(ISA) Server 2004: Solution Sales Aid
Download
Report
Transcript (ISA) Server 2004: Solution Sales Aid
Microsoft Internet Security and
Acceleration (ISA) Server 2004:
Solution Sales Aid
Solution Sales Aid Contents
Know the Key Players
Understand the Organizational Pain Chain
Create Interest: Question Examples
Initial Value Proposition Example
Situation Questions
Address Customer Needs with ISA 2004 Solutions
Anxiety Creation Example
Power Sponsor Letter/E-Mail Example
Success Criteria Example
Appendix
Business Value Propositions
Capability Questions
Case Study Summaries
Know the Key Players
Key Players
CEO/President
Pains
CFO
VP Sales and
Marketing
Competitive disadvantage
Not meeting profit expectations
Eroding market share
Inability to rapidly respond to industry dynamics and
new business opportunities
Declining ROI and ROA
Poor investment performance
Declining profits
Not meeting profit growth objectives
Not making budget targets
Declining market share
Not attracting new customers and or distribution
channels
Inability to respond to customers
High turnover rate in the sales force
Unable to maximize productivity
High client-dissatisfaction rate
Know the Key Players
Key Players
CSO—Chief
Security Officer
Pains
Inability to understand exposure to risk
Inability to proactively manage and maintain a complex security
infrastructure
Not knowing the effectiveness of the security solution
Not knowing if the best security partner was chosen
Not knowing if enough or too much has been budgeted to
provide ample security
Not knowing when the next attack will happen and how severe it
will be
Know the Key Players
Key Players
IT Director
(CIO/VP MIS)
Pains
Inability to meet users’ demands
Increasing IT costs and pressure to reduce IT budgets
Inability to provide long-term strategy
Trouble keeping up with rapid technological changes
Lack of rapid deployment and low-cost solutions to business
units
Difficulty integrating new systems with legacy systems
Inability to share information across the organization
Difficulty managing return on IT investments
Difficulty responding to needs of business units
Poor image within the company
Unable to manage growth due to technology changes
Increasing time to deliver requested information
Inconsistent services around the organization
Know the Key Players
Key Players
IT Staff
Pains
Difficulty managing existing systems and applications while
securing and protecting the environment
Inability to make perceived minor changes and deliver adhoc requests
Delivery schedule for applications too long
Inability to use leading-edge technology
Lack skilled resources
Lack of user involvement and commitment
Inability to attract new people
Understand the Organizational Pain Chain
Title: CFO
Pain: Justifying the cost center of
security.
•Financial risk minimized due to
security attacks
•Safeguarding corporate IP to
avoid losing business
•Deploying a security model to
reduce future costs due to
reactive management
Title:
Pain:
Title: President
Pain: Company at a competitive
disadvantage.
•Press attacks from
competition
•Eroding market share
•Reduced production due
to downtime
CIO
We are not effectively leveraging our
investment in security.
Title: VP Sales/Marketing
Pain: Customers cannot gain access to Web
site in order to order products.
•Enterprise platform security is not
aware of what happens enterprise
wide
•Rising cost of corporate information
asset protection
•Reacting to security breaches
rather than proactively managing
them
Title:
Pain:
•Compromising client financial data
•Loss of productive sales time due to
cyber attacks
•Leveraging Internet as a viable sales
platform
Chief Security Officer
Criminal activity is unknown
and unpredictable.
•Disparate infrastructure
•Limited budget
•Lack of dedicated staff
•Lack of defined security
model
Create Interest: Question Examples
Prompter—New Customer/Prospect
This is _________________ with __________. You and I haven’t spoken before. We have
been working with IT executives
like you for the last (many) years. One of the
chief concerns we've been hearing (lately) from other CIOs is their frustration about
managing a highly secure network environment with fast, cost-effective Internet access
and secure remote connectivity. We have been able to help our customers address this
issue. Would you be curious to know how?
Prompter—Menu of Pain Option with References
This is _________________ with __________. We haven’t spoken before, but we have
been working with IT executives
for the last (#) years. The top-three issues
(concerns) we are hearing (lately) from other CIOs are (1) proactively managing and
maintaining network security, including protecting key applications; (2) providing fast
and cost-effective Internet access; and (3) connecting employees with secure, costeffective remote network access. We have been able to help companies address some
of these issues. Would you be curious to know how?
Create Interest: Question Examples
Prompter—Customer Reference Option:
This is ___________________ with __________. You and I haven’t spoken before,
but (customer contact name) from (company name) suggested that I give you a call.
We were able to help him/her address his/her frustration with securing his/her
organization's rapidly expanding networks in an efficient and cost-effective way.
Would you be curious to know how?
Prompter—Upgrade Option: Existing ISA Server 2000 Customer
This is _________________ with __________. You and I have spoken before. You may
have heard about Microsoft's recent release of ISA Server 2004, a next-generation
application-layer firewall, VPN, and Web-cache solution that can help you manage a
highly secure network environment with fast, cost-effective Internet access and secure
remote connectivity. We have been able to help customers like you successfully
upgrade to take advantage of all of the new features and technologies of ISA Server
2004. Are you interested in learning what's new in ISA Server 2004, and why I think you
should consider upgrading?
Initial Value Proposition Example
Enterprises today are continuously challenged to deploy and manage
fast, secure Internet connectivity in a cost-effective manner. The
dynamic nature of digital threats increases the complexity in securing
network perimeters. Microsoft® ISA Server 2004 will provide you with
enterprise security, fast Internet access, and integrated management
that will enable you to stay vigilant and nimble.
Situation Questions: Assessing Needs
Assessment Stage
“How do you assess security vulnerabilities today? Does your firewall filter and protect at the
application layer as well as the network layer? Is there an enterprise-centric system to handle
intersystem functionality? Are you making the most of your bandwidth?”
Design Stage
“How have you defined your layered defensive security model? How are you going to leverage
your existing security investment and design a perimeter defense that integrates with your
directory, authentication systems, and Microsoft Windows® infrastructure?”
Deployment Stage
“Do your current security platforms support security on all layers including the application level?
Are you integrating the authentication and management of your firewalls, VPN, and Internetaccess gateways? Are you pushing Internet content closer to your users in order to improve
performance and save on bandwidth cost?”
Management Stage
“How do you manage the protection of your assets today? Do you have a comprehensive
network perimeter control process? How do you monitor traffic that enters and leaves your
network? How do you ensure that your network is PROACTIVELY secured at multiple layers and
controlled to cut down on administrative overhead and bandwidth cost?”
Situation Questions
Multiple Choice “Menu” Approach:
The top-four difficulties we are hearing from CSOs these days include:
•
•
•
•
Firewalls that only protect at the network level
Slow, costly Internet connectivity
Limited budget
Lack of dedicated staff
…are you facing any of these issues today?
OR
…are you curious as to how we have helped our customers deal with these issues?
The top-three difficulties we are hearing from CIOs these days include:
•
•
•
Enterprise platform security is not enterprise-aware
Rising cost of corporate asset protection
Reacting to security rather than proactively managing it
…are you facing any of these issues today?
OR
…are you curious how we have helped our customers deal with these issues?
Address Customer Needs with ISA 2004 Solutions
While every Internet-connected organization needs security, there are a number of
specific customer needs that present good opportunities for selling ISA Server
2004.
Scenario
1
2
3
4
5
6
7
“I want to securely and easily make e-mail available to employees outside
the network.”
“I want to securely and easily provide intranet information over the Internet.”
“I want to enable partners to access relevant information in my network in a
secure manner.”
“I want to provide secure and flexible remote access to my employees, while
protecting my corporate network from malicious traffic.”
“I want to enable my branch offices to securely communicate with the main
office over the Internet.”
“I want to have control over Internet access and protect my clients from
malicious traffic on the Internet.”
“I want to ensure fast access to the most frequently used Web content in my
organization.”
Address Customer Needs with ISA 2004 Solutions
1: I want to securely and easily make e-mail available to employees
outside the network.
Business
Driver
E-mail is mission critical for many organizations. Access anywhere,
anytime is a fundamental requirement for business communications.
Risk
Internet-accessible e-mail servers are potentially vulnerable to
compromise. E-mail content is potentially vulnerable to eavesdropping,
interception, and modification.
E-mail servers must be shielded from attack by devices that can enforce
legitimate traffic behavior. E-mail content must be encrypted and checked
for integrity.
ISA Server stops attacks against e-mail servers by enforcing proper
traffic patterns at the application level. ISA Server protects mail servers
from malformed commands that might expose vulnerabilities or reveal
too much information useful for reconnaissance. ISA Server can require
that all traffic be encrypted.
ISA Server provides the best protection for Microsoft Exchange by preauthenticating users, filtering application traffic, and enforcing encryption.
Mitigation
Value
Proposition
Unique Value
Address Customer Needs with ISA 2004 Solutions
2: I want to securely and easily provide intranet information over the
Internet.
Business
Driver
As with e-mail for communications, more and more business processes
require global on-demand access to internal corporate data.
Risk
Internet-accessible Web servers are potentially vulnerable to
compromise. Web content is potentially vulnerable to eavesdropping,
interception, and modification. Additionally, anonymous initial access to
resources exposes them to attack.
Require conformance to understood network and application protocols to
lessen (or in some cases eliminate) entire classes of attacks. Enforce
valid authentication before granting access to servers.
Mitigation
Value
Proposition
Unique Value
Using Web publishing, ISA Server can inspect the traffic for legitimacy,
enforce valid URLs, and pre-authenticate all users before forwarding
access to protected resources. Using server publishing, ISA Server
disallows direct connections between clients and servers and provides
application-aware inspection for some protocols.
ISA Server provides the best protection for Web applications (Microsoft
Internet Information Services [IIS] and Microsoft SharePoint®) by preauthenticating users, filtering application traffic, translating links, and
enforcing encryption.
Address Customer Needs with ISA 2004 Solutions
3: I want to enable partners to access relevant information in my network
in a secure manner.
Business
Driver
Business relationships often require interconnecting the networks of
partners for information exchange and access to internal data.
Risk
The Internet, like all public networks, can’t be trusted. Communications
are vulnerable to eavesdropping, interception, and modification.
Legitimate connections can be spoofed by attackers. Granting partners
complete access to the internal network gives them too much access,
which then might be abused.
Mitigation
Encrypt and validate the integrity of all traffic between sites. Require
authentication for all connections. Establish network connection policies
that allow client computers of one partner to access network resources at
another and restrict access to only what’s necessary.
Value
Proposition
The ISA Server VPN encrypts all traffic between sites, keeping it
confidential and ensuring it remains unmodified. All servers authenticate
to each other before establishing connections. Access and routing
policies limit one partner’s ability to roam on the other’s network.
Unique Value
Using S2S VPN with ISA Server, customers will be able to apply flexible
policies to their partner connections that restrict access to needed
content, while enforcing strict application-filtering rules.
Address Customer Needs with ISA 2004 Solutions
4: I want to provide secure and flexible remote access to my employees,
while protecting my corporate network from malicious traffic.
Business
Driver
Risk
Mitigation
Value
Proposition
Unique Value
Although the Web is a popular medium for on-demand access to
applications, sometimes remote clients require full participation in the
internal network—file sharing, nonpublished Web sites, and peer-to-peer
networking are examples.
Remote client computers often are connected to unknown (possibly
hostile) networks. Some remote client computers might be unmanaged
(home) devices. Remote clients can infect internal networks with worms
and viruses.
Inspect the configuration of remote computers and update security
configurations before allowing full access. Constrain access to
destinations and required resources. Inspect all traffic from and to the
remote client.
Remote access quarantine can ensure that client security (firewalls, virus
scanners, software restriction policies) are enabled and up-to-date.
Clients can be limited to certain internal resources rather than being
granted full access everywhere. ISA Server inspects all content inside
VPN tunnels.
ISA Server is able to run VPN client checks on remote PCs to enforce
corporate software policies, while providing deep content inspection that
protects your corporate network from worms and viruses.
Address Customer Needs with ISA 2004 Solutions
5: I want to enable my branch offices to securely communicate with the
main office over the Internet.
Business
Driver
Risk
Mitigation
Value
Proposition
Unique Value
Installing a single device in a branch office to manage all connectivity and
using the Internet to connect branch offices to the main office will save
money, save time, and is simple to implement and manage.
Multiple devices are more expensive to acquire and manage and are
more vulnerable to configuration errors, possibly leading to compromise.
Deploy common configurations of the same device for Internet access,
site-to-site connections, and content caching at all branch offices.
The ISA Server integrated firewall, VPN, and cache provide the best
connectivity experience for Microsoft networks.
ISA Server is uniquely positioned to deliver an integrated firewall, VPN,
and cache solution that helps large corporations lower bandwidth costs,
improve user productivity, and protect against advanced attacks.
Address Customer Needs with ISA 2004 Solutions
6: I want to have control over Internet access and protect my clients from
malicious traffic on the Internet.
Business Driver
Organizations want to control and limit Internet access, thereby improving user
productivity, while protecting clients from malicious traffic.
Risk
Improper use can affect productivity and in some cases expose an organization to
expensive legal action. Consumer instant messaging and peer-to-peer file-sharing
applications might be a particular problem for some organizations. Malicious code
from the Internet can make a client machine unusable and increase the risk of worm
propagation. This costs organizations time and money.
Mitigation
Block access to destinations and applications that put an organization at risk or
decrease productivity. Apply specific access controls by group and/or job function.
Inspect and block malicious traffic from infecting computers. Logs keep track of who
went where and when.
Value
Proposition
ISA Server can block access to certain sites and content. HTTP inspection can block
embedded applications such as peer-to-peer and instant messaging applications as
well as malicious traffic. Integration with Microsoft Active Directory® enables building
custom access controls for varying organizational roles and job levels. ISA Server
traffic filtering prevents many common forms of attack from succeeding: internal
clients are not accessible from the outside, incoming reply traffic is checked for
validity, and third-party add-ons can check for worms and viruses. Special
configurations can also be made to block exploits of new vulnerabilities.
Unique Value
ISA Server leading-edge application filtering allows our customers to protect their
desktops and servers from advanced attacks, improving the reliability of your
environment. Through signature blocking, ISA Server can block non-business
applications, helping organizations increase user productivity.
Address Customer Needs with ISA 2004 Solutions
7: I want to ensure fast access to the most frequently used Web content
in my organization.
Business
Driver
Risk
Mitigation
Fast access keeps employees productive and happy. Yet bandwidth is a
finite resource, some of which is always required for mission-critical
communications.
Web browsing is one of the largest consumers of bandwidth. Left
unchecked, it could consume everything, leaving nothing for missioncritical applications.
Many users often visit the same sites. Keeping local copies of popular
Web content improves the user experience and makes more bandwidth
available for other uses.
Value
Proposition
ISA Server caching capabilities ensure fast access to popular content.
Content can be distributed across arrays of servers, making the best use
of storage capacity. The cache obeys restrictions and expirations if
present, thus ensuring that content remains timely and current.
Unique Value
ISA Server provides enterprise management and control of cached
content, while integrating flexible firewall policies.
Anxiety Creation Example
Situation:
CSO
Job Title: _____________________________________________
Industry: _____________________________________________
General Industry
1. Anxiety Question
How would you feel if at the next quarterly meeting you had to
explain to the CIO and CFO that we are unable to exchange
information freely because we have no reliable method for
protecting against the latest types of cyber attacks such as Code
Red, all of which is resulting in poor customer satisfaction?
2. Capability Question
What if there was a way to reduce the spread of script-replication
viruses, and reduce the chance of communications being
compromised without sacrificing the increased productivity that
can be enjoyed by allowing users to securely share the ideas
they have developed?
3. Feature
Microsoft ISA Server 2004 can give you that capability.
Power Sponsor Letter/E-Mail Example
Mr. Jim Smith
President
ABC Company
Dear Mr. Smith,
Thank you for meeting with Steve Jones and me earlier today. I believe the time was well spent for both ABC and _____________.
You confirmed your primary critical issue is losing competitive advantage in your marketplace.
You and I explored the following reasons for the difficulty:
• Press attacks from competition
• Eroding market share
• Reduced production due to downtime
You indicated that if your company had the following capabilities you thought you could regain that competitive advantage:
• Assist the CIO in effectively leveraging your existing and future investments in security to get products to market sooner
• Enable sales and marketing to be more responsive to customers by securely leveraging the Internet as a viable sales platform
• Avoid losing business by proactively deploying a layered security model that safeguards corporate IP
When I told you I was confident that we can help you integrate these type of capabilities with your existing systems, you agreed to
take a serious look at our ability to do so. Based on my knowledge to date, I am suggesting a short project-oriented evaluation plan
for your further exploration of these issues. Look it over with Steve, and I will call you Friday to get your thoughts.
Sincerely,
cc: Steve Jones, ABC Co.
Success Criteria Example
Base
Line
Success Criteria
Number of minutes/quarter of
unscheduled downtime due to cyber
attacks 3,5
#
Number third-party security applications
to maintain/quarter 2,5
#
Number of systems
administrators/quarter on staff to manage
security—authentication, authorization,
patches,… 3
#
Number of help-desk calls/quarter related
to security 6
#
Estimated number of days sooner a
product was brought to market as a
result of security 4
#
Q1
Q2
Short-Term Action Required
1 President
2 CFO
3 CIO
4 VP of Sales/Marketing
5 CSO
6 IT Director
Q3
Q4
Appendix
Key Features and Business Values
Features
• Advanced
application-layer
firewall, VPN, and
cache solution
• Easily maximize
existing IT
investments to
improve network
security and
performance
Value
• Advanced
security for your
network
• Protection for
your Microsoft
applications
• Helps protect
your critical
business assets
and stay on top
of Web demands
Business Value Propositions
Return on Technology
• Reduced corporate risk
• Increased customer retention
• Increased productivity
Return on People
• Reduced security issues
• Faster response
• Leverage existing services
• Preventative approach
Return on Process
• Partner/customer integration
• Standards-based insures long-term investment value
• Greater agility using infrastructure implementation
• Faster time to market
Capability Questions
Advanced Protection
Enterprise Firewall Protection
Do you need an enterprise-class firewall to protect your servers, applications, and data from hackers, crackers,
disgruntled employees, intrusions, viruses, and malicious mobile code?
Granular Network Traffic Control
Do you want to control what information is allowed into your network and who can access critical corporate
application and data?
Cost-Effective Networking
Do you want to make the most of your network bandwidth through cost-effective control of digital traffic?
Ease of Use
Integrated Administration Tools
Do you want an integrated approach to managing your Internet access, user access, and firewall security for
improved administration?
Centralized Server Management
Do you want centralized management of multiple ISA servers that scales out for large enterprise deployments?
(Be Better)
Capability Questions
Fast, Secure Web Access
Fast and Reliable Web Access
Do you want to increase employee productivity by enabling fast and reliable access to Web content?
Distributed Web Content
Do you want to improve Web access and lower bandwidth cost by storing Web content local to your employees?
Highly Flexible and Extensible
Key Partner Support
Do you need a solution that has leading third-party vendor support?
Platform that Accommodates Future Growth
Do you need a security solution that is flexible and extensible to meet your current and future needs?
Case Study Summary
Country: United States
Industry: Information technology
Customer Profile:
Avanade is the leading technology integrator specializing in Microsoft enterprise solutions.
Business Situation:
With more than 80 percent of its users working remotely, Avanade wanted a cost-effective security solution
with more internal inspection functions and VPN filtering capabilities.
Solution:
Avanade selected Microsoft ISA Server 2004 as its firewall, VPN, and Web-cache solution.
Benefits:
Faster VPN user access
Increased remote network security
Decreased Web traffic by 25 percent
Simplified management
Configured multiple networks
Improved authentication policy
Improved event logging
“The simplicity of ISA Server minimizes the cost of
our operational staff and maximizes the speed of
our response to events.”
Craig Nelson
Director of IT Technology Infrastructure
Avanade
For more details, please visit http://www.microsoft.com/isaserver.
Case Study Summary
Country: United States
Industry: Healthcare
Customer Profile:
Clarke County Hospital, located in Osceola, Iowa, serves residents in south and central portions of the
state by providing diagnostic outpatient, emergency, medical, and surgical services.
Business Situation:
In accordance with HIPAA regulations, Clarke County Hospital wanted a network security system to
protect patient information. The hospital also wanted to limit Internet access and Web surfing.
Solution:
Clarke County Hospital chose Microsoft ISA Server 2004 to make its network more secure, internally as
well as remotely, and to apply a Web-cache solution.
Benefits:
Reduces time for medical diagnosis
Increases productivity by 30 percent
Improves ability to identify user problems
Reduces downtime
Provides insurance against improper Internet access
For more details, please visit
http://www.microsoft.com/isaserver.
“I’ve accomplished more in the last
two months with ISA Server than I
did in the six months prior to
installation.”
Jodi Reindl
Assistant to Directors
Clarke County Hospital
© 2004 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, SharePoint, Windows, and the Windows logo are registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft Corporation •
One Microsoft Way • Redmond, WA 98052-6399 • USA