August 2007 Presentation Flow Part A – The Challenge


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Purpose: Introduce yourself and your background to listeners and the subject of the presentation. For example: After we discussed your application security needs, I would like to present to you how you can benefit from adding dotDefender to your portfolio. I will do this by covering three topics (click to next slide) Note: Add your name and title to the slide. If you haven’t done so before, present your role and relevant work experience.
  • Purpose: Introduce the presentation flow, and also the product and company name. Text for example: We will start by explaining the market challenge and its relevance to organizations such as yours. Then we’ll present dotDefender, how it works, and how it can protect your customers’’ applications. Lastly, we will discuss how we work together in partnership, what you get, and the business model. (click to next slide) Note:
  • Purpose: Open first chapter Text for example: So what is the market challenge for hosting providers? Click Note:
  • Purpose: Present the application security problem. Text for example: Your customers are using the websites on their hosted servers to do business. The question is – who is doing business through these websites? Unfortunately, there are two types of people who conduct business through these websites – the good and the bad. The good are customers, suppliers and business partners who enter the company website to do business, and receive information. For example, buy products online. But we are here today because of the bad guys. These are hackers working for organized crime, who are looking to steal valuable information. Credit card and Personal data are obvious targets, but also employee details, customer names, or commercial espionage looking for legal, financial, and other data. The hackers are entering the company through the website, which you are storing, and on the whole are rather protected. Click Note: You can tell an anecdote from your own experience to make this more interesting.
  • Purpose: Pinpoint the security hole: client’s applications. Text for example: When I say protected, what I mean is, that you provide two aspects of protection to your customers. First, you protect their server by physical security, network security and content filtering such as anti-virus and anti-malware. You are also protecting their business operations by providing business continuity and backups. The problem is that although you build a wall around your client’s servers, the client gives the hackers a ladder on which to climb, and this ladder is the customer’s application. This is a huge risk that your customers may not be aware of, or don’t know how to deal with. This is also your opportunity to offer them a paid service that will complete their web security posture. Click Note:
  • Purpose: Explain the problem is getting worse. For example: This slide explains the source of the problem. It shows a comparison of software vulnerabilities discovered each year from 2001 until now. All web applications use 3 rd party software – the web server, the programming language, specific modules. And each year the security organizations (NVD, CERT, ISVDB) are finding more and more security holes. And when there’s a hole, there are hackers ready to abuse it. Note: Create urgency: your customers’ are becoming more likely to get hit.
  • Purpose: Introduce dotDefender Text for example: This is exactly where dotDefender comes in. Put simply, it solves the problem of hackers. It’s a software that identifies attacks and stops them. This software allows you to protect your customers better. It’s an opportunity to add a premium service to your portfolio, and increase your revenue per customer. This additional service is also valuable in customer retention. Lastly, although you are not responsible for customers’ application, if something bad happens it will damage your reputation, especially if it affects many servers on your farm, as sometimes happens. So application security will improve your service and professional image as a whole. Note: Emphasize the issues that seem most relevant to the listener, based on your previous conversation.
  • Purpose: Transition to new chapter. Text for example: So far we discussed the contribution of application security to your hosting service. Now let’s talk about we do it exactly. Note:
  • Purpose: Prepare the ground and so it becomes obvious that a solution needs to work on the web server. For example: A little bit of theory, how can we best detect application level attacks? Or in other words what is the basis for good application security. There are four issues that need to be taken care of. First, we need to look at all the traffic, and especially if it’s encrypted by SSL. You know that the first thing your customer will do to protect his application is encrypt traffic, so it is necessary to be able to read encrypted messages. Then, we need to look at all the parts of the traffic, both the request headers, and the contents of the request. If a user sends some text, we want to examine this text. Also, we want to examine the incoming requests in the same way as the application will see it, so we can detect requests that may harm it. Something that looks innocent at the network level can become disastrous when it gets to be executed by the application. And lastly, since hackers are not keeping still, we need security updates to counter new threats. The combination of these four requirements enables an accurate examination of all the relevant parts of the traffic, that is always ready for new threats. So where can our security software perform all these things in the best manner? Click Note: This slide differentiates WAFs from other offerings, especially IPS and “all-in-one” appliances which claim to include application security. The point is they don’t have the capabilities to do the things detailed on this slide, and thus do not offer a real solution to the problem.
  • Purpose: Define dotDefender. Explain why a server plug-in is the best way to protect against application level attacks. For example: To answer all those requirements we decided to implement dotDefender as a web server plug-in that works on the server itself. This is the only way to look at the traffic exactly as the application will execute it, after it has been assembled and decrypted by the web server. This allows the software to look at the complete contents of the request, not just headers. All this without creating performance and capacity problems. In the diagram you can see the flow of the traffic: users are sending traffic from the internet, both legitimate and malicious requests. The traffic passes through the network measures: firewall, SSL, IPS, which allow application level attacks to pass. But once they get to dotDefender on the server, the malicious requests represented here in red, are identified and stopped. That’s the important thing: we see the attacks on the server level and we can do the work. It was also important for us to support all the platforms used by our clients, so we support both Apache and IIS, as well as Microsoft ISA server for internal security. Note: It’s a good opportunity to find out which servers they are using and in what proportions.
  • Purpose: Explain the product technology and how much it protects again. For example: In order to achieve optimal protection, dotDefender combines 3 security engines: pattern recognition, Signature knowledgebase and session protection. Pattern recognition deals with hacking attempts. You can see the SQL Injection and Cross site Scripting that are considered the top 2 vulnerabilities by OWASP (the application security organization). But there are many more, which are less famous, but not less dangerous. Session protection deals with the user session level in order to prevent impersonating as someone else. For example, if you have an online bank account, we don’t want your session cookie identification to get to hacker’s hands. We also prevent someone from sending a lot of automatic requests in order to crash the server and disrupt the business. The signature knowledgebase is not something we invented, but we adopted it and improved it a little. It checks if requests are coming from known malicious sources, such as hackers and spammers. We added to it identification of bad user agents which are hacking tools used to look for vulnerabilities in the application, so we prevent them from gathering information about the soft spots of the application. Note: There is no need to get deeply into each attack type, just let the client get impressed by the breadth of dotDefender security.
  • Purpose: Give a taste of how it is implemented, and what are the benefits. Also, impress client with Applicure security expertise. For example: The security engines work through a mechanism of security rules. Why security rules First, let’s understand what security rules are. They are a definition of what we don’t allow users to do in the application. Basically they say: if a user is doing something that matches a specific pattern, stop it. We have a large collection of such rules, around 700 of them, based on the knowledge and experience of our security experts, and they are of course updated from time to time. Our experts know how hackers think and this enable us to counter both existing and new attacks, so we cope very effectively with 0-day attacks. You can see in the screenshot the rules for SQL Injection, under each titles there can be dozens of specific rules that identify things like, say basic database commands, or SQL comments. Because the rules are based on hacking practices, they are not dependent on your customer’s application. It means they will provide an adequate level of security to old, unpatched applications, and continue to do so when customers change or replace their application. The main benefits of this technology is that almost all the incidents identified as attacks are really attacks, and not something legitimate. So customers don’t call to complain they were stopped, and your support doesn’t waste time on resolving mistakes. Because of this there is very little maintenance on dotDefender, without compromising on the level of security. The point is to provide a high level of protection without creating a lot of work for your support team. Let’s summarize the technology advantages we discussed. Click Note: Hardware WAFs are infamous for their high false positives rate, requiring a security expert to work 50% position on handling these false alarms. So if the listener considers hardware as an alternative, expand on this point. You can add in this context: - No need to re-configure security for changes in the application - No need to change the network, and buy hardware - No traffic limitations, while appliances are a significant bottleneck. סיכום ביניים – חשוב מאוד מאוד מאוד : אז עד כאן למעשה תיארתי את הנסיבות שהביאו את חברת אפליקיור לפתח פתרון תוכנה שיגן על האפליקציה של לקוחות מפני פריצה אליהם דרך האתרים שלהם . הבהרנו שמדובר בתוכנה שיושבת על השרת ולמעשה קוראת את כל הבקשות הנכנסות . התוכנה , שנקראת DD , עושה זאת באמצעות שלושה מנועי אבטחה . והדגשתי אחד מהם , את ה - pattern recognition . אמרתי שהחוכמה היא לא רק לזהות את דפוסי החדירה או הפריצה או התקיפה שנעשים על ידי גורמים מאוד מתוחכמים שמסווים את עצמם כל הזמן . אלא החוכמה היא גם לדעת להגדיר את אותם דפוסים כך שהשימוש בתוכנה יהיה קל . וזה בדיוק מה שמעביר אותי לשקף הבא קליק לשקף הבא
  • Purpose: Summarize and reinforce technological advantage. For example: Our technological advantages are the implementation as a plug-in on the web server which can read all Incoming requests. It combines 3 security engines for full coverage against hacking. The engines are working through security rules that are independent of customer applications, and Require very law maintenance, which brings us to the next slide. Click Click
  • Purpose: Explain why dotDefender is the best solution for them. Text for example: dotDefender is an ideal solution for hosting providers. From the business point of view, it allows you to provide the service to all your clients, by supporting both Apache and IIS. Unlike other solutions, it does not require an understanding of the application being protected, so you can offer the solution to everybody. We will discuss the business model later, but I just want to tell you at this point, that we have models for your different service offerings, that is for both shared servers and dedicated. From the operational point of view, we tried to make things as easy as possible for you. We are offering software that is very easy to install really a next-next-finish process. The operation is does not require any special skills. Mostly, you would want to look at the logs and see that everything is working alright. You can see what the log looks like in this screenshot. It summarizes the event information in nice charts, which you can provide to your customers. This means that you don’t have to spend many resources on maintenance, and enjoy a profitable service. To conclude this chapter about dotDefender, I would like to mention the company behind the product. Click Note: Try to mention information you received from the client in the preceding conversation, so they understand how the solution answers their needs.
  • Purpose: Let’s talk business. For example: OK, let’s talk about how we work together. Note:
  • Purpose: Introduce the company behind the product. For example: First, let me tell you a little about the company behind dotDefender. Applicure Technologies is a publicly traded company, and was established in 2004. It is managed by security veterans, and was recognized as one of the best 100 vendors by IT Week. And we are here to discuss working in partnership. Note: If you want to talk a little about the people, here’s the story: The founders are Mr. Basol and Mr. Allouch. It’s a unique combination as Mr. Basol is the former head of security in an intelligence agency, and Mr. Allouch was a well known hacker in his youth, and he turned to consulting and creating security products later on (one of his products is now part of the Symantec portfolio). Mr. Sherban joined the company later. He is the former Head of Software division in IBM Israel, and helped in the past to grow several startups to maturity, such as Valor.
  • Purpose: Define what each partner provides Text for example: This scheme shows what each of us is responsible for. This is how we work with our hosting customers. We provide you with product licenses, obviously, and also with updates and upgrades. We will also give you sales and technical training, so your people know how to sell and operate the product. Training is included in our service, and we don’t charge extra for it. Also, we will give you brochures and other marketing materials your sales people may need. Our support team will provide 2 nd level support. And to streamline the work processes, you will be appointed an account manager that will take care of all your needs. This is our side, and it enables you to provide to your customers an application security solution. They see the ongoing results in the reports the software issues. Your technical teams will obviously install the software, and you could also offer additional services like maintenance, explaining findings, etc. And lastly, 1 st level support. Note: This is the opportunity to clarify the scope of our service, and also find out what they need in terms of training and marketing collaterals.
  • Purpose: Explain the pricing model and talk numbers For example: We work with 3 different business models, based on the type of your customers. The idea is to work back to back with your business model. For dedicated hosting we work in software as a service model, that is your customer gets the software, and pays a monthly fee for the protection and maintenance. On the next slide I’ll show you how it works in more details. For shared hosting we just sell you a license for the server, and you can decide whether to charge your customers for the security service. Some of our hosting clients just bought a license and don’t even tell their customers about it. Lastly, if you do integration projects for customers, there's a reselling option. Let’s focus on the SaaS model, which is probably the most relevant. Click Note: Good opportunity to ask how many dedicated servers they have, how many shared, and whether they do Integration projects for customers.
  • Purpose: Exemplify the potential income. Text for example: (Note that to make the excel work, you would need to get out of presentation mode by pressing Esc button.) We have here a simple spreadsheet that calculates your revenue. How many servers do you have? (enter the number of servers). Let’s say you charge your customers E150 a month for the service (if the listener wants to charge more/ less, change the value accordingly.) Your share is 35%. We created a simple model showing your income from this service for the first three years. We base it on the conservative assumption that on the first year 5% of your customers will take up the service, on the second year 12% and on the this we reach 21%. You can see the yearly income in the green cells. I think it’s pretty good. There’s a good business case here, and here is what our hosting clients say about it. Click Note: This is a good time to discuss and agree prices and the hosting provider’s %.
  • Purpose: Increase client’s confidence by showing that we have other clients like them. Text for example: One of our first hosting clients were the Israeli Governmental ISP. They have over 500 servers which they need to protect against constant attacks by sophisticated hackers. After we started working together, they wrote to us (read the quote). This is what our customers say, and our aim is to become your chosen web application firewall, and we know that there is a business opportunity here for you. Click. Note: The other logos, left to right: 012: hosting provider, Israel. We protect their shared hosting server. Bezeq International: hosting provider, Israel. Dedicated servers. Netvision: hosting provider, Israel. Dedicated servers. Together, they cover most of the hosting market in Israel. Arkenis: hosting provider, France. Dedicated servers.
  • Purpose: Summarize business opportunity. Text for example: To wrap things up, here are the three aspects of this business opportunity. First, you increase revenue, and also profitability. On this basis, you can develop more services, like maintenance, integration, etc. The third aspect is customer retention which is increasingly important as communication services are becoming a commodity. This is the conclusion of the third chapter, and we get to the end of the presentation. Click
  • Purpose: Reinforce presentation messages. Text for example: In this presentation we reviewed three subjects. The first was the need for application security, which is becoming more urgent, as organized crime is getting seriously into hacking, and software vulnerabilities only increase. We have seen how dotDefender provides protection that is not only good security, but also a practicable solution for you. Most importantly, our business model was created to ensure high revenue for you, with minimal initial Investment. And on this basis I believe we can do great business together.
  • August 2007 Presentation Flow Part A – The Challenge

    1. 1. August 2007
    2. 2. Presentation Flow <ul><li>Part A – The Challenge </li></ul><ul><li>Part B – Understanding dotDefender </li></ul><ul><li>Part C – Working in Partnership with Applicure </li></ul>
    3. 3. The Challenge Part A
    4. 4. Who’s Doing Business via Your Customers Websites? Suppliers, business partners and clients perform business transactions and receive information. Organized crime stealing financial information, legal documents, marketing plans, client information.
    5. 5. Protecting your customers You Protect their business <ul><ul><li>Business continuity </li></ul></ul><ul><ul><li>Backups </li></ul></ul><ul><ul><li>Physical security </li></ul></ul><ul><ul><li>Network security (firewalls, etc.) </li></ul></ul><ul><ul><li>Content filtering </li></ul></ul>You Protect their server
    6. 6. Increase in Vulnerabilities
    7. 7. dotDefender at Your Service dotDefender automatically stops attempts to hack websites. Allows you to provide better. security for your customers Opportunity to add another premium security service to your portfolio. An additional connection to your customers. Protects your reputation in case of attack.
    8. 8. Understanding dotDefender Part B
    9. 9. The Basis for Good Application Security <ul><li>Ability to open and read all requests – even encrypted ones. </li></ul><ul><li>Ability to read all the request - both headers and content . </li></ul><ul><li>Ability to view the request in the exact form the application will execute it. </li></ul><ul><li>Ability to counter emerging threats . </li></ul>
    10. 10. Server plug-in for Apache, IIS and ISA. Approved by dotDefender Blocked by dotDefender <ul><li>- Firewall </li></ul><ul><li>- Anti-virus/ spam </li></ul><ul><li>Authentication </li></ul>- VPN/SSL - Net IDS - Net IPS dotDefender Application Security Software
    11. 11. dotDefender Security Engines
    12. 12. Why Security Rules? <ul><li>Security rules define the </li></ul><ul><li>patterns that indicate </li></ul><ul><li>hacking. </li></ul><ul><li>Generic rules based on </li></ul><ul><li>hacking techniques, not </li></ul><ul><li>a specific application. </li></ul><ul><li>Main benefits </li></ul><ul><li>Low false-positives rate. </li></ul><ul><li>Strong security at low </li></ul><ul><li>maintenance. </li></ul>
    13. 13. Technology Summary <ul><li>Software plug-in. </li></ul><ul><li>3 Security engines. </li></ul><ul><li>Rule-based. </li></ul><ul><li>Low maintenance. </li></ul>
    14. 14. Product Benefits for Hosting <ul><li>Comprehensive Solution </li></ul><ul><li>Multiplatform – Apache, IIS, ISA. </li></ul><ul><li>Independent of customer application. </li></ul><ul><li>Solutions for both shared and dedicated servers. </li></ul><ul><li>Simple Operation </li></ul><ul><li>Easy to install and operate. </li></ul><ul><li>Low maintenance. </li></ul>
    15. 15. Working in Partnership with Applicure Part C
    16. 16. Applicure at a Glance
    17. 17. Working Together <ul><li>dotDefender </li></ul><ul><li>Updates & upgrades </li></ul><ul><li>Training </li></ul><ul><li>Marketing materials </li></ul><ul><li>2nd level Support </li></ul><ul><li>Account manager </li></ul><ul><li>Application security </li></ul><ul><li>Reports </li></ul><ul><li>Installation </li></ul><ul><li>Maintenance (optional) </li></ul><ul><li>1st level Support </li></ul>Hosting provider Applicure provides you You provide to your Customers
    18. 18. The Business Model <ul><li>Back to back with your business model </li></ul><ul><li>Software as a service (SaaS) for Dedicated Hosting. </li></ul><ul><li>Customized solution for Shared Hosting. </li></ul><ul><li>Reselling model for projects & integration. </li></ul>
    19. 19. SaaS Projections
    20. 20. Proven Experience Israeli Governmental ISP “ I highly recommend dotDefender™ to any hosting service, as well as to website owners who are looking for a viable web application firewall”
    21. 21. Your Business Opportunity <ul><li>Increase revenue and profitability. </li></ul><ul><li>Develop additional services. </li></ul><ul><li>Improve customer retention. </li></ul>
    22. 22. Summary <ul><li>Urgent need for protection. </li></ul><ul><li>Practicable security solution. </li></ul><ul><li>Back to back with your business model. </li></ul>Business Opportunity
    23. 23. Thank you Application Security for Hosted Servers