Sei sulla pagina 1di 2
ENTERPRISE Radware Security Solutions Battle Card LEAD OFFERING KEY SELLING POINTS DIFFERENTIATORS SOLUTION KIT

ENTERPRISE

Radware Security Solutions Battle Card

LEAD OFFERING

KEY SELLING POINTS

DIFFERENTIATORS

SOLUTION KIT

 

Hybrid attack

Coverage

Service

DefensePro

mitigation

Unique SSL mitigation solution

ERT when under attack

managed service

ERT Premium

Best of breed integrated WAF Accuracy

Behavioral-based detection

Fully managed service Solution

Single-vendor, full solution

DefenseSSL

DefensePipe

Real-time signature creation Time to Protect

(WAF and SSL)

Synchronized operations

AppWall

WAF + SSL mitigation

Real-time response in seconds

with Defense Messaging

ERT Premium

   

Web Security

Service

 

Cloud WAF

Service

Adaptive, automated policy generation

Full OWASP Top 10 in the cloud

24x7 full service

Solution

Cloud WAF

(w/ built in DDoS)

Behavioral-based DDoS included

Integrated CPE & Cloud

 

Positive & negative security models

WAF technologies

 

GTM 1 – Service AvailabilityGTM

2 – DC Protection

 

Coverage

Service

   

Hybrid attack mitigation (self-managed) WAF + SSL mitigation

Unique SSL mitigation solution

Best of breed WAF integrated Accuracy

Behavioral-based detection

Real-time signature creation Time to Protect

Real-time response in secs

24x7 full service

Solution Single-vendor, full solution

(WAF and SSL)

Synchronized operations with Defense Messaging

DefensePro

DefenseSSL

DefensePipe

AppWall

   

Security

SSL mitigation in the cloud

 

On-Demand Cloud DDoS Only

Mitigation quality with real-time signature (vs. non Akamai/Prolexic) Solution

Standalone

DefensePipe

   

Ability to scale to full hybrid (add on-premise)

 

Radware owns technology and service

 

QUALIFYING QUESTIONS

 

QUALIFYING QUESTIONS - ENTERPRISE

RESPONSE

APPROPRIATE SOLUTION

 

Is application availability the main concern of the business (vs. data center protection)?

Yes

GTM #1 – Online business protection

No

GTM #2 – Data center protection

 

Are there any web applications in the cloud or planned to be migrated? Do these require protection?

Yes

Lead with Cloud WAF (w/ DDoS) offering

No

Lead with hybrid attack mitigation

 

Do they have a strong web presence that requires protection or compliance? Do they have encrypted traffic through their network?

Yes

Include WAF in the offering

Yes

Include SSL mitigation solution

 

Do they employ security experts to manage devices? Would they prefer to manage their own devices?

No

Lead with hybrid attack mitigation managed service (w/ ERT Premium)

Yes

Lead with hybrid attack mitigation self-managed solution

GTM 1 – Service AvailabilityGTM

 

Yes

Lead with hybrid attack mitigation

Is the customer open to having gear on premise?

No

Offer Standalone DefensePipe yet present full hybrid solution to clarify differentiator and potential upsell

 

Is data center protection the main concern of the business (vs. application availability)?

Yes

GTM #2 – Data center protection

No

GTM #1 – Online business protection

2 – DC Protection

Do they employ security experts to manage devices? Would they prefer to manage their own devices?

Yes

Lead with hybrid attack mitigation self-managed solution

No

Lead with hybrid attack mitigation managed service (w/ ERT Premium)

 

Do they have encrypted traffic through their network?

Yes

Include SSL mitigation solution

   

Yes

Lead with hybrid attack mitigation

Customer is open to having gear on-premise?

No

Offer DefensePipe Standalone but walkthrough full hybrid solution to clarify differentiator + potential upsell

OBJECTION HANDLING

I don’t have the resources to manage this additional equipment.

Radware’s Attack Mitigation System reduces TCO by significantly reducing the time security teams have to spend on configuration, maintenance, reporting and analysis. Radware’s fully managed service deployment options cover all protection elements. Customers can outsource their cyber security defense to industry experts to monitor and manage.

I haven’t been targeted with advanced cyber-attacks. Radware’s research suggests that over 90% of organizations suffered a cyber-security attack that could have been mitigated by Radware’s Attack Mitigation System. Most likely the customer was attacked and is not aware. Today’s ease of launching attacks makes organizations of all sizes, industries and geographies potential targets. Proactive protection will prevent financial impact of an attack (which is higher than the cost of Radware’s AMS)

My applications are hosted in the cloud and protected by my cloud service provider. Radware offers a variety of cloud-based deployments that work in conjunction with cloud-based applications. Many cloud providers offer some security services, but it is important to fully understand the scalability and vector coverage as they vary. Finally, Radware’s Attack Mitigation System is designed to streamline security policy management and orchestration in application environments leveraging both on-premise and cloud-based application hosting (hybrid solution).

I have other perimeter security products, such as a NGFW providing protection.

Firewalls provide policy-based control of access to critical network or application infrastructure components, however they don’t provide protection from volumetric threats (like DDoS) or vulnerabilities inherent in the application’s code. For volumetric attacks, firewalls (like any stateful device) will only be

able to track a limited number of connections before their session tables fill up and they fail. When application logic attacks that attempt to ‘crack’ the application, firewalls can only provide protection based on known signatures with no automated policy learning to proactively protect applications from new attack vectors. Cisco recently partnered with Radware, leveraging its DDoS mitigation technology to complement the NGFW capabilities.

I use security protections from my CDN provider.

Many CDN providers offer security services in conjunction with site optimization. While convenient to purchase together, these security services often provide weak protection from multi-vector attacks combining OWASP Top 10 application threats and DDoS. A wide variety of dynamic content attack tools that take advantage of CDN behavior with requests for non-cached content. Other attack tools that can generate sophisticated attacks across CDN nodes, essentially turning the CDN itself into a large attack source. Finally, leveraging CDN based protections means an organization has limited coordination of security policy across environments where multiple CDNs are leveraged, and limited protection for attacks against the data center.

COMPETITIVE LANDSCAPE

DDoS

Differentiator

Radware

Arbor

F5

Akamai

A10

Corero

Single Vendor Hybrid Protection

Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection

Mitigation Capacity and Scale

Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale

Behavioral Attack

Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack

Detection

Coverage (L3/4, L7, encrypted, dynamic)

Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)

Zero Day Protection via RT Signatures

Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures

WAF

Differentiator

Radware

Imperva

F5

Akamai

Cloud Flare

Incapsula

OWASP Top 10 Coverage

OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage

Adaptive Auto Policy Generation

Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation

Cloud + CPE Applications Policy Coordination

Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination

Cross Network

Cross Network
Cross Network
Cross Network
Cross Network
Cross Network
Cross Network

Synchronization

Bot Detection and Fingerprinting

Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
CARRIER AND SERVICE PROVIDERS Radware Security Solutions Battle Card LEAD OFFERING KEY SELLING POINTS DIFFERENTIATORS

CARRIER AND SERVICE PROVIDERS

Radware Security Solutions Battle Card

LEAD OFFERING

KEY SELLING POINTS

DIFFERENTIATORS

SOLUTION KIT

 

Resell Radware

1. Comprehensive solution covering both DDoS and application attacks

Cloud WAF Hybrid Attack Mitigation (DefensePipe)

Cloud Services

2. Flexible terms in structuring the deal (Opex, Capex)

GTM 3 – ResellGTM

Radware products

 

to build a business:

3. Unmatched security expert support for SPs by ERT

1.

DefensePro +

1.

DDoS as a

4. Marketplace credibility and good record

DefenseSSL

Service

5. MSSP Portal - flexible tool for extended

+ Peak Protection

2.

WAF as a

tenant visibility

2. AppWall + Elastic WAF

Service

6. Go-To-Market support in marketing their

3. MSSP Portal

3.

MSSP Portal

security services

   

1. Industry’s most scalable platform for service providers

2. Unmatched attack detection - patented behavioral analysis technology

3. Highly automated attack detection and mitigation minimizing OPEX costs by reducing manual efforts

DefensePro

Scrubbing Center

DefenseFlow

(recommended)

4 – Infrastructure Protection

Always On

Protection

Network-based and

Hybrid Solutions

DefensePro

DefensePipe

Peak Protection

 

NetFlow &

4. Widest attack coverage including out-of-path protection from SSL/encrypted attacks

Radware Flow Collector DefenseFlow DefensePro

OpenFlow

5. Integrated security solution across DDoS and WAF

(SDN based)

6. SDN-ready, seamless integration with today’s offering

     

Peak Protection

7. Unmatched security expert support for service providers by ERT

Peak Protection

QUALIFYING QUESTIONS

QUALIFYING QUESTIONS - SERVICE PROVIDERS

RESPONSE

APPROPRIATE SOLUTION

 

Has the service provider had a customer who went down? Is the service provider liable for customer SLA outages? Are they looking for additional revenue streams?

Yes

GTM #3 – Building a Business with reselling Radware’s cloud services

   

Open to

Lead with reselling Radware’s existing cloud services

Does the service provider require a customized solution or open to reselling Radware’s offering?

resell

Customized

Lead with Radware products to build their own service

 

solution

 

Can the service provider handle the complexity involved with building his own service?

Yes

Can go with Radware products to build their own service

No

Lead with reselling Radware’s existing cloud services

 

Is the service provider interested in building & selling always-on (inline) solutions (vs. on-demand (out-of- path))?

Yes

Inline AMS – provides immediate detection & mitigation

No

Out-of-Path AMS for on-demand/scrubbing centers

GTM 3 – ResellGTM

4 – Infrastructure Protection

Does the service provider want to deploy multi-tenant platforms (vs. dedicated appliances)?

Yes

Network-based AMS (inline or OOP) for widest coverage and multi-tenant support

No

Lead with hybrid attack mitigation – TOR with dedicated hardware per customer

 

Does the service provider have dedicated networking and/or security teams?

Yes

Network-based on TOR self-managed by the SP

No

Resell Radware cloud solutions, backed up by Radware ERT/TAC

 

OBJECTION HANDLING

My customers don’t ask for security services. According to industry analysts, the security services market is projected to grow to $170M by 2020. As enterprises continue to migrate more mission critical, production systems into the cloud they will put more emphasis on ensuring their service provider is putting appropriate security around those applications. Radware’s packaged application delivery and attack mitigation technologies enable cloud and hosting providers to sell to clients as high value, revenue generating services. Service providers that deploy advanced services based on Radware solutions typically generate margins of 40-60% and benefit from a variety of flexible investment options that include OPEX-only payment models. These services differentiate a provider’s business, add margin to current tenant revenues and attract new customers.

I am moving to NFV/SDN.

As service providers plan and deploy SDN architectures, it’s important to find solutions that can bridge data to the SDN control plane. With the right solution, service providers can get automated control of security across the entire network. Radware offers service providers deploying SDN/NFV, DefenseFlow to provide the intelligence needed to analyze network-wide telemetry from multiple sources and quickly perform optimal mitigation based on automated network policy rules. DefenseFlow is a software product that leverages network technologies to provide attack mitigation as a native network service. It is the first SDN application that programs networks for DDoS security and provides real time DDoS network-wide mitigation and protection.

I have other security products in my environment.

At Radware, we’re accustomed to working with security providers that have a wide variety of security products within their environment. Often we work with service providers that are looking to replace certain security products that don’t offer the breadth of attack vector coverage or automation capabilities of Radware products. Other times service providers are looking to add high margin service capabilities that they can offer customers, and see benefits in Radware’s multi-tenant capabilities.

I don’t have the staff to support customers with security services.

Radware can augment existing support teams to ensure customers get the support they need. Technical support is available for all of Radware products through the Certainty Support Program. Each level consists of four elements: phone support, software updates, hardware maintenance, and on-site support. Dedicated engineering staff can assist service provider clients on a professional services basis for advanced project deployments.

I don’t want another box in my network.

This is a common concern for service providers, either because they don’t have the staff to manage the solutions or aren’t sure how the hardware can

be architected into their infrastructure. Radware offers fully managed services for all of its security products and services. Additionally, Radware offers

a wide array of form factors that don’t require the deployment of new hardware. Radware cloud-based resources can be leveraged to support service

provider offerings. Also, DefenseFlow is a software product that leverages network technologies to provide attack mitigation as a native network service.

It is the first SDN application that programs networks for DDoS security and provides real time DDoS network-wide mitigation and protection.

COMPETITIVE LANDSCAPE

DDoS

Differentiator

Radware

Arbor

F5

Akamai

A10

Corero

Single Vendor Hybrid Protection

Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection
Single Vendor Hybrid Protection

Mitigation Capacity and Scale

Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale
Mitigation Capacity and Scale

Behavioral Attack

Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack
Behavioral Attack

Detection

Coverage (L3/4, L7, encrypted, dynamic)

Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)
Coverage (L3/4, L7, encrypted, dynamic)

Zero Day Protection via RT Signatures

Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures
Zero Day Protection via RT Signatures

WAF

Differentiator

Radware

Imperva

F5

Akamai

Cloud Flare

Incapsula

OWASP Top 10 Coverage

OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage
OWASP Top 10 Coverage

Adaptive Auto Policy Generation

Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation
Adaptive Auto Policy Generation

Cloud + CPE Applications Policy Coordination

Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination
Cloud + CPE Applications Policy Coordination

Cross Network

Cross Network
Cross Network
Cross Network
Cross Network
Cross Network
Cross Network

Synchronization

Bot Detection and Fingerprinting

Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting
Bot Detection and Fingerprinting