1 / 36

NetIQ Sentinel 7 Sales Enablement Webcast October 24, 2011

NetIQ Sentinel 7 Sales Enablement Webcast October 24, 2011. Brennan O’Hara Product Marketing Manager bohara@netiq.com. Rick Wagner Senior Product Manager rwagner@netiq.com. Jason Arrington TSS Security Principal jarrington@netiq.com. Agenda.

xia
Télécharger la présentation

NetIQ Sentinel 7 Sales Enablement Webcast October 24, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NetIQ Sentinel 7Sales Enablement WebcastOctober 24, 2011 Brennan O’Hara Product Marketing Manager bohara@netiq.com Rick Wagner Senior Product Manager rwagner@netiq.com Jason Arrington TSS Security Principal jarrington@netiq.com

  2. Agenda • Sentinel 7 Capabilities Overview / What’s New? • Key Differentiators • Messaging and Positioning • Sentinel 7 Licensing Model • Demo Storyboard / UI Review • Sales Engagement Process • Q & A

  3. Shakeup In The SIEM Market Competitive Brief on Innerweb • https://innerweb.novell.com/site/docrep/2011/10/Competitive_Brief_IBM_and_McAfee_to_Acquire_SIEM_Vendors_Q1_Labs_and_NitroSecurity

  4. Sentinel 7 Overview

  5. Historically HISTORICALLY Log Management Log Management • Consume as many files as possible • Provide ad-hoc searching • Report • A compliance/forensic tool • Splunk • ArcSight Logger • Sentinel Log Manager * Consume as many files as possible * Provide ad hoc searching * Report a forensic tool /compliance

  6. Historically HISTORICALLY Log Management Log Management • Consume as many files as possible • Provide ad-hoc searching • Report • A compliance/forensic tool • Splunk • ArcSight Logger • Sentinel Log Manager Security Information & Event Management • Continuous monitoring • Real-time analysis, dashboards, alerts • Perform activity when specific events occur • netForensics • ArcSight ESM • Sentinel * Consume as many files as possible * Provide ad hoc searching * Report a forensic tool /compliance

  7. Sentinel 7 HISTORICALLY Log Management Log Management • Consume as many files as possible • Provide ad-hoc searching • Report • A compliance/forensic tool • Splunk • ArcSight Logger • Sentinel Log Manager Security Information & Event Management • Continuous monitoring • Real-time analysis, dashboards, alerts • Perform activity when specific events occur • netForensics • ArcSight ESM • Sentinel * Consume as many files as possible * Provide ad hoc searching * Report a forensic tool /compliance Sentinel 7 • Bridges gap between two functions • All capabilities in one tool easy. smart. powerful.

  8. Key Features/What’s New • Coupled functions—log management and SIEM • Intuitive and easy, Web-based user interface • Integrated ‘Google-like’ search and dynamic reporting • Powerful drag-n-drop correlation rule builder w/testing • Security Intelligence Dashboards • Baseline/trending, advanced analytics, anomaly detection • Lightning fast, indexed data store

  9. Differentiators • Virtual software appliance option • Data archiving • Data warehousing • Web-based user interface • ‘Identity’ integration • User activity monitoring

  10. Messaging/Positioning

  11. 74% Experienced external data theft in past two years 72% Experienced internal data theft in past two years IT Security Survey of 200 Enterprise IT Security Decision MakersHarris Interactive, April 2011

  12. 86% of victims had evidence of the breach in their log files EVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVEVIDENCEOFTHREATHERENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSEVENTDATASYSTEMLOGSE 2011 Verizon Data Breach Investigations Report

  13. Why Are Incidents Going Undetected? Customers and Prospects tell us: • Under staffed • Under budgeted—competing priorities • Lack time to monitor log data • Lack visibility into User activity • Current security solutions are too complex and costly • Can’t enforce security in virtual and cloud environments

  14. Sentinel 7Actionable Security Intelligence—at your fingertips! NetIQ Sentinel simplifies threat detection and speeds analysis and response, helping security personnel to: • Safeguard sensitive data and assets • Ease demonstration of compliance • Strengthen security operations EASY SMART POWERFUL

  15. Sentinel 7Actionable Security Intelligence—at your fingertips! Easy • Web UI • Virtual Appliance Smart • Integrated search/reporting • Drag-n-Drop Correlation Rule Building Powerful • Real-time base-lining/trending • Anomaly detection • Security Intelligence Dashboards

  16. Pricing/Licensing

  17. Sentinel 7’s New Licensing Model:Enterprise Events Per Second • Customers purchase the Events Per Second (EPS) license level for the total EPS across all their Sentinel servers, not to exceed the licensed amount • Very similar to current Security Manager licensing model • Somewhat similar to Sentinel Log Manager • Very different than the Sentinel Instance/Device Model • Events Per Second utilized by majority of competitors • Like Security Manager model, events are considered to be unfiltered raw events at the endpoint/where they are collected/captured by our software

  18. NetIQ Advantage • A deployment architecture does not have to be planned by a Sentinel expert before a rep can quote a deal/customer can place their order • Events Per Second guidelines can be developed to help provide guidance to the customer • Customers can deploy an unlimited number of Sentinel/SLM servers as long as the total event count across them does not exceed the licensed EPS (SLM must be connected to Sentinel) • License to use non-royalty based collectors gives customers an incentive to organically grow and thus require the purchase of additional EPS capacity • Proposed model is more simplistic than competitors thus is a strategic advantage in deal negotiations

  19. Demo Storyboard

  20. New User Interface

  21. Security Intelligence Dashboards

  22. Correlation Rule Building

  23. Correlation Rule Building

  24. Correlation Rule Builder

  25. Identity Integration

  26. Sales Engagement Process

  27. Sales Engagement • Target audience • CISO, Director of Information Security • Good opportunities • Existing Novell or NetIQ relationships / technology • Highly distributed environment • Strong host-based collection component • Desire for ‘identity’ / user activity monitoring • Red flags • No existing contacts • Heavy emphasis on Netflow capability • Significant existing EMC / HP / IBM relationship • Strong preference for a hardware appliance

  28. Who do I contact? • North America • Heritage Novell SEs • Jason Arrington, Rich Roberts, Michael Arnold • Heritage NetIQ SE / PLSE • Nelson Cottier, Pete White, Jeff Gibson, Brian McKee • EMEA • Pascal Oetiker, JoernDierks • Product Management / Marketing • Rick Wagner, Matt Ulery, Matt Mosley, Brennan O’Hara, Kyle Woodruff • Engineering • PengLiu

  29. Sentinel Customers

  30. Questions? Coming in November: Sales Enablement Tools

  31. Appendix

  32. Licensing OverviewExample 1 Server 1 Server 4 Sentinel Link Collector Managers 1,200 EPS Sentinel Link Server 2 Collector Managers 1,800 EPS Collector Managers 1,100 EPS Collector Managers 2,200 EPS Correlation Engine Customer is Licensed for 7,500 EPS Server 1: 1,200 Server 2: 2,200 Server 3: 1,800 Server 4: 1,100 Total: 6,300 Customer is IN COMPLIANCE Server 3

  33. Licensing OverviewExample 2 Server 1 2,200 EPS Server 4 Events from Sentinel Link only Sentinel Link Sentinel Link Server 2 3,200 EPS Customer is Licensed for 7,500 EPS Server 1: 2,200 Server 2: 3,200 Server 3: 4,000 Total: 9,400 Customer is OUT OF COMPLIANCE Standby Server Server 3 4,000 EPS

  34. Licensing OverviewExample 3 Log Manager 1 2,200 EPS Sentinel Link Sentinel 1 Events from Sentinel SLM and Collector Mgr Sentinel Link Collector Manager 1 3,200 EPS Customer is Licensed for 10,000 SENTINEL EPS Log Manager 1: 2,200 Sentinel 1: 4,000 Total: 6,200 Customer is licensed for 5000 SLM EPS Log Manager 2: 4,000 Total: 4,000 When an SLM server is connected via Sentinel Link, the EPS is counted against the customers total Sentinel EPS Distributed Search Correlation Engine Log Manager 2 4,000 EPS

  35. Licensing OverviewExample 4 Log Manager 1 2,200 EPS Sentinel Link Sentinel 1 Events from SLM and Collector Mgr Sentinel Link Collector Manager 1 4,000 EPS Customer is Licensed for 15,000 SENTINEL EPS Sentinel 1 (CM1): 4,000 Sentinel 2: 4,000 Log Manager 1: 2,200 Total: 10,200 Customer is licensed for 5,000 SLM EPS Log Manager 2: 2,000 Total: 2,000 Log Manager 2 2,000 EPS Sentinel 2 4,000 EPS

More Related