative demonstrates how all of our products can combine to comply with
CIP regulations.
Secure Computing Awards
and Accolades
• Full product line-up
recognized as finalists in an
unprecedented eight categories for The SC Magazine
Awards 2006 Europe
• Secure Mail: Gartner
Leader’s Quadrant for Email
Security Boundary Magic
Quadrant
• Secure Mail: Secure
Computing positioned as
“Top Player” in Radicati
Group’s Email Security
Appliances Market Report
• Secure Mail: Best Security
Solution for Healthcare
(SC Magazine)
• Secure Mail: “Best Buy”
for 2007 for email content filtering products (SC
Magazine)
• Secure SafeWord: Named
“Reader Trust Finalist” in SC
Magazine Award Program
and Best of 2006
• Secure Firewall: ‘Best
Enterprise Firewall’
(SC Magazine)
• Secure Firewall:
Editor’s Choice Award for
Functionality and Security
(Communications Week)
• Secure Firewall: Named a
‘Best Midmarket Product
of the Year’ by CMP’s
VARBusiness Magazine
• Secure Firewall: Awarded
the Common Criteria
Certification at the most
stringent EAL 4+ security
level
• Secure Web: Gartner
Leader’s Quadrant for
Secure Web Gateway
Magic Quadrant
• Secure Web: #1 out of
29 vendors in detecting
malware (PC Magazine)
• Secure Web: 5 Stars in
a test of Web content
filtering solutions
(SC Magazine)
• Secure Web: 4 times
named best anti-malware
solution on the market
(AV-Test.Org)
• Multiple solutions in one
appliance
8
Benefits of Partnering with
Secure Computing
PartnersFirst – The Program
that Puts You First
Sales Support
PartnersFirst
As a Secure Computing PartnersFirst partner, you’ll gain
higher credibility, a new level of differentiation, increased
competency, greater visibility, profitability, and a stronger
relationship with your customers and prospects.
Profit Margin
As a Secure Computing partner, you’ll quickly discover
that we exceed our competition by offering the best
overall security margins in the marketplace. The program is
designed to help your business provide unmatched security
solutions, while assuring a profitable contribution to your
business. Our products are selectively distributed and we
select our partners for long term growth and success. Every
year, we receive consistent feedback from our partners that
our profit margins are the industry’s best and we intend to
uphold our reputation.
Secure Computing provides you with a comprehensive set
of resources to support you throughout the sales lifecycle.
Whether you are looking for competitive analyses, technical
papers, ROI calculators, success stories, or just up-to-date
product specifications, you will always find just what you
need to sharpen your selling skills and enhance your
product expertise.
Marketing
Secure Computing offers a wide array of marketing
resources to help support your lead generation goals
in the most effective way possible. From co-branded
advertisements and direct mailers to turnkey seminar-ina-box tools, you’ll find an abundant supply of marketing
resources available at the click of a mouse. n
PartnersFirst Web site
Secure Computing offers an advanced partner Web site
through which you gain access to a host of tools and
resources to help you market and sell Secure Computing
solutions more effectively. From sales tools, to marketing
resources, to product information, to education and training, we are confident you will find what you are looking for
on the PartnersFirst Web site.
Education and Training
As a cutting-edge security solutions provider, you need to
be well-equipped to handle any selling engagement. At
Secure Computing we invest heavily in our award-winning
training programs and work hard to ensure you are armed
with the knowledge necessary to win in the field. As a
PartnersFirst member, you benefit from a comprehensive
suite of education and training programs—from online
sales training to instructor-led classroom training, we have
what it takes to ensure your success.
Communication
At Secure Computing we vow to keep you informed at
all times, and in a timely fashion! At Secure Computing
we vow to keep you informed at all times and in a timely
fashion. Our regular partner newsletters ensure constant
and consistent communication, whether it’s product
announcements, special promotions, new sales or
marketing tools, or upcoming events.
9
Secure Firewall (Sidewinder) –
Net It Out
• Secure Firewall (Sidewinder) is a multi-function, application-layer firewall appliance that competes with
packet-level firewalls like Check Point, Cisco ASA and
NetScreen.
• We have tens of thousands of Secure Firewall customers.
They’re typically mid-sized to large companies and
government agencies around the world, like:
»» American Express
»» The FBI & CIA
»» Singapore Airlines
»» Deutsche Bank
»» And governments around the world – like the US, the UK,
Japan, Australia, and more
• A key difference about Secure Firewall is that it is first and foremost an application layer firewall. In fact, it’s
the number one application layer firewall in the business!
• Today’s hackers & criminals are all targeting known vulnerabilities in very specific versions of Web server
software, browser software, SQL and Oracle databases, voice over IP servers—things like that. In fact, you
might be interested in knowing over 70% of attacks coming across the Internet today are applicationspecific attacks. Over 70%!
• A couple of other important things that are unique to the Secure Firewall appliance are:
»» Our first-to-market use of in-the-cloud reputation services (TrustedSource) to tell Secure Firewall in real
time exactly who the known bad senders are so we can just automatically drop that traffic at the
connection level. This stops tons of malicious junk from streaming into your network and clogging up
your mail servers.
»» High-speed decryption/re-encryption services on key encrypted protocols like SSL, SFTP, and SSH to do
application security scanning on all that encrypted traffic.
»» Secure Firewall can use the geographic location of a requester to determine what level of security to
apply. If a request originates from a known suspicious country, then Secure Firewall can automatically
add more authentication checks for even more security. This can prevent a phisher who has stolen
credential from using them successfully.
• Secure Firewall can uniquely do four things for you:
»» Significantly
reduce your exposure to Internet attacks, including emerging new threats in areas like
voice over IP (VoIP).
»» It will make your compliance audits go easier because of our high-end security certifications and
proven credentials, and our extensive set of pre-built reports for compliance regulations (Secure
Firewall Reporter).
»» It can potentially save you time and money if you eliminate some of your existing security solutions and
use the services that come with Secure Firewall instead.
»» Avoid
having to do any emergency security patch projects for your firewalls; we have never had to
release a security patch for Secure Firewall in over 12 years because of our patented operating system.
10
How to Sell: Secure Firewall (Sidewinder)
What is Secure Firewall
(Sidewinder)?
• Streamlines management with single-screen rule set-up,
automatic updates, and central management of many
Firewalls through Secure Firewall CommandCenter.
Secure Firewall (Sidewinder) appliances are market-leading
next generation firewalls that provide application visibility
and control beyond Unified Threat Management (UTM) for
multi-layer security and the highest network performance.
Unique Features/Differentiators
for Secure Firewall
• High speed network and
application Firewall with
comprehensive visibility
and control of applications
• Complete IPS/IDS and
Anti-Virus signature services
• Only Firewall with
reputation-based global
intelligence (TrustedSource
technology) and Secure
Firewall Geo-Location
• Security for the latest
vulnerable protocols like
VoIP, Oracle, MS-SQL, Citrix, multi-media, and more
• Eliminates the blind spot of
encrypted applications
• First and only firewall with reputation-based global
intelligence
• Blocks botnets, zombies,
viruses, worms, Trojans,
intrusion attempts, spam
and phishing tactics,
cross-site scripting, SQL
injections, denial of service
(DoS), and more
• Proven firewall without a single CERT advisory, in stark
contrast to competitors
• Secures employees’ use
of the Internet and blocks
spam
• Creates a forensic-quality
audit trail for regulatory
compliance and reporting
Secure Firewall Key Features and
Benefits
• Surpasses application visibility to control them including
who and how they can be used for the most popular applications like email, HTTP/S (Web), Multi-media (H.323),
Oracle, Citrix, SQL, VoIP (SIP), SSH, FTP, and other highuse services.
• TrustedSource and Secure Firewall Geo-Location provide
security ESP to dramatically reduce exposure to attack, as
well a save bandwidth, processing time, and infrastructure
expenses.
• Kills evasive blended attacks that other security products
can’t see.
• Decrypts and filters encrypted applications (SSL, SSH,
SFPT, SCP), the new playground for hackers.
• Blocks the latest attacks like cross-site scripting and SQL
injections for full Web server protection.
• Combines five or more individual security systems in one
appliance (Firewall, VPN, anti-virus, anti-spam, IPS/IDS,
reputation services, employee Web filtering, etc).
• Unequalled reputation for delivering highest-grade security.
• Award-winning Secure Firewall Reporter SEM is included
at no cost for real-time event monitoring, alerting and
reporting. It includes complete information for all major
regulatory requirements including Sarbanes-Oxley (SOX),
PCI, GLBA, HIPAA, and FISMA.
11
• VoIP, Web, and numerous other applications are visible
and controllable
• Common Criteria EAL4+ certification for Application
Firewalls. No other firewall has this level of EAL4+
certification.
• Award-winning Secure Firewall Reporter SEM is included at
no cost
• Decrypting and filtering of encrypted applications
Target Customers
• Network Administrators
• Technology decision-makers (CIO, CSO, IT Director/
Manager)
• Firewall Administrators (in larger companies)
What Issues Does Secure Firewall
Address?
Business Issues
• Put precious security
dollars where the biggest
threats are g Applications
• Eliminate the blind spot of
encrypted applications
(SSH, SFTP, SCP, SSL/
HTTPS)
• Reduce exposure to attack
Technical Issues
• Stop botnets and zombies
from infiltrating the network and new attacks like
cross-site scripting and SQL
injections
• Security with efficient
management
• Save bandwidth, processing time, and infrastructure
expenses
• 70% to 80% of Attacks are Targeted at Applications:
Secure Firewall gives not only application visibility but
control beyond UTM for the most popular applications
like email, HTTP/S (Web), Multi-media (H.323), Oracle,
Citrix, SQL, VoIP (SIP), SSH, FTP, and other high-use
services.
• Overcomes Stateful-inspection Firewall Deficiencies:
Secure Firewall cloaks the internal network and prevents
application finger-printing.
• Superior Architecture and Performance: From the
beginning Secure Firewall was architected to deliver
application protection at Gigabit speeds, unlike competitors’ slow performance due to bolting a form of application protection onto old architectures as an afterthought.
• Eliminates the Blind Spot of Encrypted Applications:
Only Secure Firewall decrypts and filters this traffic which
is merely passed through by other firewalls.
• 24/7 Uptime Demands: Secure Firewall provides seamless high availability and is highly redundant with dual
power supplies and RAID capabilities.
• Eliminates Manual Patches and Updates: Automatic
updates eliminate constant reaction and patching
for latest attack vector. Secure Firewall also never has
emergency security patches to demand time, energy and
monitoring.
Secure Firewall Appliance Specifications
Model
Form Factor
210
410
510
1100
Mini
1U
Small
1U
Small
1U
Ent. 1U
2100
2U
2150
2U
4150
5U
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Unlimited
User License
Recommended
Users
Packet
Speed
150
300
600
Med. Lg
Med. Lg
Large
Enterprise
180
Mbps
275
Mbps
650
Mbps
1.9
Gbps
1.9
Gbps
3.1
Gbps
3.8
Gbps
Stateful
Speed
170
Mbps
250
Mbps
600
Mbps
1.8
Gbps
1.8
Gbps
2.9
Gbps
3.6
Gbps
Connections
App. Speed
50 k+
100 k+
500 k+
1 mil
1 mil
1.6 mil
2 mil
140
Mbps
230
Mbps
250
Mbps
1.4
Gbps
1.4
Gbps
2.2
Gbps
2.7Gbps
Objection Handling
• “Application filtering is slow”: Competitors are slow
because they bolted application filtering onto stateful
inspection architecture as an afterthought. Not so with
Secure Firewall, and in our testing, we perform at over
2.7 GB/sec, which is the fastest application performance
in the industry.
• “The Secure Firewall interface isn’t as user-friendly
as Product X”: Secure Firewall v7 has a completely redesigned interface that is simpler and easier to use than any
of our competitors, with a true single-screen rule view.
• “Secure Firewall doesn’t have a low enough price
point for my home office users/SMB users”: We also
offer Secure SnapGear, and both Secure Firewall and
Secure SnapGear can be centrally managed.
• “Secure Firewall is too expensive”: This simply isn’t true
when you compare apples to apples. Additionally, many
of our competitors don’t allow you to consolidate multiple security functions into a single box, or if they do,
they force you to choose which functions to consolidate.
With Secure Firewall, you can run all of the functions on
one box, which lowers your costs of maintenance and
the number of vendor relationships to manage.
• “Secure Firewall hasn’t been successfully attacked
because there aren’t as many in use as other brands”:
Secure Firewall is deployed in the largest global corporations, government agencies and financial institutions
around the world and not only do they demand the
absolute highest level of protection, but they’re also
the most frequently attacked sites because of their high
profile.
Qualification Questions
• Applications are the new
playground for hackers. Are
you protecting against the
latest attacks for the most
popular applications like
email, HTTP/S (Web), Multimedia (H.323), Oracle,
Citrix, SQL, VoIP (SIP), SSH
and FTP?
• Another new playground
for hackers is encrypted
applications. Does your
current Firewall inspect
encrypted traffic like SSL/
HTTPS, SFTP, SSH, SCP?
• Does your firewall provide
proactive protection from
unknown attacks?
• How are you protecting
your organization from
zombies and botnets?
• Can your firewall protect
your Web services from the
latest attacks like cross-site
scripting and SQL injections?
• Who is sending you traffic?
Can you filter traffic by
country code?
• You are probably aware
of the payment card
industry regulation
PCI-DSS but are you
aware that it requires all
organizations processing
credit card transactions
to have an application
Firewall in front of their
Web-facing applications?
• Are you looking to
reduce complexity of
managing multiple-point
security products?
• Are you looking for more
detailed reports to ensure
that you are compliant?
• If a government regulatory body requested a
compliance audit, would
you be prepared to
generate the necessary
reports?
• How much time do you
spend manually updating and applying patches
when new vulnerabilities
are identified?
Up-Sell/Add-Ons
Secure Firewall Encrypted Application Filtering
Secure Firewall IPS
Secure Firewall Anti-Virus
Secure Web SmartFilter
Secure Firewall CommandCenter
12
Cross-Selling
Cisco ASA: Strengths
• Secure Firewall CommandCenter: Delivers central
management for 10, 50, or hundreds of Secure Firewalls.
Maximize operational efficiency, simplify policy control, streamline software updates and prove regulatory
compliance. Create virtual instances to manage many
enterprises with one appliance, and simplify Firewall
integration with Wizard Tools.
• Secure SnapGear: Multifunction network security
appliance for small and medium-sized businesses. Can
be deployed as just a firewall, as a VPN gateway, a UTM
security appliance, or as a complete office network-ina-box Internet appliance for small businesses, with all of
the wide area networking tools needed to serve large
enterprise remote offices.
Awards and Accolades
• SC Magazine 2007: Best Enterprise Firewall
• SC Magazine 2007: Best Buy
• Leading “Challenger” for 2H07 Gartner Enterprise
Network Firewall Magic Quadrant
• Market Share: #1 vendor in security spending;
however ASA is a new, immature offering. Secure Firewall
is proven in multitudes of corporations.
• Cisco “Feet on the Street”: Despite Cisco’s extensive
reach, our channel partners can earn 25% (or more)
rather than 5-8% by competing among Cisco VARs.
Cisco ASA: Weaknesses
• Individual SSM Modules: ASA is not a true multifunction
appliance; only one slot for one physical security function
per box.
• PICK ONE PER BOX: IPS Card OR Content Security
(a/v, URL, a/s) OR 4-port GB NIC.
• Weak Security: No Common Criteria certification. Based
upon PIX source code (dozens of vulnerabilities, source
code on the Internet). Cost to manage patches is an
enormous disadvantage. No multi-protocol reputation
based filtering to proactively block botnets, zombies, and
blended attacks.
• SC Magazine Best of 2006
• Limited High Availability: Low-end ASA devices cannot
use high availability.
Competing Products
• Incomplete Appliance Breadth: No Cisco box scales
to large enterprise comparable to our 2150 and 4150
models, only to our model 1100.
• See our unique differentiators section in this document as
well as the bullets below.
Check Point: Strengths
Juniper (NetScreen): Strengths
• Market Share: Juniper has built a considerable customer
base; use customer references and key accounts to counter this strength when the issue arises.
• Claims Superior Deep Inspection: On Juniper this
equals IPS signatures exclusively; on Secure Firewall we
have an IPS database, customizable signatures, hardware
acceleration, and full application visibility and control.
• Superior Usability: The release of Secure Firewall 7.0
eliminates any perceived advantage Juniper may have
once held here.
Juniper (NetScreen): Weaknesses
• Slower Application Performance: Turning on
application inspection drops performance from 12 Gbps
to 0.375 Gbps, a 96% reduction in throughput!
• Less Granular Application Filtering: Deep inspection is
global – either fully on or fully off; no per-policy tailoring
for IPS, no other embedded services (a/v, etc).
• Weak Security: Out-of-box, the system default for
Juniper is basic packet filtering; both stateful and
application inspection must be specifically enabled. No
multi-protocol reputation based filtering to proactively
block botnets, zombies, and blended attacks.
13
• Check Point #1 status in the Firewall Market: This is #1
in legacy software firewalls, not appliances, and not in
UTM; Secure Firewall has dozens of worldwide displacement reference accounts.
• Application and Web Intelligence: An advantage in
perception only. An IS VP from a Tier-1 US bank said,
“We disabled Check Point Application and Web Intelligence because performance was terrible” during a deal
where Secure Firewall displaced 12 Check Point systems.
Check Point: Weaknesses
• Poor Performance in Application Filtering: 3rd-party
testing performed by Trusted Strategies in June 2007
showed Secure Firewall to be up to 300% faster than
Check Point on application filtering and just as fast in
stateful filtering.
• Only Off-box Services in NGX: No embedded a/v, a/s,
or URL filtering.
• Software-based: The operating system and firewall are
patched separately, a big increase in administration and
total cost of ownership (TCO).
• Weak Security: History of CERT advisories and wellknown root exploits. No multi-protocol reputation based
filtering to proactively block botnets, zombies, and
blended attacks.
Secure Firewall Product Evaluation
Customers can view a video demo at:
http://www.demosondemand.com/clients/
securecomputing/001/page/
Sign-up for a weekly “live” Secure Firewall Webcast at:
http://www.securecomputing.com/weekly_webinar.htm
How do customers obtain an evaluation?
Point customers to http://www.securecomputing.com/goto/
securefirewall and have them click on the “Evaluate
Product” link in the top-right corner. Normal appliance
evaluations are 30 days, however the timing of the
evaluation may be extended on a situational basis. n
14
Secure Mail (IronMail) - Net It Out
• Secure Mail (IronMail) is a complete line of bi-directional email security appliances, for both inbound and
outbound email security. Its primary purpose is to Protect Email, Enforce Policy and Encrypt Sensitive Data
with 99% accuracy and 0.0001% false positives (less than 1/1,000,000).
• Secure Mail has been identified by industry experts for many years as simply
being the best in the email security business.
• There are thousands of Secure Mail customers of all types and sizes around the
world, but typically, Secure Mail customers are mid-sized to larger companies
with pretty demanding email security needs like:
»» JP Morgan Chase
»» HSBC banks throughout the world
»» Harley Davidson
»» The New York Times
»» Pepsi Co., and
»» Coca Cola
• At the heart of Secure Mail (IronMail), is our anti-spam technology, but Secure Mail is a lot more than just an
anti-spam appliance. For example, whether you need to get rid of spam, encrypt key email messages with
zero-client policy based encryption, or stop important data from leaking out in outbound mail,
Secure Mail does all of that… and even more than that.
• Analyst firms that cover email security like Gartner, IDC, and Radicati identify Secure Mail as an industry
leader in messaging security.
• We compete a lot with Proofpoint and Cisco’s IronPort. And more and more we are replacing simple,
low end spam products like Barracuda that you may have heard of. Most spam-only products just
haven’t been able to keep ahead of the spam problem, and so we are seeing a lot of replacement activity
going on.
• Secure Mail (IronMail) is really all about doing
complete, bi-directional enterprise class email
security as fast and accurately as is technically
possible to do—our Secure Mail engineers are
absolute fanatics about building the best leading
edge technology in the email security business!
• The latest areas that our engineers are most
heavily into right now are enhancing our
leadership position in the reputation-based
security market with our TrustedSource service,
and delivering easier, more robust enforcement of
compliance regulations with advanced encryption
and data leakage tools.
• Bottom line with Secure Mail is that the technical press and the analysts confirm it’s just a great
product—and for our customers—it just works!
Spam goes away, and encryption and data leakage policies are automatically enforced, all with one solution.
15
How to Sell: Secure Mail (IronMail)
What is Secure Mail (IronMail)?
Target Customers?
Protection for Enterprise Email Systems
– Protect, Enforce, Encrypt
Ideal Prospects/Influencers/
Recommenders
Secure Mail (IronMail) is a hardened mail gateway
appliance designed to sit in front of a customer’s existing
mail server to provide complete threat protection, policy
enforcement, and encryption.
• Concerned about data
leakage and/or subject to
state, federal or international regulations on data
privacy and protection.
Threat Protection: Spam, viruses, malware, phishing,
directory harvest (DHA), denial of service (DoS), and
bounceback attacks, or hackers trying to take down or take
over the email system.
• Needing to securely
communicate with partners
and/or customers (email
encryption).
Policy Enforcement: Aid with regulatory compliance
(HIPAA, PCI, SOX, GLBA), data leakage prevention of
customer and corporate assets like credit card numbers,
intellectual property, source code, patents, financial
information, patient information, customer lists, etc.
Encryption: Flexible B2B and B2C encryption to anyone,
anywhere. No client software is needed; full support for
mobile devices including Blackberry and Treo.
Industry leadership: Secure Mail protects the mail servers
of more than 30% of the Fortune 500 companies.
What Issues Does Secure Mail Address?
Business Issues
• CSO/CIO Qualification Questions
Situational Questions
• How well is your current
email security/anti-spam
solution working? Is spam
getting through or is good
mail being blocked?
• Virtually eliminates the risk of malware infection via email
Problem Questions
Technical Issues
• One appliance solution for complete email security –
Protect, Enforce, Encrypt
• Adaptive/Proactive Protection – Secure Mail (IronMail)
automatically adapts to new types of spam and malware
threats using TrustedSource global intelligence
• Management – Centralizes management of all inbound/
outbound Internet email through one appliance, one
console
• Integrates with most 3rd-party management and SIM solutions like Openview, Tivoli, MOM, ArcSight, and Q1 Labs
• IT Director/Manager
• Email Manager
• Compliance Director/
Manager
• Do you need to send secure
or encrypted email to partners or customers?
• Helps protect an organization’s online brand and reputation
• Seeks to consolidate current
spam, virus, policy or
encryption solutions into
one appliance.
Decision Makers
• Improves employee efficiency by eliminating more than
99.9% of spam
• Predefined policies assist with regulatory compliance
• Is unhappy with or
concerned about scalability
of existing anti-spam or
mail gateway solution.
• How do you know sensitive
information is not being
sent out via email?
• Is your email security
vendor a start-up? What will
happen if they go out of
business?
• Do you see an increase in spam every time spammers
introduce a new spamming technique? Image spam, PDF
spam, etc?
• Have users ever reported delays in receiving Internet email?
• Has your server ever ended up on a public blacklist?
• Have you ever been fined for emailing out customer/
patient information?
Implication Questions
• Are you looking to deploy the market leading, best-ofbreed email security appliance?
Needs/Payoff Questions
• Are you currently deploying multiple email security
devices (appliances, software, etc.) and looking to
consolidate those?
• Are you looking for a cost effective way to encrypt messages?
• Does your IT department spend too much time reviewing quarantine lists? False positives?
• Are you looking for a solution that can provide a lower
total cost of ownership?
16
Secure Mail Appliance Basic Specifications
Secure Mail Gen4 Appliances
Model
Message
Volume
Form
Factor
E5200
150K
Msgs/
Hr
2U
Rack
mount
E2200
75K
Msgs/
Hr
1U
Rack
mount
S120
45K
Msgs/
Hr
1U
Rack
mount
# of
8
4
2
Processors
4 GB
4 GB
4 GB
Memory
Disk Space 600 GB 150 GB 150 GB
4
2
2
Interfaces
Secure Mail Gen3
Appliances
S10D
10K
Msgs/
Hr
1U
Rack
mount
E5000
100K
Msgs/
Hr
2U
Rack
mount
E2000
45K
Msgs/
Hr
1U
Rack
mount
S100
25K
Msgs/
Hr
1U
Rack
mount
1
2
1
1
1 GB
2 GB
1 GB
1 GB
80 GB
300 GB
80 GB
80 GB
1
4
2
1
Cross-Selling/Up-Selling/Add-Ons
• Anti-Virus – Secure Mail (IronMail) supports three
anti-virus engines: Secure Anti-Virus, McAfee, and
Sophos. For layered security, any two engines, or all
three, can run simultaneously on a single appliance.
• Encryption – This add-on module for Secure Mail
encrypts outgoing email. It is a clientless solution so
anyone with an email account, such as Gmail, Yahoo, or
Hotmail can receive an encrypted message. We also resell
PGP and Voltage.
• Secure Mail Edge – Edge is designed to sit in front
of a customer’s existing email gateway (Secure Mail,
Barracuda, Symantec, IronPort, or any other) with
minimal change to the network infrastructure and can
block up to 85% of incoming spam and viruses before
they infiltrate the network. Secure Mail Edge saves
bandwidth, processing time and email server capacity. It
also eliminates the need to archive spam because it never
accepts mail from malicious senders.
• Secure Mail Advanced Compliance – This appliance
includes our next-generation content scanning technologies for advanced data leakage protection and regulatory
compliance. (fingerprinting, lexical analysis, and data
clustering)
• Secure Mail Quarantine Server – This appliance
allows quarantined messages from multiple Secure Mail
appliances to be consolidated on a single box. CQS can
easily store up to 1.5-million messages.
• Secure Mail Central Management – This appliance
can be used to centrally manage multiple Secure Mail
appliances in large scale enterprises.
• IronIM – This Instant Messaging module has been
moved to Secure Web (Webwasher).
As of 1/1/2008, the Secure Mail Email Protection Subscription includes the following modules at no additional cost:
• Webmail Protection – Extends protection to Webmail
applications like Outlook Web Access, iNotes, etc.
• Image Analysis – Detects and blocks pornographic
images within both inbound and outbound email.
• Gateway-to-Gateway Encryption – Automatically
encrypts outbound emails via TLS, S/MIME, or PGP.
17
Key Features and Benefits
• Secure Mail, with TrustedSource, provides organizations
with the most complete protection available against
inbound threats
• Automatic Secure Mail Threat Response Updates ensure
that every Secure Mail appliance has the most current
spam and malware protection available
• Dynamic Quarantine provides real-time, proactive
protection against spam and malware outbreaks
• Employs the most robust content scanning technology
for detecting sensitive information
• Provides IT with granular control for handling messages
with sensitive information
• Most flexible B2B and B2C encryption (7 options)
• End user quarantine allows individuals to decide which
messages/senders are good or not. End users can also
whitelist trusted senders
• TrustedSource Global
Reputation System analyzes billions of messages
per month using more
than 100 different factors;
this results in a granular
message rating of +180
to -180 (IronPort can only
score messages from +10
to -10)
• Secure Mail’s SpamProfiler combines local
information available
from the network with
TrustedSource’s global
intelligence to make the
most accurate decision
of whether a message is
good or bad
• Complete protection
against pornographic images; this is above and beyond Secure Mail’s image
spam filtering capabilities
• B2B encryption (TLS, S/
MIME and PGP) is included in the Email Protection
subscription
• Webmail protection
included in the Email
Protection subscription
• Integrated connection
blocking technologies
(Connection Control,
Directory Harvest Protection and DoS Protection)
protect against attacks by
stopping malicious IP
connections at the
network layer
Objection Handling
• “Secure Mail is too expensive”: Secure Mail (IronMail)
has been repackaged and repriced to maintain its competitive positioning. The Secure Mail S10D is available
for less than 2,000 USD
• “Secure Mail is too complex”: On average, administrators spend less than 1 hour/week managing Secure
Mail. It ships pre-configured with Secure’s best practices
for inbound threat protection and outbound policy
compliance/enforcement.
• “TrustedSource doesn’t receive as much raw data as
other reputation services”: “What you see” is more
important than “how much you see.” TrustedSource
analyzes more business and commercial email traffic
then another other reputation service in the world.
(Our competitors mostly see consumer traffic going
to ISPs.) In side by side comparisons, TrustedSource
has better data 72% of the time; TrustedSource has the
equivalent amount of data 26% of the time. Customers
can verify this by visiting www.trustedsource.org and
www.senderbase.org and searching for the same domain
on both sites. For example, comcast.net, verizon.net,
hotmail.com, etc.
Proofpoint: Strengths
• “I prefer a managed solution”: The TCO of managed
service is still higher than the TCO of an appliance.
Managed services offer limited LDAP directory integration, very little outbound data leakage protection and
encryption and a shorter retention period of quarantine
messages.
• Uses third-party reputation service – Commtouch
Competing Products
• Security/Stability – Frequent patches and upgrades
IronPort: Strengths
• Easy to setup
• Easy to use GUI
• Owned by Cisco; “Cisco
shops” often purchase all
Cisco equipment
• Single box solution (mail
gateway. B2B and B2C
encryption) NOTE: ONLY
available to customers with
<1000 users
IronPort: Weaknesses
• Lacks granularity and feature set that Secure Mail has.
Even their competitive documents state this
• Poor queue/quarantine/message management solution
• Poor reporting/logging (10 vs 34 of Secure Mail)
• Flexible delivery model: appliance, virtual appliance, or
hosted solution
• Easy to deploy and manage
• Sound reporting
• Strong outbound scanning (DLP) capabilities
Proofpoint: Weaknesses
• False Positives – Relies heavily on end-user white/
blacklists
• No proven Outbreak Filtering – Commtouch engine has
yet to be seen working
• Web-only customer support – Augmented with on-site
SEs for major accounts
• No ability to handle spam surges
• No LDAP failover support, no support for POP3 or
IMAP4, no secure Webmail support
• Immature IP reputation – Added a few months ago in
June, 2007
• Web interface is difficult to navigate as it’s broken down
into categories
• Company lacks stability and is an acquisition target
• Landmine: Show any analyst rating – Gartner has always
placed them in the “Visionary” quadrant. SC Magazine
says: “Requires effort to use and tolerance for a price
tag.”
• Limited dashboard Functionality
• Almost all of their core technology is acquired or licensed
• SC Magazine, 12/07: Rated Secure Mail “Best Buy of
2007” with 5 stars in every category
• Very weak Web 2.0 protection offering and lacks
anti-malware
• SenderBase gets most of its raw data from ISPs (consumer
traffic)
• Has nothing to compare with Secure Mail’s advanced
compliance engine. Partnered with Vontu which got
acquired by Symantec. Now partners with Reconnex
(another acquisition target)
• Heavy CLI required for advanced filtering policies
• No ability to handle spam surges—nothing to compare
with Edge
• Landmine: Granularity is a huge plus against IronPort.
Our compliance is “much easier” to setup and much
more comprehensive. Reporting, Dictionary robustness
and Flexibility with custom quarantine queues are some
more plus points.
• Radicati, 08/07: Secure Computing in Top Players
Quadrant in Market Quadrant for Email Security
Appliances, 2007
• IDC: Secure Mail is the market leader in email security
appliances
• Search Security 2006: Secure Mail rated the highest
score of ALL 60 finalists to be selected as the “Best of the
Best”
• SC Magazine, 2006: Best Security Solution for
Healthcare
• Network World, 2006: “Best Product for Messaging,”
“Best Encryption Solution – Editor’s Choice Award”
award
• PC Magazine, 2005: Best of the Year Email Security
Product n
18
Secure Web (Webwasher) - Net It Out
• Secure Web (Webwasher) is a security appliance that sits between your internal desktop users and the Web
sites they visit. Secure Web appliances block employee access to non-business or in-appropriate Web sites,
and (more importantly!) they protect your desktop
machines from compromise or infection when your
employees are using their browsers to surf the Web.
With a Secure Web appliance sitting between your
users and the Web sites they visit, you don’t have to
worry about your desktop machines being turned into
zombie machines, getting infected with spyware, or
being damaged by malware.
• Secure Web typically competes with products from
Blue Coat Systems and Websense.
• We expect that most companies will be investing in a Web security gateway, particularly as they realize
that the simple URL blocking that they probably deployed in the past is just not enough to protect them
from the new Web-based threats out there today. We already have thousands of Secure Web customers
around the world. Right now, typical customers tend to be larger, well known companies whose employees use the Internet a lot, like…
»» UBS financial
»» Whirlpool, and
»» Swiss Re
• The delivery of malware is dramatically shifting from an email attachment problem, to a Web browser
problem.
• The combination of Secure Web’s best-in-class anti-malware engine and its unique use of real-time Web
reputation data from our global TrustedSource centers puts Secure Web in a security class all by itself…
quite frankly, Secure Web wins on security every time.
• Our outbound Web reporting and blocking will help you avoid legal issues or the need to terminate and
replace employees because they were able to go anywhere on the web that they wanted to.
• More importantly, installing a Secure Web (Webwasher) security appliance on your network is one of the
best ways for you to avoid having to clean up infected desktop and laptop machines because of a malware
outbreak getting in—industry statistics estimate that the cost for unplanned security clean-up projects
ranges up to $30 in direct costs per machine, plus up to 10 times that in IT time and productivity losses.
So Secure Web will definitely pay for itself by avoiding those unplanned costs.
• Secure Computing provides our award-winning Web security in two ways: as a hardened appliance and
as a service. The following pages describe both, as well as Secure Web SmartFilter, the world’s #1 URL
filtering solution.
19
How to Sell: Secure Web (Webwasher)
What is Secure Web (Webwasher)?
Secure Web (Webwasher) is a complete Web gateway
security appliance, providing best-of-breed, bi-directional
protection against Web 2.0 security threats. It protects
organizations from malware, data leaks, Internet misuse
and related issues, while ensuring policy enforcement,
regulatory compliance, and a productive application
environment. According to reviews published by multiple
tech magazines, including eWEEK and PC Magazine,
Secure Web is the number one-rated anti-malware solution
on the market.
Secure Web Key Features and Benefits
• Multiple Web Gateway Security solutions in a single
appliance
• URL Filter, Anti-Malware, Anti-Virus, SSL Scanner,
Content Reporter
• #1 rated Anti-Malware solution on the market
• Proactive Scanning™ protects against day-zero and blended
threats where other security solutions fail because of timedelayed update of the signature database or control list
• Reputation-based Web filtering and advanced protection
powered by TrustedSource technology
• Self-tuning security network for Web-based threats
• Protection for encrypted traffic: Secure SSL scanning with
certificate updates
• Real-time and forensic reporting, including security
dashboard
• Extremely scalable and flexible reporting on all managed
Web traffic including reports on viruses and malware
• Protection against data leaks on all Web protocols
• A high-performance proxy for enterprise deployments
• Innovative Secure Web Cache for today’s Web 2.0
environment
• Flexible deployment options
• Secure administration with two-factor authentication
• Availability: Secure Web is available on an ultra-secure
appliance or as software for Solaris, Linux, (RedHat, Suse,
Debian) and Windows
What Issues Does Secure Web
Address?
Business Issues
• Inbound threats: Secure Web protects against inbound
Web-based threats such as spyware, phishing, viruses,
worms, Trojans, and other types of malicious code.
• Outbound threats: Secure Web is designed to protect
against Web-based outbound threats such as leaks of
confidential data, customer records, intellectual property,
and other sensitive information through a Web protocol.
• Employee productivity: Limit employee access to
distracting Web content.
• Legal liability: Limit employee access to inappropriate
Web content.
Technical Issues
• High-performance proxy – Secure Web is an enterpriseclass proxy for HTTP, HTTPS, and FTP traffic. Flexible
authentication and routing features as well as built-in
clustering support and availability on an ultra-secure
appliance make Secure Web (Webwasher) an ideal choice
for perimeter protection.
• SSL Blind Spot – Secure Web is the first security product
available with fully integrated SSL inspection. SSL traffic
(HTTPS) is widely seen as the new back door through an
organization’s security barrier and must be secured the
same way traditional HTTP traffic is secured.
• Easy deployment – Secure Web appliances come
completely preinstalled and with a proven default
configuration that allows fast, easy, and error-free
deployment. Secure Web’s unique Security Shield
monitor ensures a secure configuration without loopholes, and always up-to-date anti-malware and URL data.
• Integrated functionality – Secure Web (Webwasher)
completely integrates multiple protections that would
otherwise require multiple stand-alone products, such
as Web filter, anti-virus, anti-spyware, SSL scanner, and
content control filters in one single and easy-to-manage
solution. This leads to significant savings in terms of
management, deployment, and handling/purchasing.
• Single point of administration – Secure Web’s policy
management enables administrators to specify policies
once that apply to all products and are valid for all Web,
SSL, and FTP traffic.
20
• Secure Web Cache – Industry’s first and only securityaware cache for Web 2.0 powered by TrustedSource
global reputation. Secure Web Cache uses a revolutionary new design that employs proactive scanning and
security reputation prior to delivering a cached object
to an end-user. This provides much more efficient virus
and malware scanning while dramatically reducing the
amount of disk storage required compared to traditional
caching solutions.
• Secure Administration – Secure Web enforces secure
administrative access with Secure Computing’s Secure
SafeWord two-factor authentication.
Target Customers
• How are you managing your employee Web usage and/
or enforcing your own internet usage policy?
Secure Web Evaluation
• Seeks to consolidate multiple security solutions into one
• Seeks to mitigate Web 2.0 risks
• Has no gateway anti-virus solution or is unhappy with
performance of the existing solution
• Realizes the need to control SSL traffic
• NetApp NetCache users looking for an alternative Web
gateway solution focused on security
• Wants detailed reports on all gateway traffic for a large
number of users
• Seeks to deploy more than one gateway AV solution and
wants to avoid a hit in performance
Secure Web Appliance Specifications
Model
WW500
WW1100
WW1900
WW2900
Form
1U Rack
Mount
1U Rack
Mount
1U Rack
Mount
2U Rack
Mount
RAM
2 GB
2 GB
4 GB
4 GB
Processor
Single
Dual Core
2 Dual Core
2 Quad Core
Cache
512 KB
2 X 2 MB
4 MB
2 X 4 MB
Disk
160 GB SATA
2 X 160 GB
SATA
2 X 300 GB
SAS
2 x146 GB
SAS + 4x300
GB SAS
RAID
-
RAID 1
RAID 1
RAID 1/
RAID 5
single
single
redundant
redundant
2x
10/100/1000
4x
10/100/1000
4x
10/100/1000
4x
10/100/1000
Decision Makers
• Have you considered consolidating your Web gateway
security (i.e. HTTP, HTTPS, SSL, AV, Anti-Malware, etc)
into a single solution to mitigate or reduce total cost
of ownership associated with these technologies while
increasing the manageability of your network?
• What types of inbound or outbound Web threats would
you have security software manufacturers focus on today?
• Typically 1000 users and up (SME250 if less than
1000 users)
Power
• Has your organization deemed it necessary to elevate
your Web content filtering solution into a more comprehensive security offering?
• What types of pro-active Web scanning capabilities have
you implemented that are not reliant upon signatures?
Influencers/Recommenders/Ideal
Prospects
Interfaces
How Do Customers Obtain an
Evaluation
Point customers to http://www.webwasher.com/ and have
them click on the “Evaluate Product” link in the top-right
corner. Normal appliance evaluations are 30 days. However,
the timing of the evaluation may be extended on a situational basis.
Cross-Selling/Up-Sell/Add-Ons
With the Secure Web 6.6 release, all Secure Web appliances
are shipped with certain capabilities enabled including:
Secure Web Cache, proxy, authentication, SSL Scanner, and
select filters such as advertising filter and document inspector.
Additional Secure Web capabilities are available in different
modules and are sold separately so customers can pick and
choose the level of protection they want. Modules include:
• Web Filter •Anti-Malware •Anti-Virus
• Content Reporter
Secure Web also integrates with:
• Secure Mail (IronMail): Secure Computing provides
innovative layered security solutions to stop inbound
and outbound messaging threats in an integrated, bestof-breed, and technologically superior appliance.
• Secure Web IM: Extend security protections to instant
messaging traffic, including LDAP integration, gatewayto-gateway IM encryption and support for public IM
clients such as AIM, Yahoo, and MSN.
• CSO/CIO • IT Director/Manager • Network Manager • Network Security Manager
21
Websense: Weaknesses
• Expensive, stand-alone URL
filtering solution
• SurfControl acquisition
distraction
• SC Magazine 2007: 5 stars
• Port Authority acquisition
distraction
• No reputation-based URL
filtering
• PC Magazine 2007: Rated #1 out of 29 vendors in
detecting malware
• No proactive Anti-Malware
protection
• No signature-based
anti-virus protection
• SC Magazine: Best of 2006
• No SSL Inspection
• SC Magazine 2006: Content Security “Best Buy”
• Lacks HTTP, HTTPS, and
FTP bi-directional
• Limited deployment
options
• eWeek 2006: Secure Web (Webwasher) Anti-Malware
protection ranked #1
Blue Coat: Strengths
• PC Magazine 2008: Secure Web Achieves 99.9% success
in malware test
for Secure Web
• Reputation-based protection powered by TrustedSource
• Best malware protection in the industry
• Fully integrated SSL scanning with certificate updates
• Secure Web Cache
• Secure administration using two-factor authentication
Objection Handling
“Secure Web is too expensive”: The April 2006 SC
Magazine review awarded Best Buy honors to Secure Web
with a 5-star rating in the Value for Money category.
• Legacy Web 1.0 infrastructure-based filtering cache
• Blue Coat’s flagship ProxySG family of appliances has the
ability to support URL filtering, malware filtering, and
application control.
• Widespread deployment in large data centers.
• On-box deployment of nine different URL filtering lists.
One of the nine options is Blue Coat’s WebFilter, which it
prices aggressively.
• Blue Coat’s proxies recognize and filter many common
P2P applications and enable flexible policies to control
these applications.
• In 2006, Blue Coat purchased the Network Appliance
NetCache customer base, its main competitor for highend proxy appliances, and Permeo Technologies, which
gave it a solution for client-side filtering, application
control, and acceleration.
“Secure Web needs redirection from another proxy”:
Secure Web (Webwasher) is an enterprise strong
independent proxy for HTTP, HTTPS, and FTP traffic.
Flexible authentication and routing features as well as
built-in clustering support and availability on an ultra
secure appliance make Secure Web an ideal choice for
perimeter protection.
Blue Coat: Weaknesses
Competing Products
• Requires a separate box for legacy anti-virus
Websense: Strengths
• SSL scanning requires additional hardware and puts
unencrypted data “on the wire”
• Websense is a standout leader in the traditional URL
filtering market, with approximately 50% (by revenue)
enterprise market share in 2005.
• Websense Security Labs, which is responsible for detecting numerous zero-day threats, is a significant resource
that is not well-known, even by Websense customers.
• Secure Computing’s focus is Security; Blue Coat focuses
more on infrastructure
• Category-based URL filtering only; no Web reputation
• No proactive anti-malware protection; offer only 3rdparty anti-virus
• SSL scanning doesn’t include certificate updates
• Expensive hardware, whereas Secure Computing
appliances to include 3-year NBD onsite warranty
• Legacy Web 1.0 infrastructure-based cache
• Recently licensed Inktomi’s proxy software, which
will form the nucleus of a new, appliance-based SWG
solution.
• Making an aggressive attempt to move beyond its
Web focus with its acquisition of Port Authority and
SurfControl. Acquisition of Port Authority gives Websense
best-of-breed DLP technology and SurfControl offers
email and hosted capabilities.
22
Trend Micro: Strengths
• Trend Micro historically has had a strong reputation for
scalable gateway anti-spyware protection; the InterScan
Web Security Suite (IWSS) has been used for several years
by enterprises for anti-spyware protection.
• Trend Micro has made improvements in the quality
of their URL filtering database, and they have recently
added URL reputation data and more IM and application
control functionality.
• Trend Micro also has active content inspection and database capabilities.
• IWSS currently addresses much of the SWG functionality
required by enterprises, even if it is not best-of-breed for
each category, especially for existing customers that can
take advantage of a suite license.
Trend Micro: Weaknesses
• Limited reputation-based filtering
• No SSL inspection
• Don’t offer 3-Year NBD onsite hardware warranty
• No proactive anti-malware protection
• No data leakage protection
• No Secure Web Cache n
23
How to Sell: Secure Web Protection Service
What Is Secure Web Protection
Service?
Secure Web Protection Service offers exceptional Web
security through a reliable, hassle-free security-as-a-service
(SaaS) deployment option. With no applications or hardware to install or deploy, organizations simply redirect Web
traffic to a Secure Computing data center for exceptional
protection.
• Web filtering: By controlling Web access and enforcing
an Internet use policy, Web surfing distractions are kept
at bay, productivity is increased, legal liability is reduced,
bandwidth is preserved for business activity, and security
is enhanced.
• Reputation-based filtering: Secure Computing has
set a new standard for proactive detection through
TrustedSource technology, our industry-leading
reputation system. Relying on extensive knowledge of
Internet entities and the constantly changing global
threat landscape, the TrustedSource network enhances
Web filtering by identifying potentially malicious behavior and enabling organizations to block these threats in
real-time.
• Anti-Malware/Spyware protection: Immediately protect
networks from known and unknown threats including
viruses, Trojans, and spyware. Unlike traditional security
solutions that rely only on the known viruses or signatures,
Secure Web Protection Service’s Anti-Malware protection
uses several proactive, intent-based filters to stop today’s
constantly changing Web 2.0 threats.
• Informative reports and dashboards:
Quickly understand how organizations are using the
Web and the threats they are protected against. Instant
snapshots provide this information without running a
report while numerous, easy-to-use reporting templates
are available for more detailed information.
Key Features and Benefits
• Easy, cost-effective deployment
»» No on-site hardware or software to maintain, upgrade
or support
»» Lower upfront and IT staffing costs
»» Operational expense rather than capital
• Real-time threat protection
»» Stops threats before they enter the network
»» Up-to-the-moment TrustedSource intelligence
• Scalability and performance
»» 99.999% availability
»» No noticeable latency while browsing
»» No hardware additions or upgrades as traffic volumes
increase
• Reporting and dashboards
»» Instant snapshots of Web traffic without running a
report
»» Informative, easy-to-use reports keep you in the know
• Notifications and alerts
»» End-user notifications and block messages are easily
customizable
»» Alert options give administrators instant knowledge
about blocked site access
Target Customers
• 5000 users or less
• Limited IT resources
• Highly distributed
environments
• Seeks to mitigate Web 2.0
risks
• Seeks to consolidate multiple
security solutions into one
service
• Already outsourcing other
critical IT functions
• Native technologies – Secure Computing owns, builds, and
maintains the technologies
»» Great margins for our valued partners
• Long history in Web and Email security – we are the industry experts
• Leverages best-of-breed Web security technologies:
Secure Web (Webwasher), Secure Web SmartFilter, and
TrustedSource
»» Secure Web is the #1 ranked Anti-Malware solution
for Web 2.0 and zero-day threats, according to
independent tests*
»» Secure Web was designated a leader in the Gartner
Magic Quadrant for Secure Web Gateway in 2007
»» Comprehensive reputation-based protection through
TrustedSource augments category-based Web filtering
• Successful 6+ year record operating hosted infrastructure
(TrustedSource)
• Instant, hassle-free setup
»» Simply redirect Web traffic to Secure Computing
data center
»» Easy-to-use Web-based interface for creating policies
24
What Issues Do Secure Web
Protection Services Address?
Business Issues
• Lower upfront and IT
staffing costs
• Operational expense rather
than capital
• Employee productivity:
Limit employee access to
distracting Web content
• Legal liability: Limit
employee access to
inappropriate Web content
• Web 2.0 threats: Protect
against Web-based
threats such as spyware,
phishing, Trojans, and
other types of malicious
code
• Bandwidth savings:
Preserve bandwidth for
business-related activities
Technical Issues
• Satisfies 24/7 uptime demands
»» 99.999% availability
• Web 2.0 threats: Real-time protection reduces the
time required by IT staff to clean-up after infections and
attacks.
• Proactive protection: By scanning a Web page’s active
content and understanding its intent or predicted
behavior, your customers get proactive protection
against spyware, zero-hour threats, blended threats, and
targeted attacks. Anti-virus solutions that solely rely on
signature updates or heuristics cannot provide this level
of protection.
• Reputation-based security through TrustedSource:
Secure Computing is uniquely positioned to provide the
best global intelligence due to the combination of our
core security technologies in the Web, Network, and
Messaging areas.
• Easy, cost-effective deployment
»» No on-site hardware or software to maintain,
upgrade or support
»» Simply redirect Web traffic to Secure Computing
data center
»» Easy-to-use Web-based interface for creating policies
»» Frees IT resources for other tasks
• Scalability and performance
»» No noticeable latency while browsing
»» No hardware additions or upgrades as traffic volumes
increase
• How are you managing
your employee Web usage
and/or enforcing your
Internet use policy?
25
• Are you looking to reduce
the complexity of managing
multiple point products for
Web protection?
• Is your capital budget
being reduced and/or can
be better served for other IT
needs?
• Have you considered
outsourcing your Web
protection?
• Is liability due to inappropriate Web browsing a
concern?
• Are you concerned with nonwork related Web traffic?
Secure Web Protection Service
Evaluation
How do customers obtain an
evaluation?
Secure Web Protection Service evaluations offer fast simple
setup since no equipment or software needs to be shipped
or installed. Customers can redirect traffic risk-free for a
small group of people (ex. IT department) or the entire
organization with the click of a button. Point customers to
http://www.securecomputing.com/goto/swps/eval for a free
30-day evaluation. The timing of the evaluation may be
extended on a situational basis.
Currently the Secure Web Protection Service is being offered
in the United States. We will shortly be expanding to a
global offering.
Objection Handling
• Will the service always be available? My business
requires Web access 24/7. At Secure Computing, we
understand that reliability and uptime are paramount
to success. Secure Computing has been reliably offering
our hosted TrustedSource reputation service for missioncritical security appliances for more than 6 years with
100% uptime. We’ve now extended this reliability to
our Secure Web Protection Service. With 99.999%
availability, you’ll find the SLAs you need to successfully
sell this service and meet your customers’ need for peace
of mind.
• We’re a small organization with limited IT resources.
We can’t afford best-of-breed Web protection.
With Secure Web Protection Service, you’ll find lower
upfront costs as well as lower ongoing costs. Rather than
installing, patching, upgrading, and maintaining various
applications for Web protection, staff can be redirected
to other mission critical IT needs. Organizations with
limited IT resources quickly appreciate the benefits of
simply redirecting Web traffic to a Secure Computing
data center.
• Do your current Internet
security solutions protect
against Web 2.0 threats
including spyware, Trojans
and other zero-hour
threats?
Competing Products
ScanSafe: Strengths
• First to market: entered US
market in 2005
• Market Leader = 1000+
customers and growing
rapidly
• 40% of the market according to IDC
• 100% channel focused,
excellent channel (AT&T,
Google)
• Has combined Web and
instant messaging offering
• Supports user-level policies
and remote users
ScanSafe: Weaknesses
• No native intellectual property/technology
»» OEM Secure Web SmartFilter (among others) for URL
filtering capabilities
»» OEM AV from Kaspersky, Symantec
• Growing hosted Web security market prime for a
company with deep experience in Web security to give
them serious, healthy competition
»» Hosted Web security market will have 36% CAGR and
outpace appliance and software markets over next
5 years (IDC)
• No published independent tests showing malware catch
rate. Secure Web Protection Service utilizes the awardwinning Secure Web Anti-Malware engine to provide the
best defense as rated by independent studies*.
• Information on the ScanSafe reputation service is
limited. ScanSafe appears to offer Web intelligence,
but not spam or email sender reputation intelligence
that often is connected to infected Web pages.
Secure Web Protection Service is integrated with the
global TrustedSource reputation service and Secure
Computing is uniquely positioned to provide the best
global information intelligence due to our core security
technologies in Web, Network, and Messaging.
• Slow time-to-market questions their ability to execute
and innovate: While founded in 1999, Web AV Scanning
(first product) wasn’t introduced until four years later in
2003. Web Filtering was added in 2004 and spyware in
2005. This equals six years to get their complete product
to market. Secure Computing, with native technologies,
offered a full product at the initial launch of Secure Web
Protection Service.
• ScanSafe is a relatively small company which means
stability, financial viability, and acquisition target can be
concerns for some customers.
• ScanSafe was ranked as ‘visionary’ in the Gartner Secure
Web Gateway Magic Quadrant but lower on the ability
to execute than three other competitors in the same
quadrant. Secure Web (Webwasher) solution was in the
‘leaders’ quadrant.
»» ScanSafe reporting was noted as a weakness in this
report.
MessageLabs: Strengths
• Among market leaders in hosted email market
»» Can sell into that base
• 5% of the market according to IDC for hosted Web
MessageLabs: Weaknesses
• Initially entered hosted Web market by reselling ScanSafe
• Relatively new to the market: launched its own service in
late 2006, technical problems reported during launch
• URL Filtering is licensed from SurfControl
• Strong European presence. Presence not as strong in
the US.
• No published independent tests showing the malware
catch rate. Secure Web Protection Service utilizes the
award-winning Secure Web Anti-Malware engine to provide the best defense as rated by independent studies*.
• No reputation-based filtering: Secure Web Protection
Service is integrated with the global TrustedSource
reputation service and Secure Computing is uniquely
positioned to provide the best global information
intelligence due to our core security technologies in
Web, Network, and Messaging.
Postini: Strengths – resells ScanSafe
• Subsidiary of Google
• Postini is the market leader in hosted email
»» Can sell into that base
• 3% of the market according to IDC
Postini: Weaknesses
• Relatively new to the market: started reselling ScanSafe
in 2006
• No native intellectual property/technology – ScanSafe
OEMs the technologies used in their solution
• No published independent tests showing the efficiency
or malware catch rate. Secure Web Protection Service
utilizes the award-winning Secure Web Anti-Malware
engine to
provide the best defense against malware as rated by
independent studies.*
• Information on the breadth and depth of the ScanSafe
reputation service is limited. Secure Web Protection
Service is integrated with the best global intelligence
from TrustedSource.
Emerging Players: Websense through SurfControl acquisition (SurfControl previously acquired BlackSpider, a hosted
email and Web solution), and WebRoot.
* Jan 24, 2008 Secure Web (Webwasher) Achieves 99.9%
Success in Anti-Malware Test http://blogs.pcmag.com/security
watch/2008/01/antimalware_performance_testin.php n
26
How to Sell: Secure Web SmartFilter
What is Secure Web SmartFilter?
Secure Web SmartFilter filtering protects organizations
from the risks associated with employee Internet use. By
controlling inappropriate Internet use with Secure Web
SmartFilter, organizations can enhance Web security, reduce
legal liability, increase productivity, and preserve bandwidth
for business-related activities.
• Protects against today’s Web 2.0 security threats.
Secure Web SmartFilter delivers the best protection
with the powerful combination of reputation-based
filtering powered by TrustedSource technology and
TrustedSource Web Database.
• Enforces Internet use policies with powerful features and
a user-friendly interface.
• Includes the Secure Web SmartReporter application,
which provides real-time snapshots of Internet traffic,
produces detailed reports for regulatory compliance, and
combats spyware by identifying infected machines.
• Secure Web SmartFilter EDU is designed specifically for
use in educational institutions and is a great choice for
K-12 schools. Compliant with the Children’s Internet
Protection Act (CIPA).
• Flexible policy management:
»» Custom policies by user, group, IP, and IP range
»» Filtering options by time-of-day, day-of-week, file
type, URL/IP addresses, HTTP/HTTPS traffic
»» Policy options include: deny, allow, coach, delay,
authorized override, exempt URLs/categories, global
block/allow
• Real value – One very competitive price covers
everything, including all software and upgrades, the
TrustedSource Web Database subscription, and full access
to Secure Computing’s award winning 24 x 7 support.
• Secure Web SmartFilter EDU – The education edition
of Secure Web SmartFilter is the premier choice of
schools across the country. Easy-to-use and CIPAcompliant, Secure Web SmartFilter EDU offers Safe
Search enforcement, education-specific categories and a
variety of implementation options from which to choose.
TrustedSource Integration
Secure Web SmartFilter’s reputation-based Web filtering
powered by TrustedSource is continually enhanced and
updated as the threat landscape changes.
• Integration with TrustedSource global reputation system
provides proactive protection against sites that are
hosted by entities known to be malicious.
Secure Web SmartFilter Key
Features and Benefits
• Best Web Database in the industry – Provides a proven
Database of more than 25 million blockable Web sites in
nearly 100 categories. Built by our team of multi-lingual
Web analysts using state-of-the-art technology, the coverage, quality, and accuracy of Secure Web SmartFilter is
unmatched.
• Enhanced security – With reputation-based URL filtering
powered by TrustedSource and numerous categories,
including spyware, malicious sites, and phishing.
• Comprehensive coverage – Ensures a productive user
experience and liability protection.
• Custom category creation – Allows administrators to
deny access to sites not categorized in the TrustedSource
Web Database.
• Graphical blocking messages – Can be customized to
reflect a company’s Web usage policy.
• Secure Web SmartReporter’s powerful and easy-touse reporting capabilities – Provide in-depth understanding of an organization’s Web usage; Web-based
reporting enables multiple authorized users to access
reporting without IT involvement.
• Utilizes advanced, real-time analysis to identify sites
with malicious intent prior to the content even being
available on the site, so as spammers, phishers, and
others are planning their next exploit, we’re now able to
proactively assign a malicious intent reputation score.
• Traditional URL category-only solutions can’t provide
this level of proactive protection since content is not yet
available.
• TrustedSource allows Secure Web SmartFilter to
provide the proactive protection that is needed for
today’s dynamic Web 2.0 environment.
Target Customers/Markets
• Businesses, organizations, and government enterprises
of all sizes that allow employee access to the Internet.
Secure Web SmartFilter is currently deployed in 1 out of
every 5 Fortune 500 companies.
• Educational institutions that need to prevent access to
Web sites with inappropriate content for children and in
the US, also need to comply with CIPA compliance and
filtering requirements.
• Flexible deployment options – With more than 30
supported platforms, Secure Web SmartFilter products
fit seamlessly into almost any network and work with the
most popular proxy servers, caching appliances, firewalls,
and security solutions.
27
What Issues Does Secure Web SmartFilter
Address?
Business Issues
• Reduces risk of legal liability due to employee access of
inappropriate Web sites
• Increases employee productivity by reducing time spent
on non-work-related sites
• Filtering is a legal requirement in schools per CIPA
compliance regulations
• In-depth reporting via Secure Web SmartReporter enables
customers to track Internet usage across the organization
Malicious Sites and Spam email URLs, Secure Web
SmartFilter provides excellent, broad protection against
many Web security threats. Additionally, Secure Web
SmartFilter provides security protection through reputation-based filtering powered by TrustedSource.
How are you managing your employee Web
usage and/or enforcing your own Internet
usage policy?
• If currently have a solution in place:
Technical Issues
»» Is your current filtering subscription up for renewal?
Are you looking for a cost-effective, high-quality
replacement?
• Secure Web SmartFilter integrates seamlessly into customers’
existing network infrastructure; multiple platforms deliver
more options than competing products
»» Would you be interested in lowering your cost of
ownership with a tightly integrated on-box implementation?
• Secure Web SmartFilter on-box implementations save
time and money, as they do not require the purchase or
maintenance of additional hardware appliances or servers
• Filtering of potentially dangerous sites protects the
enterprise network against malware, spyware, and Webbased phishing
• Automatic real-time updates of the Internet Database ensure
that it is kept up-to-date without IT intervention
• Flexible deployment options:
»» Run on the same server as the enterprise firewall, proxy
server, or caching system
»» Run on a separate server
– In-line option
– Pass-by option
»» Available for purchase from OEM partners with Secure
Web SmartFilter natively integrated on-box
Objection Handling
• “Secure Web SmartFilter doesn’t have the categories I
need”: The latest release, Secure Web SmartFilter 4.2,
includes 91 categories, giving customers the category
granularity needed to customize policies to meet unique
organizational needs.
• “Secure Web SmartFilter won’t work with my Cisco
PIX firewall”: Secure Web SmartFilter offers more than
30 different deployment options including both on-box
and off-box deployments that work with many popular
proxy cache solutions, security appliances, and firewalls,
including Cisco PIX.
• “Secure Web SmartFilter blocks adult content sites
well but I need security protection as well”: Secure
Web SmartFilter offers comprehensive coverage for
the entire Web, including security. With numerous
security-related categories from Spyware and Phishing to
• If currently do not have a solution in place:
»» Are you concerned about the security risks of employee Web access, including spyware?
»» Are you concerned about the legal liabilities associated with improper use of the Internet? Have you ever
had to terminate an employee due to inappropriate
use of the Web?
»» Do you feel that employees in your company could
be more productive at work if they had a restricted
Internet usage policy or tool in place?
Cross-Selling/Up-Sell/Add-Ons
With over 30 supported platforms, Secure Web SmartFilter
products fit seamlessly into almost any network environment
and work with major firewalls, routers, proxies, cache devices,
and security appliances. Many Secure Web SmartFilter configurations are natively embedded into a host platform and run
on-box, providing unrivaled speed, reliability, and affordability,
since no additional hardware is required to host the filtering.
Secure Web SmartFilter products also run off-box, providing
additional flexibility and deployment options with minimal
impact on your network.
Secure Web SmartFilter Integrates with:
• Secure Firewall (Sidewinder): Embedded on-box, Secure
Web SmartFilter can be purchased as a convenient add-on
module with any Secure Firewall implementation.
• Secure Web (Webwasher): The TrustedSource Web
Database now powers all Secure Computing filtering
solutions, including Secure Web. Secure Web SmartFilter
customers can easily transfer their Secure Web SmartFilter
subscription to Secure Web (Webwasher) if additional
Secure Web protections are needed such as Secure Web
Anti-Malware and Secure Web SSL Scanner.
28
Competing Products
Awards/Certifications/
Memberships
Websense: Strengths
• Websense is a standout leader in the traditional URL
filtering market, with approximately 50% (by revenue)
enterprise market share
• SC Magazine Best Web Filtering Solution 2006
• Websense Security Labs, while responsible for detecting
numerous zero-day threats, is updated in Websense
systems only after a threat has been discovered—a
reactive approach that leaves organizations vulnerable to
numerous threats for an unknown period of time
• Member of Internet Watch Foundation
• Accredited by the Internet Industry Association,
Australia’s national Internet industry organization
• Member of Anti-Phishing Working Group n
• Licensed Inktomi’s proxy software, acquired Port
Authority DLP technology, and acquired SurfControl
email technology which will form the nucleus of a new,
appliance-based solution
Websense: Weaknesses
• Expensive URL filtering solution
• Security coverage not included in base enterprise
product, premium category add-on for security
• Legacy category-only Web filtering
• SurfControl acquisition distraction
• Predominantly sold as an off-box solution, requiring
dedicated hardware and additional maintenance
Blue Coat Blue Filter: Strengths
• On-box filtering, easy to implement
• Easy to purchase, competitively priced
Blue Coat Blue Filter: Weaknesses
• Secure Computing’s focus is security, while Blue Coat’s
focus is on infrastructure
• Category-based URL filtering only: no Web reputation
• Expensive hardware
• Coverage and accuracy fall short when compared to the
TrustedSource Web Database
• Fewer categories than Secure Web SmartFilter
• Better spyware coverage: Secure Computing performs
extensive spyware harvesting and offers the robust
reporting solution, Secure Web SmartReporter, to help
detect infected machines attempting to phone home
29
Secure SafeWord - Net It Out
• Secure SafeWord is all about fixing the known security problems associated with using regular
passwords. It makes it easy to upgrade your password security wherever you need to with strong, one-time
passwords that can’t be guessed or stolen.
• TYPICAL EXAMPLES where people use Secure SafeWord all the time are with remote access applications
like Citrix and VPN connections; or, to protect log-in access to application servers with really
sensitive information on them like healthcare records or credit card numbers.
• Standard Windows passwords that we make up in our heads and then use over and over
again—for months or even years!—are way too easy to guess or steal.
• On top of that, most of the compliance regulations today all require some form of
stronger passwords than just using standard Windows passwords!
• Rather than typing in a memorized password at a log-in prompt like you normally
would, you push the button on a token, and it gives you the next password that
should be used. Every time there’s a brand new password! And the cool thing is
that Secure SafeWord’s one-time passwords are literally impossible to guess or steal!
Which is why they’re referred to as strong passwords!
• Secure SafeWord also offers software for the users who don’t like the idea of
hardware tokens. Our Secure MobilePass client software generates one-time
passwords on PDAs, cell phones and laptops.
• Secure SafeWord has over 8,000 customers all over the world, from very small SMB
customers, to the very largest two-factor authentication user in the whole world—
Citigroup. Secure SafeWord’s easy to use and very affordable as well as having unlimited scalability and rock solid reliability.
• Other worldwide customers include
»» Citigroup
»» Cisco
»» Sony
»» Boeing
»» Oprah Winfrey’s Harpo, Inc.
• There are three key differences about Secure SafeWord.
»» First,
Secure SafeWord works just flawlessly with the most popular remote access VPN solutions. In fact,
a huge percentage of our tokens are purchased with Citrix, Cisco, Check Point or Nortel branding
through their channel partners.
»» Second,
Secure SafeWord works far better with Windows than any other two-factor authentication
product, and it’s managed through Microsoft Active Directory, which of course, the vast majority of
companies use today.
»» And
finally, Secure SafeWord has the lowest total cost of ownership in the business because we use
Microsoft management tools and existing hardware; because our tokens never expire and have to be
replaced like RSA’s do every few years – and – I saved the best for last—because only our tokens come
with a Lifetime Warranty!! If one of our tokens ever fails, we simply replace it at no cost to you—forever!
30
How to Sell: Secure SafeWord
What is Secure SafeWord?
Target Customers
Secure SafeWord 2008 is a two-factor authentication
solution that protects your most important information
assets and applications.
Influencers/Recommenders
Secure SafeWord’s easy-to-use tokens and seamless
integration with your existing Microsoft infrastructure make
it simple to deploy two-factor authentication for VPNs,
Citrix applications, Web applications, Webmail, and
Outlook Web Access.
• IT managers and administrators that deal with network
access
The Enterprise Solution Pack add-on to Secure SafeWord
2008 adds the SecureWire Access Gateway, enablement of
Secure MobilePass software authenticators and additional
administration management features.
• CIO and COO/CFO concerned with network and
identity/access security
What Issues Does Secure
SafeWord Address?
How to Recognize A Prospect
• Information security and compliance officer
• Security consultant
Decision Makers
• Network Security Manager
Business Issues
Positioning Scenario for Secure
SafeWord
• Remote Access – Ascertaining the identity of users
logging in remotely. Protection of key business resources
and data from unauthorized access
• Company is upgrading to the new Windows 2008 Server
environment and needs a compatible authentication
solution.
• Compliance – Several regulations require enterprises/
government organizations to track and monitor user
identity and access.
• Companies need 24 X 7 access to applications, data and
network resources
• Web Access to user accounts – Banks etc. deploy
strong authentication to counter password related
threats including phishing
• Help desk costs rise as IT resets forgotten or
compromised passwords
• Disappearing perimeter, more remote users from more
locations
• Proven vulnerabilities of memorized passwords as identity
mechanism
• Unauthorized sharing of user accounts – Online
businesses that charge per user account implement
token based strong authentication to ensure users do
not share their login information with others. Online
content providers and MSPs are good examples.
Secure Computing example would be Clareity
partnership
Technical Issues
• Company is offering more access to more resources to
more people and need a secure mechanism to protect
user identity
• Company is using static, memorized passwords to obtain
access to network resources
• Company needs a simple, easy-to-use solution that is
intuitive for users
• Company is working with Microsoft Active Directory
(AD)
• Company is looking for a cost effective SSL VPN solution
31
• Increasingly mobile workforce that needs secure remote
access
• Regulatory obligations for access compliance and
reporting
• Company is working in a Windows environment with
Microsoft Active Directory (AD)
Secure SafeWord Key Features and Benefits
• Protects your most important information assets and
applications
• Tokens never expire and
come with a lifetime token
warranty
• Positively identifies remote
VPN, Citrix and Outlook
Web Access users
• Solve regulatory compliance initiatives such as PCI
DSS, HIPAA, HSPD-12, and
FFIEC.
• Designed for Windows
environments with
seamless integration with
Microsoft AD
• Delivers an easy, fast
installation experience:
runs on existing servers
• Co-branding service for
Secure SafeWord tokens
is available. This enables
banks, MSPs and other
organizations to provide
their customers hardware
tokens with their own
logos.
for Secure SafeWord
• Tokens never expire, come with lifetime token warranty
• Support for latest 32 and 64 bit Windows platforms
• Native Microsoft AD integration
• User self enrollment
• Scalability into the millions of users
Objection Handling
• Objection 1: I don’t want to have to replace tokens
every 3 years when they expire. Answer: Unlike other
tokens, Secure SafeWord tokens never expire. No need to
replace tokens after 3 years. And the warranty for tokens
is lifetime.
• Objection 2: I don’t want to change my network
infrastructure. Answer: Secure SafeWord can install in
minutes right on your AD domain controller. No new
hardware is needed.
• Objection 3: I want something that is reliable. Answer:
Secure SafeWord is used every day by millions of end
users at thousands of companies worldwide, by some of
the world’s largest companies.
• Objection 4: I don’t want to buy several solutions for
remote access. Answer: You can Enterprise Solution Pack
add-on with SecureWire as an SSL VPN gateway along
with Secure SafeWord strong authentication for a complete solution from a single vendor.
• Objection 5: I don’t want to carry around a token.
Answer: Use Secure MobilePass software tokens for
mobile devices and desktops.
System Requirements
Secure SafeWord Server requirements
Pricing and Promotions
For pricing information please check pricelist. Secure
SafeWord is competitively priced.
Competitive Replacement Promotion
Secure SafeWord participates in Secure Computing
competitive displacement promotion. Use this to replace
RSA and other installations. Please refer to the promotion
brochure for details.
Take 90% off of A Starter Pack Promotion
Resellers can take 90% off of the Secure SafeWord starter
pack to seed the market. It is a good add-on to any remote
access
Secure SafeWord New Business Bonus Promotion
This promotion allows reseller reps to earn up to $5 per
token sold to a new customer.
Secure SafeWord Product
Evaluation
How Do Customers Obtain An Evaluation?
Go to http://www.securecomputing.com/index.cfm?skey=181
And request a free evaluation kit containing tokens and all
software mailed to the customer address. A simple form
needs to be filled out. Evaluation kit is available for different
flavors of Secure SafeWord.
What Is the Evaluation Period?
30 days from the data installed.
When Does the Evaluation Period Begin?
From the day of installation of Secure SafeWord software.
What Criteria Should Be Used to Judge the
Success of the Evaluation?
• Can run on existing hardware used for Active Directory
1.Product successfully installed in the customer
environment
• CPU - Pentium IV @ 1.2 GHz (min), 3.2 GHz
(recommended)
2.User able to login using the OTP provided by the token
• RAM - 1 GB (min), 4 GB (recommended)
3.Easy administration as compared to alternatives
• Disk space - 3-5 GB (min) 10 GB (recommended) on
NTSF-formatted drive
Cross-Selling
• Server OS - 32 or 64-bit Windows Server 2003 or 2008
• Secure Firewall (Sidewinder)/Secure SnapGear:
Customers using above products are a good target for
selling Secure SafeWord since remote access security is
one of the main applications of Secure SafeWord. A twofactor authentication solution paired with remote access
provides most security and flexibility.
• Desktop OS - 32 or 64-bit Windows XP (SP2), or Vista
• Customers of other Secure Computing products may
provide green field opportunities for Secure SafeWord
since in all likelihood they use some kind of remote
access solution and Secure SafeWord OTP will
complement that.
32
Competing Products
Vasco Data Systems International:
Weaknesses
RSA SecureID: Strengths
• Not significant expertise in enterprise authentication
• Dominant market and mind share
• Poor reseller relationships and channel
• Sound financial position of EMC
• Wider product line for financial institutions
Vasco Data Systems International: Pricing
RSA SecureID: Weaknesses
• Vasco products are competitively priced to Secure
Computing Secure SafeWord products. n
• Customers must renew their tokens every 3 years
resulting in high TCO
• Lack of focus for Windows and Active Directory
Secure SafeWord Differentiators against
RSA SecureID
• Lower TCO, tokens never expire
• Lifetime token warranty.
• True Active Directory integration.
• Enterprise Solution Pack add-on provides additional
capabilities, including the new SecureWire Access
Gateway for unlimited users.
• Powerful, more scalable solution. Over 1 million tokens
deployed at Citibank and 1.3 million at Banamex, the
largest bank in Latin America.
• Easier installation and deployment – 20 minutes install
• Award-winning support
RSA SecureID: Pricing
RSA SecureID is priced at a 20-40% premium to all the
other two factor authentication solution providers. Additionally, RSA tokens expire every three years necessitating a
repurchase making the solution even more expensive.
RSA SecureID: Sales Aids
• Check out the Secure SafeWord ROI tool to see the
tangible benefits over RSA
• Secure Computing’s competitive replacement program
makes replacement of RSA with Secure SafeWord more
attractive to customers.
Vasco Data Systems International:
Strengths
• Focus on financial consumer market e.g. banks providing
tokens to their customers for e-banking
• Strong partnerships with banking applications and
system integrators
• Competitive pricing
• Wide variety of token form factors including smartcard
and USB tokens
33
Secure SnapGear - Net It Out
• Secure SnapGear is an ‘all-in-one’ firewall that is ideally suited for home offices, small businesses, branch
offices, retail locations, or remote data centers within the enterprise. SnapGear will authenticate remote
devices requesting connections to the main data center or hub. It is also called a “UTM” (unified threat
management) firewall.
• SnapGear is a cost effective add-on to Secure Firewall (Sidewinder). Both can be centrally managed with
Secure Firewall CommandCenter.
• Secure SnapGear contains numerous security features in
addition to:
»» Central Management (Secure Firewall CommandCenter)
»» Corporate level certified firewall (ICSA-Labs)
»» Anti-virus (ClamAV)
»» Intrusion Detection/Prevention (Snort)
»» Anti-spam (TrustedSource)
»» Security Event Management (Secure Firewall Reporter)
• Secure SnapGear will consistently beat out competitors with
its functionality, licensing system, performance, and
price point. On top of the strong channel product lineup,
Secure Computing also offers custom appliances for larger
orders—for example, managed service providers find this offering very appealing.
• SnapGear wins because of:
»» Value for the price point
»» Return on investment
»» Extensive feature set
»» Full VPN capability
»» Unified threat management
»» By simplifying the sales process
»» Pricing, user licensing (none!)
»» Allows focus to be on the customer’s needs
»» Investment is backed by large security firm
»» Secure Computing corporate strength
»» Standards followed, open source solutions used, and industry certifications achieved
• An interesting fact to point out is that Secure SnapGear is the only UTM firewall designed for small
businesses and remote offices to incorporate a global reputation intelligence service, TrustedSource.
• Secure SnapGear has an OEM option to allow large customers to private brand their own firewall.
SnapGear comes in many form factors, including boards, software, wired, and wireless solutions.
34
How to Sell: Secure SnapGear
What Is Secure SnapGear?
Target Customers
The Secure SnapGear firewall/UTM appliance line provides
small-to-medium businesses (SMBs), small offices, home
offices, retail stores, etc., with a very cost-effective security
gateway with all of the primary VPN components necessary
to secure any connection. SnapGear is the one Network
Gateway Security appliance every SMB/SME needs.
SnapGear Channel Product Line:
• Consolidates all major security functions under a single
management interface
• UTM (Unified Threat Management) feature set: Firewall,
anti-virus, intrusion detection, anti-spam, URL filtering
• True appliance – no moving parts
• TrustedSource reputation-based global intelligence provides proactive (not merely reactive) security
management
• Blocks viruses, intrusions, and spam; secures employee
use of the Internet
• Built by Secure Computing – Manufacturer of the “Strongest Firewall in the World” Secure Firewall (Sidewinder)
Secure SnapGear Key Features
and Benefits
• Most cost-effective UTM appliance line on the market
• Feature set rivals that of enterprise firewalls that cost 10x
as much
• Can support an unlimited number of VPN tunnels,
leveraging VPN offloading technology—can compete
with VPN concentrators
• Licensing system is NOT on a per-user or per-VPN tunnel
basis, but on a per-appliance basis, making for a simple
sales process
• Squid (Web caching) built-in
• Small-to-meduim
businesses and enterprises
• Distributed office
environments
• Retailers
• Network administrators
• Technology decisionmakers
• Wireless campuses
SnapGear OEM or Custom Product
Market Examples:
• Managed Service Providers
(MSPs)
• Hosted security service
providers
• Internet Service Providers
(ISPs)
• Telecommunication
companies
• Medical technology/device
manufacturers
What Issues Does Secure
SnapGear Address?
Business Issues
• Consolidation of security devices
• VPN endpoints (remote offices needing to connect to
corporate services via a secure tunnel)
• Protection from intrusion attack (IDS/IPS included with
Secure SnapGear)
• Need for a small form factor network security appliance
at any endpoint (Example: point-of-sale locations)
• Cost-effective VPN concentrator (VPN offloading gives ‘N’
number of tunnels)
• Need for better quality of service surrounding a Voiceover-IP (VoIP) solution
• Employees wasting time browsing Internet (leverage URL
filtering capabilities)
• VoIP connectivity management and security
• Real-time connection tracking and filtering
• Need for separate network segments (leverage VLANs)
• SIP Proxy, Quality of Service with L7 classifier to prioritize
traffic
Addresses These Technical Issues
• First and only SMB firewall with reputation-based global
intelligence (TrustedSource)
• Existing firewall weak on rule granularity: Secure
SnapGear firewall rules are the most comprehensive in
the SMB security appliance market
• High availability/failover with load balancing
• Full VLAN and switching capabilities
• Viruses spreading through network: SnapGear includes
anti-virus protection
• Multiple form factors available, including custom
appliances
• Mail server bogged down with spam: TrustedSource
blocks up to 80% of all spam from hitting the mail server
35
• High availability needed: SnapGear provides seamless
high availability and can also be leveraged as a loadbalancing unit
• Space availability is limited: SnapGear comes in a wide
range of form factors to enable networking solutions in
all locations
• Printer sharing and network-attached storage
required: SG565 includes USB ports to connect
peripherals such as printers, hard drives, and flash drives
Objection Handling
• “I already have a firewall”: Likely this prospect is
using a firewall that charges them for every add-on
feature like anti-virus, intrusion detection, the number
of VPN tunnels, the number of users that can connect
through the device, and so on. Ask what they are paying
for that annually. Likely they can buy a Secure SnapGear
appliance to replace their existing solution for around the
same price as their annual renewals on the add-ons they
are buying.
• “Secure SnapGear? Who or What is that?”: SnapGear
comes from the leading provider of enterprise gateway
security for businesses. Secure Computing is very well
known in the market for developing the strongest
firewall in the world (Sidewinder). Show the prospect
the Gartner magic quadrants and all the other 3rd-party
validation papers on the Secure Computing Web site
that show the product and organization strength. Those
who know security know Secure Computing, and small
businesses that want the best should be considering
SnapGear.
• “Secure SnapGear pricing is quite low… does that
relate to the product quality in any way?”: Absolutely
not, and to alleviate any concern, Secure SnapGear has
one of the best warranty and support programs on the
market. The SMB/SME security appliance market is fairly
saturated, and SnapGear isn’t a brand name everyone
knows. To compete in such a market, few tactics are
available, but attractive pricing is one of them. The
vast majority of people who try SnapGear stick with
SnapGear. Secure SnapGear has an unmatched feature
set at this price point, and you can probably expect the
price of SnapGear to increase as SnapGear mindshare
expands.
Situational Questions
• Small Business: Do you have a firewall? Do you have a
gateway anti-virus or intrusion detection system?
• Would you like to control the types of Web sites your
employees can access during business hours?
• Is your existing network security appliance warranty/
support plan up for renewal?
• Is your business expanding? Are you hiring new
employees? What fees will you face with your current
firewall if you need to add more users or connections?
Can your current appliance handle the additional
throughput?
Problem Questions
• Is your mail server having trouble keeping up with all of
the spam penetrating your network? Secure SnapGear
could reduce that volume by up to 80%, extend the life
of your server and alleviate some maintenance tasks.
• How often are you tweaking and rebooting your existing
firewall because it had a problem of some type? (Secure
SnapGear reliability is becoming well known with a lifetime failure rate being less than the delivery failure rate of
competitors. Lifetime failure rates include delivery failure
rates.)
• Does your existing networking solution have high availability with Quality of Service (QoS) features allowing you
to prioritize different types of packets – like VoIP packets?
• Are you able to troubleshoot network connectivity issues
easily with your solution today? (Secure SnapGear has
real-time connection analysis with filtering built-in.)
Up-Sell/Add-Ons
• URL filtering
• TrustedSource anti-spam
• Secure Firewall
CommandCenter
• Extended support & warranties
available
Cross-Selling
• Secure Firewall (Sidewinder): Provides application-layer
protection for an enterprise’s network gateway. Secure
Firewall at larger central locations with Secure SnapGear
at smaller distributed offices all managed by CommandCenter is a true end-to-end security solution, all provided
by the same manufacturer ensuring interoperability.
• Secure Firewall CommandCenter: Secure Firewall
CommandCenter (sometimes referred to as Global
Command Center) is Secure Computing’s enterpriseclass management solution that enables you to implement security policies and policy changes quickly, easily
and accurately across multiple geographic locations and
multiple gateway security appliances.
• Are you using or planning to use VoIP? If so, does your
current network help control VoIP-specific security
threats?
• Are you currently providing a guest wireless network to
your visitors? (This is becoming a standard for customer/
prospect convenience.)
36
Competing Products
Fortinet (FortiGate): Weaknesses
SonicWALL: Strengths
• Market presence/mindshare: SonicWALL is almost
guaranteed to be in on any competitive scenario out
there, purely due to their name recognition. Whether
they are a good fit or not, they will be on the list to be
evaluated in larger opportunities.
• Product line breadth: SonicWALL has a good number
of appliances that are tailored toward special needs. This
product line will meet a very large number of market
needs. Most resellers will tell you they don’t sell a lot of
these specialized appliances, but they make the organization look good by gaining mindshare with unique
business solutions just by having the product offerings.
• Ease of use: Well known for their simple setup leveraging
pre-set configurations, allowing non-technical users to
set up the appliance very quickly.
SonicWALL: Weaknesses
• Intrusion detection/prevention setup: A very manual
and tedious setup procedure is required to set up the
more than 1300 signatures. This is in addition to the
protection profile creation process that needs to be done
in conjunction with the IDS/IPS system.
• Lack of features: Missing firewall/networking features
such as file sharing with USB memory sticks/hard drives,
on-box Nessus Scanner, supporting BGP and OSPF.
• Historical performance Issues: Customers in the past
have claimed published throughput data by Fortinet is a
bit ‘optimistic’ in its claims.
• Throughput: Equivalent Secure SnapGear products beat
Fortinet in both stateful inspection throughput and VPN
throughput.
WatchGuard: Strengths
• Well known branding: The one feature most customers
seem to like the most… the red appliances.
• Price: SonicWALL appliances are more expensive than
Secure SnapGear, but on top of that, almost nothing is
included, other than the base appliance itself. To gain
UTM functions, an additional operating system must be
purchased, and either individual add-ons, or a block of
features to finally get into the UTM category.
• UTM bundles on higher-end units: Simple to purchase
the additional functions/features to gain UTM feature set.
It still requires the purchase of the advanced appliance
software Fireware Pro.
• Licensing model: Users and VPN tunnels are examples of
limitations placed on their appliances. For example, many
models are sold with licenses limiting them to only 10 or
25 users or 10 or 20 VPN tunnels (numbers may vary). If
the customer is growing their business, they will have to
pay more to this manufacturer to allow the connections
to be made. SnapGear does not come with such micro
management of our customers. All appliances include
licenses with unlimited users and VPN tunnels.
• Firmware upgrades: To gain all new functions, a
new operating system is required, which WatchGuard
is charging a considerable amount for. Also, when
migrating older operating systems to new ones, not all
functions are replicated, so customers risk losing features
they may be using today.
• Throughput and VLAN support: When comparing
equivalent SonicWALL product models to SnapGear
models, Secure SnapGear wins the throughput race and
configurability of Virtual LANs.
Fortinet (FortiGate): Strengths
• Managed service offering: A managed service and
central management offering from Fortinet provided
to resellers is quite well known within the industry.
Secure SnapGear offers this also, by leveraging Secure
Firewall CommandCenter. One of SnapGear’s most
prominent managed service providers manages more
than 50,000 appliances.
• Telco penetration: Fortinet has a good handle on
numerous telco companies that wish to provide cheap
networking appliances for their customers via leasing
options and the like. This is an area where Secure
SnapGear is making strides, as one of the largest telcos in
the world is now leveraging Secure SnapGear appliances.
37
WatchGuard: Weaknesses
• Ease of administration: Message board users complain
about the difficulty in maintaining the appliance.
• Product cost: Both the appliances themselves and all
of the add-on features are known to be considerably
overpriced for the functions provided. The constant
charging for add-on features gives WatchGuard the
reputation of nickel-and-diming customers.
• Maintenance cost: Known to be quite expensive to
existing customers to continue to get security upgrades.
• Low-end units missing considerable functionality and
throughput: Missing high-availability solutions, VLAN
capabilities, Web cache, print server, restricted number
of VPN tunnels, and more. All of the following are
additional costs: Anti-spam, AV, IPS, WebBlocker, Live
Security Service…
• Responsiveness / losing resellers?: Many WatchGuard
resellers and customers have been moving toward
SnapGear products—and probably others as well.
According to our sources, WatchGuard’s responsiveness
to their channel has dropped considerably.
Secure SnapGear Product Evaluation
How do customers obtain an evaluation?
• Most Secure SnapGear sales do not require evaluation,
but if someone would like to see the interface of
Secure SnapGear, point them to the online emulator at
www.snapgear.com, and click on “Evaluate Product.” If
evaluations are required, resellers can purchase discounted
demonstration units from their distributor to generate and
manage an evaluation pool of appliances. n
Secure SnapGear Specifications
Model
SG300
SG560
SG565
SG580
SG640
SG720
7”x 4.6”x 1.7”
(178mm x
118mm x
43mm)
6.5”x 4.5”x 1”
(168mm x
115mm x
26mm)
8.1”x 4.7”x 1”
(206mm x
120mm x
26mm)
6.5”x 4.5”x 1”
(168mm x
115mm x
26mm)
PCI Card
Small 1U
<25
<100
<100
<200
<150
<1000
Stateful
inspection
throughput
25 Mbps
110 Mbps
110 Mbps
160 Mbps
80 Mbps
180 Mbps
VPN - IPSec
tunnels
40
100
150
200
150
400
VPN - PPTP
tunnels
10
10
25
80
80
100
1-10/100 + 4
port switch
(5 total)
1-10/100 + 4
port switch
(5 total)
1-10/100 + 4
port switch
(5 total)
1-10/100 + 4
port switch
(5 total)
1-10/100
3-10/100 +
2-100/1000
(5 Total)
X
X
X
Dimensions
Guideline for
Users
Ethernet
interfaces
VLAN (Port
based)
X
* All models licensed w/unlimited users
38
TrustedSource - Net It Out
• TrustedSource is the most revolutionary thing happening right now in email and Web security.
It’s a brand new kind of in-the-cloud Internet security service that dramatically reduces the risk when your
employees use the Internet, and it saves companies money and bandwidth.
• TrustedSource is not about identifying specific viruses or attacks and then building signatures after the
attack has happened. TrustedSource is all about identifying bad objects around the Internet that
you simply want to avoid: like avoiding Zombie PCs that have been hijacked for use in a botnet, or help
in avoiding infected Web sites, or avoiding specific URLs on Web sites that have malware under them,
or avoiding spam emails that entice you to click on things that are bad for you. So no, TrustedSource
doesn’t know what the specific attack is, but it does know what machines, what Web sites and what
email messages are being used to distribute malware and other kinds of attacks. Now if I used a medical
analogy here, I would say that TrustedSource helps you avoid getting sick by telling you who the infected
people are that you should stay away from.
• Our TrustedSource data centers mathematically analyze hundreds of billions of email messages and millions
of Web sites every day to identify exactly which Internet objects (PCs, Web sites, things like that) are
distributing malware or spam. For example, our data centers are identifying over 300,000 new Zombie
PCs every single day; and our customers appreciate that because they don’t want to get infected, or
accept email coming from botnets that are under the control of a bunch of criminals and spammers. So in
the case of TrustedSource, highly advanced mathematical analysis is delivering a pretty wonderful thing!
• TrustedSource analyzes thousands of characteristics on the traffic it looks at to produce its
real-time reputation scores for things. That includes over two hundred unique characteristics just in
images alone. We all know that false positives in the security business are bad… of course. In other words,
if TrustedSource says it’s a Zombie PC and it’s wrong, we have a false positive situation. And quite frankly,
that happens quite a bit in signature-based products like IDS systems. The thing that’s different here with
TrustedSource is that it actually calculates a confidence score on a sliding scale from something having
a very bad reputation to something having a good reputation. As we know, few things in life are just
black or white. So the higher the reputation score we have for a Web site let’s say, the more confidence we
have that it’s bad… that there’s malware there. Then ultimately, our customers decide where they really
want to set the actual bar for themselves through a simple configuration option in the GUI!
• By using in-the-cloud reputation systems like TrustedSource, you can automatically drop huge volumes
of known bad traffic right at the connection level. Your systems don’t really have to do any processing
on that traffic! This stops tons of malicious junk from streaming into your network, clogging up your mail
servers, things like that. And of course that reduces the load on your firewall, and on your mail servers,
and on your overall network.
• Keep in mind that over 90% of all email today is spam, and most of it is spewing out of botnets. And
mail volume at many companies is doubling every three to four months. So it’s easy to see that IT
departments have their hands full and their budgets are getting wacked pretty hard trying to constantly
upgrade their infrastructure. TrustedSource helps a lot here.
• TrustedSource services help you avoid having to clean up infected desktop and laptop machines
because of a malware outbreak getting in. And we all know that desktop clean-up projects are costly
and have a negative impact on your staff’s productivity. So TrustedSource helps stop hacker emails from
getting to your staff. And it also protects your workers from clicking on Web sites that are known by
TrustedSource to be infected!
• Technically TrustedSource is not your only option.
»» Cisco recently bought IronPort that is now trying to build out a more competitive reputation-based
service they call SenderBase. SenderBase has been around for a while, but it is seriously lagging behind
TrustedSource, particularly in the Web, message and image reputation areas.
39
TrustedSource – Net It Out (continued)
»» TrendMicro is doing some work here as well, but they are an email-only approach.
»» Microsoft is dabbling here, but it offers email-only scoring on a crude scale, and only if you use
Exchange 2007 exclusively.
»» Websense is just spinning a marketing story… using the reputation word in marketing …they aren’t
really doing any serious work in this area at all.
• The key difference when comparing TrustedSource to all other reputation services out there is the fact that
we are way ahead of everyone in scoring the behavioral reputation—on a good-to-bad score—of
multiple Internet objects; not just the IP address of suspected zombie machines sending out spam.
TrustedSource has real-time reputation Web sites, Web URLs, embedded images, the actual contents of
emails, and DNS servers too. And more is coming!
• The TrustedSource team is far ahead in this revolutionary security service because they focus on
nothing else! For almost every other company, outside of maybe Cisco, it’s a secondary project right now,
or it’s just a marketing story.
• Secure Firewall (Sidewinder) and Secure SnapGear: Our Secure Firewalls can apply TrustedSource scores
on both inbound and outbound traffic on many protocols, not just Web and mail. This sets our firewall well
apart from all other firewalls on the market today!
• Secure Web (Webwasher) and Secure Web SmartFilter: In the Web Gateway area, we use TrustedSource
scores on outbound Web traffic to help protect desktop and laptop machines when users are surfing the net
with their browsers!
• Secure Mail (IronMail) and Secure Mail Edge: In our Mail Gateways, we use TrustedSource scores on
inbound email traffic to protect desktop and laptop machines from spam, and from getting hacker emails
with dangerous attachments and malicious Web links in them.
• Other companies who have joined the TrustedSource Alliance are:
»» Brightfilter
»» Cymtec Systems
»» F5 Networks
»» Foundry Networks
»» InternetSafety.com
»» MarkMonitor
»» Riverbed Technologies
»» Webroot
• Invite your customers to see the power of TrustedSource for themselves at www.trustedsource.org. They can
also request a Domain Health Check which provides them with the reputation of their own organization.
40
How to Sell: Secure Support and Services
What Are Secure Computing’s
Support and Service Offerings?
3. Self-Help Tools – included with purchase price
»» Web-based Virtual training
– Available for Secure Firewall (Sidewinder) 7 and
6.1, Secure Web SmartFilter 4.1, and Secure
SnapGear 3.1
Secure Computing offers the most comprehensive package
of services and support to our customers. These services are
designed to ensure that our customers succeed with their
security goals, maximize the benefits achievable with our
products, validate their decision to partner with Secure,
provide strong references for Secure, and continue to
renew their contracts year after year. Secure Computing
offers 6 types of Support and Services to customers.
Some are included with the product purchase, others
provide Secure and our partners with additional revenue
opportunities (please note that there are significant costs
associated in delivering these services, so discounting
should be discouraged).
»» Knowledge Base
– The Knowledge Base is a self-help option that
contains thousands of hints, tips, and best
practices for all Secure’s products. The KB should
be the customer’s first stop when searching for
technical solutions. The KB is updated daily
– The KB also provides access to Web-based Ticketing and Web-based Training
»» Web-based Ticketing and Reporting
– An alternate option for customers to open
support tickets
Contact information, URLs, and phone numbers are listed
at the end should you or your customers require assistance.
Please use them to demonstrate our superior support and
responsiveness. They’ll help you close more sales!
Secure Computing Services
Network
Architecture
Assessment
Network
Solutions
Architect
Training
Product
Install
Assistance
Enterprise
Account
Management
Support
(Phone, Web
and KB)
– Customers can see the status of their issues
– Customers can submit, monitor, and edit support
tickets online 24/7/365
Product
Upgrade
Assistance
Product
Audit and
Configuration
Sold with the
products
Sold with
the products
and renewed
annually
Services sold
to customers
with supported
products
Customer Service
1.Customer Service – included with purchase price
»» Includes activities such as licensing and activation,
product integration coordination, accounts for Web
resources, and technical training coordination
»» Staffed by Secure employees 24 hours a day
2.Technical Support – included with purchase price
(unbundled in some product lines; refer to price list for
details)
»» Includes activities such as award-winning Live Answer,
post sales support, inbound queue queries, technical
resolutions, and the primary liaison between customers and Secure development team
»» Staffed by Secure employees 24 hours a day
»» Expanded support offered through local resellers
in local languages in Japan, Singapore, UK, France,
Germany, and Dubai
41
– Secure SnapGear (http://tech.groups.yahoo.com/
group/SnapGearGroup/)
– Secure Firewall (Sidewinder) http://mail.adeptech.
com/mailman/listinfo/sidewinder
Product
Tuning
Does not
Done as
even require part of the
that the
sale for our
customer use products
our products
»» Online Customer Forums/Communities. In addition to the officially sponsored Knowledge Base,
there are online user forums/communities for
some of our products, including:
– Secure Mail (IronMail) https://supportcenter.
ciphertrust.com (a username/password is
required and can be obtained from customer
service)
»» Additional on-line services include: patches,
upgrades, and SecureNews updates
4.Training - requires additional purchase
»» Classes available on all enterprise Secure products
offered either at our training centers in Concord,
St. Paul, Reston, Alpharetta (Secure Mail only),
Singapore, Bracknell (UK), Germany, France, and
Sydney (Australia), or on the customer’s premise.
http://www.securecomputing.com/index.cfm?skey=782
»» Authorized training centers through partners available
in UK, Germany, Middle East, Australia, and multiple
US cities. http://www.securecomputing.com/index.
cfm?skey=783
5.Network Services – requires additional purchase
»» Objective is to provide cost effective solutions for all
Secure customers, to enhance their network security
and reliability
– Network Assessment
Secure Computing expert spends up to two
days at the customer site performing a rapid
onsite analysis of the current internet connection,
architecture, and configuration yielding an inventory of systems, and the business and technical
risks associated with each system, policy adherence, and whether their security architecture and
policies are adequate.
– Weekly proactive appliance health check, to
prevent errors and performance problems before
they occur
– Product Installation or Upgrade
Includes product installation, integration and testing by SCC personnel. Note: typically, one day of
installation is required for each server purchased.
– Weekly summary reports of all ticket activity
– Secure will use our thousands of sensors around
the Internet to report on how the customer’s email
servers are being used and detect spoofing attacks
– Four training classes with guaranteed priority
seating
– Caveats and Limitations:
• Available to Secure Firewall (Sidewinder),
Secure Web (Webwasher) and/or Secure Mail
(IronMail) customers ONLY
– Product Audit and Configuration
Reviews the current product configuration of
installed Secure Computing products, along with
host systems.
• Two tier yearly pricing based on number of
appliances. Maximum of 15% discount. Note:
this program has is labor intensive, and has
high fixed costs so additional discounting is not
permitted
– Product Upgrade Assistance
Includes upgrade assistance, policy review and
testing by Secure personnel.
– Product Tuning
Reviews the current configuration of an installed
Secure products and makes recommendations
and changes for product optimization.
– Network Solutions Architect
A Secure Computing expert works remotely with
a customer to review their existing network and
assists in planning upgrades and product integrations that offer the best results for optimization
and effective network security.
6.Enterprise Account Management (EAM) – requires
additional purchase
»» This is a package of services designed for larger
customers who want more personal services.
– A Technical Account Manager (TAM) will be
assigned and is dedicated to answering questions
and making sure support issues are processed
efficiently
– EAM customers are given the phone number of
a special support line, staffed 24 hours a day, 7
days a week
– Our ticket tracking system will tag EAM tickets
separately, so that they will be given the highest
attention
– Any bugs or feature requests will be personally
presented by the TAM to Engineering
• Existing Secure Mail (IronMail) EAM customers
MUST transfer to this new program upon their
renewal date
How Do Secure’s Support
and Service Offerings Benefit
Corporations?
• Secure’s support has won numerous awards
1.Customer Service Leadership Award from Frost &
Sullivan 2002 and 2004
2.Stevie Award for exceptional support 2004
• Live Answer responds to over 100,000 customer calls
per year in less than 1 minute. Their role is to provide
resolution on the 1st call and to maintain ownership of
issues until they are resolved.
1.Current metrics (March ‘08):
• Calls Answered Live: 96.33% (goal = 92%)
• Average Hold Time: 32 seconds (goal = < 60
seconds)
2. Average metrics (Jan. ‘07 - March ‘08)
• Calls answered live: 96.1% (goal = 92%)
• Average hold time: 34.3 seconds (goal = < 60
seconds)
– TAM will visit customer’s site at least once a year
– EAM customers will have access to information
on future releases and schedules before they are
announced to the public
– Customers can request a Root Cause Analysis on
tickets
42
How Do Secure’s Support and
Service Offerings Benefit
Partners?
• Partners have the opportunity to gain additional revenue
by selling Secure Support and Services, and even more
by delivering the services themselves.
• Secure offers partners the ability to provide training
directly. Secure provides the following to interested
partners:
Support and Services Web:
• Login to Web Ticketing
https://support.securecomputing.com/arsys/shared/login.jsp
• General Support information: Call Stats, Warranty and
Agreements, Life Cycle, Product Certifications
Support and Services Phone:
»» Instructor certifications
• 1-800-700-8328 (toll free)
»» Student handouts
• 1-651-628-1500 (International)
»» Links from www.securecomputing.com to partner’s
training page(s)
• +49-525-50054-460 (Germany)
»» Guaranteed non-competition
• VAR Assistance Program for accredited Platinum Partners:
»» Secure personnel will accompany partner’s technical
staff for one on-site installation including a site survey
»» Additional 2 installation assistance will be provided
via phone for up to 6 hours each (must be scheduled
in advance)
»» Partner’s technical staff will have 2 slots in any training
class
• +61-1300-559-109 (Australia)
Support and Services Email:
• [email protected]
Support and Services Knowledge Bases:
• http://kb.securecomputing.com/
Network Services Email
»» Special knowledge base on PartnersFirst Web site
»» Partner will have access to Secure’s web-based ticketing system for their customers’ tickets and resolution
Network Services and Product Technical
Training Phone
• Two levels of technical support that a partner can choose
to sell:
»» Direct support: partner sells and Secure delivers the
service
»» Channel support: partner sells and partner delivers the
support. Secure will provide a senior engineer for 2
weeks at no charge
43
Resources
• 1-888-740-8040 (toll free)
• 1-651-628-1500 (international)
Network Services Web
• http://www.securecomputing.com/index.cfm?skey=782
(Product Technical Training) n
Secure Computing is involved in a number of solution selling programs. The following contains information about some
of these programs.
How to Sell: Payment Card Industry Data
Security Standards (PCI DSS)
What is PCI?
• PCI stands for Payment Card Industry Data Security
Standard. It is also sometimes called PCI-DSS
• Supported by all major credit card issuers: Visa,
MasterCard, Discover, American Express, and JCB.
European-branded credit cards Maestro and Visa Electron
are included by the PCI standards
• Current version is 1.1 issued September 2006. Current
version can be downloaded at:
https://www.pcisecuritystandards.org/tech/download_
the_pci_dss.htm
The PCI Data Security Standard is comprised
of 12 general requirements designed to:
• Build and Maintain a Secure Network
»» Requirement 1: Install and maintain a firewall configuration to protect cardholder data
»» Requirement 2: Do not use vendor-supplied defaults for
system passwords and other security parameters
• Protect Cardholder Data
»» Requirement 3: Protect stored cardholder data
»» Requirement 4: Encrypt transmission of cardholder data
across open, public networks
• Maintain a Vulnerability Management Program
»» Requirement 5: Use and regularly update anti-virus
software
»» Requirement 6: Develop and maintain secure systems
and applications
• Implement Strong Access Control Measures
»» Requirement 7: Restrict access to cardholder data by
business need-to-know
»» Requirement 8: Assign a unique ID to each person with
computer access
»» Requirement 9: Restrict physical access to cardholder
data
• Regularly Monitor and Test Networks
»» Requirement 10: Track and monitor all access to network
resources and cardholder data
»» Requirement 11: Regularly test security systems and
processes
• Maintain an Information Security Policy
• Governing body is the PCI Security Standards Council
(Secure Computing is a member)
https://www.pcisecuritystandards.org/
• PCI applies globally; there are no geographic limitations
• PCI applies to every entity (including non-profits, charities, government agencies, and educational institutions)
that stores, processes and/or transmit credit card data
regardless of the source (Web, point-of-sale, mail order,
telephone order, etc.)
• Some companies outsource credit card processing.
If 100% of the transaction is outsourced (e.g., only
accept PayPal), the company only needs to confirm that
their outsourced vendor complies. However, if the entity
receives any cardholder data (charge backs, refunds,
etc.), the entity itself must comply
• Companies are categorized into Tiers with different
compliance dates (note: dates below are VISA specific):
»» Tier 1: process over 6 million transactions per year
• Compliance target date: 9/30/2007 or
9/30/2008 depending upon notification date
• Estimated US population: 327
»» Tier 2: process 1-6 million transactions per year
• Compliance target date: 12/31/2007 or
12/31/2008 depending upon notification date
»» Tier 3: process 20,000-1 million transactions per year
»» Tier 4: process <20,000 transaction per year
• Estimated population: everyone else
How Does PCI Compliance
Benefit Corporations?
• Ability to continue to accept credit card payments
• The work needed to comply with PCI is virtually identical
to what’s required to comply with other regulations such
as SOX, HIPAA, GLBA, etc. (killing multiple birds with one
proverbial stone!)
• Reduces risk of data breaches and associated fines, bad
press and law suits
• Helps restore consumer confidence
»» Requirement 12: Maintain a policy that addresses
information security
44
What Are the Risks of
Non-Compliance?
• Do they have point-of-sale systems that accept credit
cards?
• Merchants who don’t comply with PCI risk fines from
credit card issuers, up to $25,000 per month from each
applicable credit card issuer for every month they fail to
comply (e.g., if they accept Visa, MC and AmEx, they can
be fined up to $75,000 per month)
• Elevation to higher tier with resulting more stringent
requirements and audits
• Loss of ability to accept credit cards in the future,
potentially translating into a significant negative change
to their overall business model
What Are PCI’s Key Features and
Benefits to Secure Computing’s
Partners?
• Sell more Secure products to the same customer
• Add consulting and other supporting services
• Go beyond “feeds and speeds” and into solution-based
selling
• Elevate value-add to their customers
• Have they been subject to Visa’s Cardholder Information
Security Program (CISP) in the past?
• Do they provide credit card payment options to their
customers?
• What current initiatives or needs to you have to meet
PCI compliance?
• Are you currently working on multiple compliance
projects?
• What are you plans to meet application level firewall
requirement for your Web applications? Secure Firewall
(Sidewinder)
• Given that you have a distribute environment, what are
your plans to secure each remote location? (Retail stores,
employee VPN, etc…)
• In addition to your primary firewall, what are your access
control plans to restrict/segment access to cardholder
data? (in addition to DMZ requirements, probe into
internal/server access)
• What are your encryption plans for external and internal
access?
Target Customers/Markets
• Primarily a retail focus
• Any global company that accepts credit cards for
payments
• Any global company that processes credit card payments
• Titles to target:
• In addition to your application level anti-virus, what are
your plans to address malware/virus at the gateway?
How Secure Computing’s
Products Address PCI
Firewalls:
»» Chief Information Security Officer
»» Chief Compliance Officer (or anyone else with
“compliance” in their title)
»» Chief Information Officer
• Stateful inspection firewalls are “ok” until June 30, 2008.
After that date application proxy firewalls are REQUIRED
for Web-facing applications (they are only considered as
“best practices” until then)
• This provides the perfect opportunity to sell Secure
Firewall as the leading provider of the strongest
application proxy firewall on the market
»» Chief Technology Officer
»» VP or Director of IT
• Retail, Media and entertainment, Financial services, and
Healthcare are adopting PCI the fastest
How to Recognize a Prospect
Secure Firewall (Sidewinder) Key Points:
• 1.x – Secure Firewall satisfies the comprehensive needs of
both of these firewall requirements
• Do they accept, store, process or transmit credit
cardholder data?
• 4.1 – Secure Firewall provides complete IPSec VPN
gateway for encrypting cardholder data across networks
• How many credit card transactions per year do they
process? (this will tell you what Tier they are in)
• 5.x – Anti-virus protection at the gateway is an available
option on Secure Firewall
• Do they have an ecommerce store front that accepts
credit cards?
• 6.1 – SecureOS for Secure Firewall has an unprecedented
history of zero emergency security patches (i.e. less to
maintain with Secure Firewall)
45
• 6.6 – Secure Firewall provides the most comprehensive
application layer firewall protections, including for your
Web-facing applications
• 10.x – Secure Firewall Reporter (bundled with Secure
Firewall) provides intuitive reports and detailed forensic
analysis capabilities
• 11.x – This doesn’t have to be a stand-alone IPS system,
Secure Firewall has IPS built-into the Firewall
Secure SnapGear Key Points:
• Cost Effectiveness (Huge issue!)
• High Availability (Failover is KEY to retail locations)
• VPN Capabilities/Firewall
• Target Markets: Point-of-sale (POS) locations, retail
locations or chain/franchise…, anywhere credit card
transactions take place at the consumer level
Encryption:
• Both Secure Web (Webwasher) and Secure Mail (IronMail)
fit the bill for encryption requirements since both Web
and email traffic that contain credit card information
must be encrypted
Secure Mail Key Points:
• Multiple, flexible encryption technologies eliminate end
user mistakes
Secure Web Key Points:
• SSL decryption ensures that no information going in or
out of the company is unexamined
Authentication:
• Strong 2 factor authentication is a requirement for any
remote access. This is a perfect positioning for Secure
SafeWord 2008
Anti-Virus:
• All of Secure Computing’s products can include one or
more anti-virus (AV) which are automatically updated for
the customer
Secure Web Key Points:
• This is the perfect opportunity to position Secure Web’s
Anti-Malware as “AV on Steroids” for the ultimate in
inbound threat protection
TrustedSource Key Points:
• This is the perfect opportunity to talk about TrustedSource and using reputation-based security to protect
against zero-minute, unknown, and targeted attacks that
AV will never be able to secure
Secure Mail Key Points:
• Secure Mail Anti-Virus solutions automatically update;
TrustedSource and Secure Mail OutbreakDefender
provide first line defense against malware and viruses
• Secure Mail is a hardened appliance and has never been
compromised or required emergency patches
Resources
• Secure Web site
»» www.securecomputing.com/pci
• Secure white papers
»» Meeting and Exceeding PCI 1.1 Compliance
»» Embracing PCI – Making it Work for You
• Secure Presentation »» PCI Internal Only Sales Training.PPT
n
Secure SafeWord Key Points:
• Support for a wide variety of applications
• Seamless integration with Microsoft Active Directory
• Easy to deploy and manage
• Low cost of ownership
46
How to Sell: Secure Web 2.0 Anti-Threat
Initiative (SWAT)
What Is SWAT?
• SWAT stands for “Secure Web 2.0 Anti-Threat Initiative”
• SWAT was launched in Q3 of 2007
• SWAT’s purpose is to show how Secure Computing solutions protect against Web 2.0 threats and technologies
that aren’t addressed by Web 1.0 security measures
»» Web 2.0 differences from Web 1.0
»» Two way communications with blogs, chats, videos,
wikis, RSS feeds, etc.
»» More dynamic content
»» Higher reliance on active code to push an interactive
experience to users
»» Immature programming languages that haven’t been
fully secured
»» Blended threats that combine malware, phishing,
mutating viruses
»» Strong emphasis on social networks like You Tube
What Are the Risks?
• Infected Web sites and/or Web applications can provide
a path for hackers to steal corporate and private information, and to gain access to internal networks
• Spyware installed on users machines can install key
loggers and capture personal and/or sensitive corporate
information
How Does SWAT Benefit A Corporation?
• Allows enterprise users to access rich Web 2.0 applications
without having security risks
• Protects corporate Web applications from attacks
• Protects the company’s reputation by eliminating risk of
zombies and Trojans which could generate spam from the
corporate domain
• Eliminates needs for cleanup costs from Web 2.0 infections
• Ensures security at the gateway means not having to
educate users or change their behavior
• Saves money by managing bandwidth better (prevents
access to malicious sites, preventing spam, phishing,
malware, etc. attacks into the enterprise infrastructure)
• Enforces corporate policy at the gateway to eliminate
compliance risks
47
• Infected laptops/desktops can become zombies under
the control of criminals and be used as spam and/or virus
cannons
What Are SWAT’s Key Features
and Benefits to Secure
Computing Partners?
• Ability to sell more Secure products to the same
customer
• Ability to add consulting and other supporting services
• Ability to go beyond “feeds and speeds” and into
solution-based selling
• Elevate their value-add to their customers
Target Customers/Titles
• Any global company that has Web facing applications,
especially those that allow user-contributed content
• Any global company with legacy caching and/or Web
filtering solutions that need to be replaced or is due for
renewal
• Titles to target:
»» Chief Information Security Officer
»» Chief Information Officer
»» Chief Technology Officer
»» VP or Director of IT
How to Recognize A Prospect –
• What malware or virus protection solution have you
deployed at the Web gateway?
• Has your current anti-virus protection stopped malware
infections?
• Do you know how many IP addresses under your control
are sending emails (have them ask for a Domain Health
Check for a reality check)?
• Do you allow your users to surf to any Web site?
• Does your Web filtering solution stop malware
downloads?
• Do you have any Web-based applications that are not
protected by application proxy firewalls?
• Is your Web cache secure from malware and viruses?
»» Blue Coat doesn’t have any reputation capabilities
• If your current Web cache solution up for replacement?
»» Blue Coat doesn’t do anything with email, so they
can’t correlate blended threats like the Storm worm
• Have you implemented reputation based defenses across
your Web and email platforms?
How Secure Computing Products
Address SWAT
• Secure Web (Webwasher)
»» Secure Web’s intent-based anti-malware is the best in
the business as proven by multiple independent tests
»» SSL scanning ensures that even encrypted traffic gets
scanned for malware and/or data leakage
»» TrustedSource provides Web reputation for
identification of malicious sites
»» Web reputation filtering ensures that employees can
only go to non-malicious sites
»» Secure Web is the only appliance on the market the
does security-based caching
• Secure Mail (IronMail)
»» Secure Mail together with TrustedSource ensures that
spam and phishing attacks are blocked before they
get to inboxes, eliminating a major attack vector
»» Secure Mail performs outbound scanning looking for
sensitive data
»» Secure Mail provides extensive and flexible
encryption options to protect sensitive data
»» Secure Mail is a hardened appliance and has never
been compromised or required emergency patches
• Secure Firewall (Sidewinder)
»» Protects Web-facing applications from cross-site
scripting (the most common type of attack), injection
flaws and malicious file execution
»» Terminates SSL and encrypted protocols
»» Prevents application attacks on databases with IPS and
granular application filtering (proxies)
»» Reputation-based security from TrustedSource
Competition
• Blue Coat is the only competitor really talking about Web
2.0 threats. They are doing Webinars and producing
white papers.
»» Blue Coat does not protect Web-facing applications
What Is Anti-Malware?
• Signature-based anti-virus plus:
»» Intent analysis for authenticode and correct digital
signatures plus
»» Intent analysis for media type verification plus
»» Intent analysis for behavioral malware detection plus
»» Intent analysis for behavioral exploit detection
»» EQUALS: Anti-malware
• Prevents OS, browser and application exploits
• Protects from known malicious code
• Protects from unknown malicious mobile code for which
no signature exists
• Currently only available on Secure Web (Webwasher);
other Secure appliances will have this technology before
the end of 2008
Results of Forrester Research
• 62% of companies use Webmail (Yahoo, Hotmail, etc.)
• 52% use content sharing (blogs, wikis, etc.)
• 49% use interactive applications (Google Maps, etc.)
• 49% use instant messaging
• 79% are concerned about viruses and data leaks
• 77% are concerned about Trojans
• 78% are concerned about spyware
• 74% are concerned about spam
• 73% have been infected by viruses
• 57% have been infected by spyware
• 46% have been infected by Trojans
• 12% know they have zombies in their network
• Forrester recommendations:
»» Blue Coat doesn’t have security-based caching
»» Re-examine the adequacy of security policies and
protection capabilities
»» Blue Coat’s third party anti-virus solutions can’t compare to Secure Web’s anti-malware technology
»» Improve user awareness and training on Web 2.0 and
Web-borne threats
»» Blue Coat has NO proactive scanning capabilities
»» Deploy next generation proactive protection
»» Blue Coat’s script mitigation tools are removing the
script. This “breaks” Web sites
»» Solutions must deliver enterprise level performance,
manageability and reporting
48
Resources
7 Solution Design Requirements for
Web 2.0 Protection
• Secure Computing white papers:
»» “7 Design Requirements for Web 2.0 Threat
Prevention”
1.Real time reputation-based filtering
2.Intent-based malware protection
3.Bidirectional filtering and application control including
encrypted traffic
4.Robust data leak prevention capabilities
»» “Internet Risk Management In The Web 2.0 World”
September, 2007 by Forrester Research
• Secure Computing presentation
»» SWAT presentation (see marketing document stores
for current version)
5.Security-aware caches and proxies
6.Design for layering of defenses with minimal number of
devices
7.Use comprehensive access, management, and reporting
tools
Reputation Enhanced URL Filtering
• Other resources
»» SWAT pod: www.securecomputing.com/swat
»» SWAT blogs: http://www.securecomputing.com/
SWAT/secureblog.cfm
»» Forrester Web cast replay https://event.on24.com/
eventRegistration/EventLobbyServlet?target=registrati
on.jsp&eventid=96655&sessionid=1&key=13A8AE16
73F4549165E6C20F497B5F25&sourcepage=register
n
“Online Shopping”
Reputation-based filtering adds a second dimension of scoring:
The Trustworthiness of a Web site.
49
Cyber Security for Critical Infrastructure
Critical infrastructure are the systems that everyone relies on to keep civilization moving, such as:
• Power:
»» Electrical utility transmission & distribution, oil and gas pipelines, water distribution and suppliers, nuclear
materials and power
• Transportation:
»» Road, rail, air, local public transportation, shipping, hazardous materials
• Federal and municipal services:
»» Safe water systems, waste disposal
• Process manufacturing:
»» Chemical, petroleum, hazardous waste
• Information and communications:
»» Telecommunications, broadcast television and radio
• Emergency services:
»» Emergency health services, public health, fire and police departments
• Banking and finance:
Category
Performance Requirements
Availability Requirements
IT Systems
Critical Systems
• Non-real-time
• Real-time
• Response must be consistent
• Response is time-critical
• High throughput is demanded
• Modest throughput is acceptable
• High delay and jitter maybe acceptable
• High delay and/or jitter is a serious concern
• Responses such as rebooting are acceptable
• Outages such as rebooting are unacceptable
• Availability deficiencies can often be tolerated, depending
on the system’s operational requirement
• Outages must be planned and scheduled days/weeks in
advance
• High availability requires exhaustive pre-deployment testing
Integrity Requirements
• Low to moderate
• Very high
Access to Components
• Components are usually local and easy to access
• Components can be isolated, remote, and require extensive
physical effort to gain access to them
Component Lifetime
• Lifetime on the order of 3-5 years
• Lifetime on the order of 15-20 years
Operating Systems
• Systems are designed for use with typical operating systems
• Differing and custom operating systems often without
security capabilities
• Upgrades are straightforward with the availability to automated deployment tools
• Software changes must be carefully made, usually by software vendors, because of the specialized control algorithms
and perhaps modified hardware and software involved
50
»» Trading systems, automated clearinghouse network,
ATM networks
Critical infrastructure networks differ greatly from IT
networks. This is just some examples of the differences:
Security on these systems has become an issue in recent
years for several reasons:
• Reduction or loss of production at one or multiple sites
simultaneously
• Damage to equipment that can take months to replace
• Release, diversion, or theft of hazardous materials
• Violation of regulatory requirements
• Product contamination
• Connections to IT networks are now required:
»» Remote access for vendors, consultants and engineers
• Criminal or civil legal liabilities
»» Data mining
• Loss of proprietary or confidential information
»» Regulatory controls
• Loss of brand image or customer confidence
• Without security, infections from IT networks can pass to
critical systems untouched
• Normal security maintenance activities like applying
patches or signature updates can cause denial of service
disruptions and outages
• Security forensics are almost non-existent making even
identification of cyber attacks difficult
• Workforce is aging faster than norm
Critical Infrastructure Protection (CIP) Standards
encompass Secure Computing’s portfolio:
CIP-003. Security management controls
– R.4: Information protection—identify, classify and
protect critical cyber assets info
– R.5.: Access control—manage access to critical
cyber asset information
CIP-005. Electronic security perimeters (ESP)
• Within 5 years there will be 40-60 retiring at each utility
company every month
– R.1.: Identify and document all ESP and all access
points to the perimeters
• More than 80 percent of the nation’s critical infrastructure is owned or managed by private organizations,
which raises questions on how involved and responsible
should the government be in the security of the systems
– R.2.: Implement and document controls of
electronic access to ESP
Attacks can come from outsiders or insiders:
– R.2.2: Enable only ports and services required for
operations and monitoring
»» Attacks from thrill seekers
– R.2.1: Use an access control model that denies
access by default
– R.2.4: Ensure authenticity of accessing party
through external interactive access
»» Botnet attackers trying to create zombies
»» Cyber criminals
CIP-007. Systems security management
»» Foreign intelligence services
– R.2.: Enable only required ports and services
»» Phishers, spammers and spyware authors
– R.4.: Use anti-virus software and other malware
prevention tools
»» Terrorists
»» Industrial spies
»» Disgruntled insiders
– R.5.: Enforce access authentication consistent
with the concept of “need to know”
»» Prohibited software
– R.5.3: Use strong passwords
»» Vendor updates
– R.6.: Monitor and log of all system events related
to cyber security
»» Software malfunctions
»» Contractors and other temporary workers
»» Inappropriate and/or out-of-date policies
»» Backup or auxiliary systems don’t have same
protections as the primary systems
Security breaches on critical infrastructure networks can be
devastating, including:
• Jeopardizing the safety of site personnel, the public, and
the environment
• Impact on national security
51
Secure has had a lot of success selling security solutions into critical infrastructure companies and government agencies.
The following list of logos represents companies in 28 US states, 5 provinces of Canada, the UK, Virgin Islands, Italy,
Germany, Hong Kong, Japan, Australia, Poland, Austria, Thailand, New Zealand, Oman, Brunei, Saudi Arabia, Ireland,
Kuwait, Brazil, Malaysia, Qatar, Pakistan, South Africa, Taiwan, Philippines, Finland, and Denmark, and in the following
industries: power, government, transportation, water, energy, gas, petroleum, and chemical manufacturing.
52
Product Promotions
Every quarter, Secure Computing offers some promotional programs to assist in closing sales. Click here for a
list of current promotions (https://partner.securecomputing.com/promos.cfm).
Using Domain Health Check for Lead
Generation
Domain Health Check (DHC) is a free Web service that allows businesses (and consumers) to run a health
check on their domain. The request process verifies the identity of the report requestor (double opt-in
email), generates a report for the domain identified within the verified email address, and then sends the
requestor the DHC report (English only) as an email attachment (pdf). The information within the report
provides the domain’s Web and email reputations as determined by
TrustedSource. DHC will only provide information about their domain
GET YOUR FREE
and IP net blocks that is publicly available based on messaging and
Web behavior observed on that domain.
Domain Health Check™
The goal of DHC is to provide customers and prospects with
SECURE COMP UTING ®
immediately useful web and messaging reputation data; demonstrate
the value of TrustedSource; establish Secure Computing and participating partners as technology thought
leaders; and to generate pre-qualified, high quality leads.
If you are interested in offering DHC reporting linked from your own Web site, contact your
Secure Computing account manager.
Product Evaluations and
Demonstration Units
Secure Computing offer product evaluations for end user customers and product demo / NFR (Not For
Resale) units for channel partners.
Product Demo / NFR units are licensed for up to 250 users and include the most popular subscription
services and support (including warranty) for three years.
Demo / NFR appliances can be used by the partner as internal appliances (protecting their own network)
and/or as demonstration equipment to show the power of Secure’s products to prospects. These units are
NEVER to be deployed in live end-user customer environments in production or for customer evaluations.
Secure Computing offers an evaluation program that allows channel partners to deploy solutions on the
customer’s own premises. We strongly recommend that customers who qualify evaluate Secure products
before purchasing them.
The graphic below describes the evaluation ordering process. Please contact your Secure Computing sales
representative for further information regarding either program.
53
Hardware Appliance Evaluations
(Secure Firewall CommandCenter, Secure Web, Secure Mail, and
Secure Firewall)
Software/Token Evaluations
(Secure SafeWord, Secure Web, Secure Web SmartFilter)
Customer or
channel partner
Customer or
channel partner
1-800 #
SCUR
Web site
1-800 #
SCUR
Web site
Secure Computing Customer Services qualify the
evaluation request and enter details into sales
management system
Request is processed
Sales person is assigned the request, contacts,
customer and sends an Appliance Evaluation
Agreement
For shipped software
(Secure SafeWord 2008)
For downloaded software
(Secure Web/Secure Web
SmartFilter)
Evaluation Agreement is processed
by the Customer Service
Media/guides/serial #’s/Tokens are
packaged and shipped
30 day serial # is emailed
to customer
Once installed and activated,
the customer has 30 days to
evaluate
Customer downloads and
installs their software eval
from the SCUR Web site
Appliance is packed
and shipped
Note: Secure SnapGear has an online demo available
Customer receives appliance
and has 30 days to evaluate
54
Cross Selling Secure Computing Solutions
There are a number of reasons to sell multiple
Secure Computing products into the same account.
There are strong reasons from a management perspective,
from a security perspective, and from a TCO investment
perspective.
Management
• Many companies are looking for fewer vendors to
manage
• It’s easier to have one support phone number to call and
one point of contact that intimately knows your security
environment, your history, and your requirements
Security
• Secure provides the strongest and most respected
security products on the market
• Secure is 100% dedicated to security and employs over
400 engineers who do nothing but worry about keeping
our customers’ environment as secure as possible
TCO and Investment
• Special promotions incent customers to purchase
multiple products, so there is a good financial incentive
to buy more and more from Secure.
The following are some natural pairings to consider when
discussing Secure products with a prospect or existing
customer.
Complete Inbound and Outbound Communications Security: Secure Web and Secure Mail
Complete Mail and Access Security: Secure Mail
and Secure SafeWord
For any company that provides remote access to their
email system (via a Web-based interface or over a VPN),
Secure SafeWord is a natural partner with Secure Mail.
Secure SafeWord provides strong two-factor authentication
to ensure that only authorized users of the email system
can access mail servers.
Complete Data Center and Remote Location
Security: Secure Firewall and Secure SnapGear
This is a natural pairing for any company with remote
offices, branch offices, retail stores, or remote data
centers. Since Secure Firewall and Secure SnapGear share
a common monitoring and reporting tool (Secure Firewall
Reporter), it is easy to monitor and drill down on security
events for all firewalls and have them work together to
provide a complete blanket of security.
Complete Remote Access Security:
Secure SnapGear and Secure SafeWord
For any company that allows remote access into data
centers, pairing Secure SafeWord and Secure SnapGear
provides the highest level of security. Secure SafeWord is
used to authenticate the user trying to access the data
center, and Secure SnapGear authenticates the remote
assets being used. This eliminates the problem of roving
hackers exploiting vulnerabilities in VoIP or wireless
networks from breaking into computing hubs. n
Email security alone won’t protect companies from emails
containing links to infected Web site and Web security
alone won’t protect companies from spam or phishing
attacks. Deploying Secure Web and Secure Mail together
virtually eliminates the most common type of attack being
used today: blended threats.
Complete Web Surfing and Web Application
Security: Secure Web and Secure Firewall
Deploying both Secure Web and Secure Firewall will protect
both a company’s users and the corporate Internet-facing
and Web applications from threats. Secure Web protects
corporate desktops and users as they surf the Internet and
access Web 2.0 sites. Secure Firewall ensures that Internetfacing and Web applications are secured and prevented
from turning into a malware-serving or hacked site. The
combination of Secure Web plus Secure Firewall ensures
that both the desktop and the applications are secured.
55

Secure Computing Partner Survival Guide

Transcription

Similar documents

ordering instructions mail order

Parent Access to the - Collier County Public Schools

Bypass firewalls, application white lists, secure remote

Click-N-Ship - KAU-CE3213

HSW GmbH

Logging in to the System Please go to the following URL to begin

SmartFilter Web Filtering Product Family

Installing SolidWorks Network Licenses

Click-N-Ship

View - Christian PhoneBook

മൻഖൂസ് മൗലിദ്

Firewalls