Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

160127_Identifying_Security_Analytics_Opportunities_v4

0 (0 Likes / 0 Dislikes)
Hi, and welcome to the Identifying Security Analytics Opportunities training. I'm Amy Blackshaw. What we're going to do is spend some time looking across buyer personas and their requirements when we're talking about selling Security Analytics into a company. We'll also then take a look at what we're calling "sales plays." We have four different paths to outline the conversation, target to specific personas and their specific pain points in areas of security analytics that makes the sale a little bit more focused and hopefully drive really great opportunities for you.

So first let's take a look at three different buyer personas across security analytics. The first is the Chief Information Security Officer. Now the CISO's key focus is to bridge, be a bridge between the IT security operations team as well as the business. So they're very high level, obviously, and looking at solving big problems, reporting out perhaps, to the board, definitely to management and really having to wear the full hat across all things security. They need to understand and articulate the value of their security investments. So if you can't do that for them, they can't do that for their audience, the board and management. So for the CISO, they need to understand the value. They need to understand what we bring to the table that's going to make their jobs as well as their team jobs easier, but most importantly more secure.

We get a lot of validation from our next persona, the Threat Specialist or Rock Star as we like to nickname them. Why? Well, because the CISO isn't necessarily going to be technical. They might not understand some differentiation. They might not even understand some feature functionality that we're going to talk to the Threat Specialist about. But they're going to be able to turn to that person and get validation that this is the path that they should take. So let's talk a little bit more about this Threat Specialist a.k.a. Rock Star. Now this is the person that you want to get on your side as early as possible, right? This is the person who sits within the security operations team, they are using the tools day in and day out. They understand the threat landscape and they understand our value. So they are focused on translating the threat environment, right? Where they live, what they understand to what it means for the organization. So they can explain how a specific form of malware has targeted them, what a phishing attack looks like.

They're really the key to the technical understanding of the threat landscape and how that translates into business issues. They're normally the second or third line of response for security incidents. So they're definitely not tier one. They're definitely not sitting on the frontline and trying to triage. They're the people that are going to get called in to specific security incidents or perhaps just going out and hunting to try to find their own incidents. They are the ones who will recommend tactics and strategies to resolve incidents and provide future protection. So as you can hear, this is a key buyer for us. We're selling a technical product, right? It has a lot of high-level business values but in today's crowded market, it can't sound like a competitor's value prop. So when we bring the Rock Star in and show them our tools, let them get their hands on Security Analytics, and they are going to get on our side and help sell. They're going to be the person that's going to be next to you at the table selling up to their food chain.

The third buyer I want to talk about is the Security Architect. Now, they are focused on creating the security architecture with the best strategic and technical fit. So they sort of span across both a technical understanding and the strategy from a business perspective. It's going to be their responsibility to integrate all security tools and processes as elegantly as possible, right? So that's their job. So what's really important about the Security Architect is, yes, you want to get them involved very, very often because you have to have their buy-in that your tool, tools are going to fit into their infrastructure. But just as importantly, this is somebody that you want to be close with post-deal, right? The Security Architect is going to be key into the successful use and deployment of our product, right? So as a consultative Salesperson, you want to make sure that you are close with this team or this person so that our tools are deployed and they are getting the value in which they deserve.

So let's just take a quick look at requirements per persona, right? So when each one of these personas is trying to understand what they're requiring out of a security management and threat and response tool, we list these by personas. And again, we're going to talk about the CISO first, right? And now they're focused across security operations and they're normally faced with some immaturity within the security operations, right? They always want to up-level their maturity across people, processes and technologies. Now, some cases, their pain is that their organization is driven by compliance and not by security. So one of their requirements is that the tools that you are selling into them, yes, need to provide a level of detection and response, but in many cases they're still going to have some compliance drivens as well, right? Their teams do lack resources. In many cases you're going to talk to a CISO who maybe has two people on their team, three people, right? Not everyone's a Fortune 500 that has a 24/7 security operations team. We need to understand the requirement of not only technology but how we can help them bridge the gap across people and processes. Perhaps they need an MSSP. Perhaps they need some services or some retainers to get people in their organizations. And oh, guess what? That means that we get to bring more value into the organization as well. Now in many cases, the CISO's list is going to go on and on, but those are the top ones that you need to focus on with the CISO. Remember, they're dealing with immaturity. They're really looking at people and processes and they need to make sure that the tools in that they invest in are going to drive returns for the organization.

Let's look at the requirements for the Rock Star, right? Our technical guy or gal. They gain visibility and they need to be able to see into the organization to identify and investigate attacks. So their requirement is that they have to eliminate blind spots with visibility, key to our security analytics messaging, right? When they need logs, network and endpoint. They need to be able to inspect every network session, every packet, every log event, every endpoint data for threat indicators. They need to be able to augment that visibility with additional compliance and business context, right? We need to be able to provide to them additional context into the data so that they can detect and analyze even the most advance attacks before they harm the business. And finally, they need to take targeted action on the most important incidents. They need prioritization. They need to able to pivot from an incident into deep packet and deep endpoint data so that they can understand the full scope of the attack and take the correct response. Again, these are the buyers whose hands are on keyboard, understanding how our tools work. And what's great about this Rock Star technical buyer is that they're huge fans of our technology. If you can get a POC, if you can get a hands-on demo with them, in most cases, they are going to be your biggest advocate.

Let's take a look at the requirements of the Security Analyst, right? Their goal is to have the ability to identify issues through rapid investigation and real time detection, right? It's not too far off from the technical buyer. They do want multiple types of data and they want that full-time visibility with forensics analytics. But to them, what's also really important is the scale, right? They're looking at, "How is this product going to scale across my enterprise?" "How am I going to be able to utilize threat intelligence across my enterprise?" "How is this tool going to help and adapt to the changing threat landscape that I'm watching?" "How are we going to enable our team to operationalize all of the information that we're getting from this tool?" So again, they straddle across both technical and some business issues. They're focused much more on getting the tool deployed, scalability and success of deployment. So now let's take a quick look at four focus plays that we are providing out to you all regarding definite, specific focus areas on path to take around sale scenarios.

So now let's take a look at four play maps we are making available to you. The goal of these four plays are to help you identify opportunities in which to sell Security Analytics and other products and services in the portfolio to specific customer pain points. It's important to point out that these are not swim lanes. So in some cases, play one might be sold alongside play four. What we're trying to do is provide you a focused path on buyer, their pains, what we want them to understand from us and the selling path for each one of these plays.

There will be a lot of other collateral available to you for each one of these plays but what I want to do is take a quick minute to walk through our play number one, which is called Threat Detection and Response. The key to this play is that we're augmenting SIEM. So when existing customer that already has a log-centric SIEM and they're looking for more threat detection and response, that's what you're listening for. This path and this sales play is exactly for that opportunity. What you'll see in the collateral we're providing is an overview of the customer challenges facing this key play. And in a nutshell, is that logs and log-centric SIEM are not enough for detection and response. Why? Well, because they're based on preventative controls. So customers need to augment their log-centric SIEM with network and endpoint visibility, A.K.A Security Analytics.

So some of the benefits of this play for these customers is that they are going to get a real detection and response platform without having to rip out their existing SIEM. Because as you know, many, many customers have spent millions of dollars on SIEM over the past 15 years. So we don't want to be in the place to tell them to rip out their investment. We want to say, "Mr. Customer, you made a good investment. Keep that investment. Let us augment your SIEM to provide you threat detection and response." Key buyers in this play are CISO and what we call either the Director of Security or the Security Analyst, somebody who works on the security operation team, could be that Rock Star, remember? You're able to download some of their key pains and how to position this Security Analytics to these key buyers.

In addition, we're providing positioning as well as desired outcomes and sample questions, so that you can read hypothetical conversation with a CISO about augmenting their SIEM. We'll lay out the path that you might take with that customer. Perhaps the customer isn't happy with their log-centric SIEM. You're going to have a slightly different conversation with them than if they're in love with their log-centric SIEM. And again, there's lot of details on how to have this conversation downloadable attached to this content. And so how so do we do this. How do we augment a third party SIEM? Well, it's key to remember that we do this in two pretty simple ways. The first and foremost is that our tools can live alongside a log-centric SIEM and it can ingest logs from a LogRhythm, an ArcSight, a Q1, a Splunk. So keep your log-centric SIEM doing what it's doing. Just forward some data over to Security Analytics. This will allow us to correlate those logs with packets and endpoint data. In addition, we can also aggregate alerts. What's the difference? Well, the difference is that, we will be using Security Analytics for packets and endpoint. And at the operations layer where the security operations team is reading their incidents and coming into a dashboard for their workflow, we will be aggregating alerts from the third party SIEM like Splunk, LogRhythm, etcetera alongside our incidents. So there's flexibility in how we do this. This is not a heavy lifting task. These are out of the box integrations with our security operations management product.

So just in closing, I want to share with you that there are many cases available on SalesIQ where you can find information about successful wins in this play. A lot of our customers come to us with a log-centric SIEM. They just recognize that they need more. They maybe have been attacked. Maybe they have a new CISO. Maybe they've come under some sort of scrutiny for not having full visibility across their infrastructure. This play is very important to understand and glean information from some of the wins that are in security on SalesIQ. So with that, happy selling.

Video Details

Duration: 15 minutes and 13 seconds
Country:
Language: English
License: All rights reserved
Genre: None
Views: 15
Posted by: quinnb on Mar 28, 2016

160127_Identifying_Security_Analytics_Opportunities_v4

Caption and Translate

    Sign In/Register for Dotsub to translate this video.