Sei sulla pagina 1di 11

Practitioner’s Guide to Building a Security Operations

Center (SOC)
Accelerating Threat Detection with Cloud-based Security Monitoring

A Frost & Sullivan White Paper

www.frost.com

50 Years of Growth, Innovation and Leadership


Frost & Sullivan

Accelerating Threat Detection with Cloud-based Security Monitoring........... 3

The Minimum Requirements Needed for the Do-it-yourself SOC.................. 4


The Costs of Cybersecurity Technology Acquisition.......................................... 4

The Related Costs of Building an On-premises SOC...................................... 5

AlienVault® USM Anywhere™....................................................................... 7

SIEM.............................................................................................................. 7

Plugins and AlienApps™................................................................................ 7

Vulnerability Management (VM)................................................................... 8

Intrusion Detection System (IDS)................................................................... 8

Minimum Analytics ....................................................................................... 9

The Advanced Analytics Function.................................................................. 9

Conclusion..................................................................................................... 10

TA B L E O F C O N T E N T S
Practitioner’s Guide to Building a Security Operations Center (SOC)

ACCELERATING THREAT DETECTION WITH CLOUD-BASED SECURITY MONITORING

Cybersecurity is a large term that has many connotations. Cybersecurity can entail everything from the physical security of
assets to the secure containment of software development and through to patch management or records restoration if a
breach has occurred. However, at the heart of cybersecurity are these requisites:

• Preventing attacks. A company must be able to deflect the most common malware strains
(understanding that the miscreant is innovating, too). Servers and endpoints must have secure
configurations. Vulnerabilities are like loose threads on a shirt; if you tease them out long enough, you can
rip apart fabrics at the seams.
• Network visibility. Even in small networks, endpoints can be lost or never associated with the network
infrastructure to begin with. This can happen for a variety of reasons, including server array configurations,
new OS/software upgrades, or power surges. Of course, the best cyberattacks emanate in the dark. A
security team must be able to dynamically discover endpoints because this is almost impossible to do
through manual processes.
• Alarm management. The network administrator or security team knows that something is awry in the
network; they have received an alarm telling them so. Alarms can be problematic in three ways. An alarm
may conflate a benign event with a security incident. Secondly, an alarm may be a replication and come from
redundant sources. Lastly, an alarm could be a false positive; the alarm does not reflect accurately what is
happening in the network.
• Fast detection. In the “preventing attacks” phase, a company is challenged to create as much friction as
possible to discourage miscreants. However, even in the best and smartest designed cybersecurity postures,
miscreants are getting in. A company must have strategies beyond the perimeter to determine if there has
been a breach.
• Contextual awareness. Alert management and fast detection is often a gauntlet that a security analyst
has to negotiate. When an alarm escalates into an incident, a security analyst must be able to contextualize
the incident to what systems and endpoints are affected and where the attack originated. More than that,
it has to be determined if the attack is spreading. True contextual awareness will integrate external threat
feed data to determine the severity of an attack and what is the proper incident response.
• Incident response. The security analyst must have at his disposal a combination of response options
for the suspect endpoint—to deny/quarantine/block or send to the guest network. Preferably, manual or
automated responses are included.
• Back to normal. In many ways, the “all’s clear” sign resembles the Preventing Attacks state. The security
analyst must be able to tell if the patches have taken hold and the network security surface is secure.

The largest companies and enterprises have impressive resources. A viable option for enterprises is to build a dedicated
security operations center (SOC) and staff the SOC with dedicated personnel. Midsized companies, though, have to make
do with fewer resources or create redundancies for existing personnel.1 The mid-market is the inflection point where a
company can conceivably build and maintain a SOC.

To SOC or not to SOC, that is the question.

1. Frost & Sullivan defines enterprises as having 10,000 or more employees. Small-to-midsized businesses have 1-999 employees. This whitepaper is
fundamentally about the companies with between 2,499-9,999 employees that have tough decisions about the resources they want to allocate to
cybersecurity, and how that jibes with their overall IT and operations strategy.

All rights reserved © 2018 Frost & Sullivan 3


Practitioner’s Guide to Building a Security Operations Center (SOC)

THE MINIMUM REQUIREMENTS NEEDED FOR THE DO-IT-YOURSELF SOC

The Costs of Cybersecurity Technology Acquisition


Building an in-house SOC is complicated. If we thought of “preventing attacks” through “back to normal” as a cycle, the
transitions between phases have to be smooth and continuous. Each efficacy requires different tools and different toolsets.
Additionally, an incident detection and response (IDR) lifecycle is an iterative process, and inefficiencies in one part of the cycle
exacerbate what can be done in later stages of IDR. And none of this happens in a vacuum: the network must remain open for
employees, customers, and the line of business, even as tools are implemented and a forensics investigation is taking place.

Clearly, the idea of building a fully realized in-house SOC is not to be taken casually. Two major costs are incurred: the cost
of acquiring technology and the cost of software, hardware, and dedicated cybersecurity personnel.

As we present data and tables, please realize that these are roughly average costs that a midsized company may incur (the
criterion here is for roughly 3,000 endpoints). The costs do vary based upon the type of business, number of locations,
number of remote workers2 and how a company internally values cybersecurity. Presented here are the low end and high
end of the expected costs a midsized company will incur if it builds its own SOC.

Table 1. The Cost to Acquire Cybersecurity Technology to Build/Maintain a Premises-based


SOC for Midsized Companies (Roughly 3,000 Endpoints)

Type of Technology Annual Costs Explanation of Costs, Alternative and Implementation

Security Information The one-time hardware cost of an all-in-one appliance is $25,000. Additional collectors may
and Event Management $25,000 - $40,000 be $5,000 each. When SIEM is used for incident detection and response, it does require a
(SIEM) significant amount of tuning on the front end.

Vulnerability VM is an essential tool toward prevention. Shoring up the network security surface and
$20,000 - $25,000
Management (VM) finding vulnerabilities before an intruder does is important.

A unified threat management (UTM—an alternative to IDS) system can be obtained for as
Intrusion Detection
$10,000 - $30,000 little as $3,000. The solution is ultimately not robust enough. IDS systems generally start at
System (IDS)
$30,000 annually.
Network Behavior
This would be the approximate price of analytics purchased for NBAD as a discrete
Analytics Detection $10,000 - $15,000
software module. NBAD is often integrated into enterprise-grade SIEM.
(NBAD)

User and Entity This would be the approximate price of analytics purchased for UEBA as a discrete software
Behavioral Analytics $15,000 - $20,000 module. UEBA would include statistical baselines, which do save some time in what analysts
(UEBA) have to do to tune a SIEM. UEBA is often integrated into enterprise-grade SIEM.

External Threat Feed Many companies will use open-source software for this or join vendor communities. Other
$10,000 - $20,000
Service sources like Virus Total have commercial versions.

The $85,000 is a hard-deck cost. Many factors can add to this (e.g., the number of
SUM of Technology offices, the number of remote workers, and the type of business—if credit card-
$90,000 - $150,000
Acquisition centric, much more security is required—among other considerations). Each added
end user or device adds incremental costs.

Source: Frost & Sullivan

2. In 2015, according to the US Department of Labor, 24% of US workers, on days that they worked, did all or some of their work from home.

4 All rights reserved © 2018 Frost & Sullivan


Practitioner’s Guide to Building a Security Operations Center (SOC)

The acquisition of the technologies listed above represents what would establish a good cybersecurity posture.
Identifying vulnerabilities and endpoint misconfigurations (VM), keeping log data (SIEM), and intrusion detection for on-
premises and cloud infrastructures are all intuitive must-have protections. The inclusion of one or more external threat
feed systems gives context to threats; they can help determine whether incoming traffic is anomalous and irregular or
anomalous and dangerous.

The role of analytics cannot be understated. Inside of a common SOC, the term alarm-fatigue is often used. If a SIEM
is manually tuned, the SIEM may often show network performance events (somebody downloading more files than
they normally do, for example) as potential security events. Without proper analytics, chasing phantom incidents
becomes a concern.

Much of the drudge work done by the SOC analyst can be performed in analytics. Trying to correlate malware signatures
with IP addresses from log data from an internal SIEM with malware signatures from an external threat feed service would
be difficult to do manually, and errors could be made. Analytics can make these correlations centrally. Analytics can also be
used to piece together the event timeline (who has access, when something occurred, which machines can also be infected,
and if the malware has spread).

The last problem with acquiring cybersecurity technology is that it is a never-ending endeavor. Many hardware and/or
software platforms are bought as perpetual licenses, meaning these are acquired once a year. Many times the API between
tools has to be re-established. Integrating new threat feed sources is a time sink. The small, manual inputs that have to be
made to take in new software and refresh the SIEM add up after a while.

THE RELATED COSTS OF BUILDING AN ON-PREMISES SOC

At this point, the tools have been purchased and the SOC is in place. Somebody still has to push the levers. In the following
table, you will see the cost of adding a dedicated SOC analyst, the cost of adding new hardware, and the cost of the related
infrastructure and personnel needed to support those systems in the SOC.

Table 2. The Related Costs to Build/Maintain a Premises-based SOC for Midsized Companies (Roughly 3,000 Endpoints)

Related Costs Annual Costs Explanation of Costs, Alternative and Implementation

Security analyst jobs start at $75,000 a year and go up. We can assume that if a company
Dedicated SOC has a dedicated SOC analyst, that person would need to have, at a minimum, Tier 2 threat
$110,000 - $135,000
Analyst hunting abilities and likely purchases or advises on the purchasing of tools considered here
(estimating salary and $15,000 in benefits).
The rough cost of hosting a server in a datacenter for a year is $1,450 in power
consumption. In the previously mentioned technology tables, we can establish two premise-
Hardware Hosting built servers for security (VM and SIEM all-in-ones). This is an average cost. In some cases,
$5,000 - $10,000
Costs the software can be spun up as a virtual machine. However, in other instances, new routing
or load balancing equipment may be required. A company may need to obtain more
bandwidth to match security and operations needs, and this, too, has a cost.
Related Hardware/
$113,000 - $141,000 The deck charge and other likely pricing scenarios.
Personnel
SUM of Technology
$90,000 - $150,000 Shown earlier
Acquisition

First Year Cost of Maintaining a SOC would be roughly 70%-80% of a new SOC. However, maintaining a
$203,000 - $291,000
Building a SOC SOC is not an easy proposition.

Source: Frost & Sullivan

All rights reserved © 2018 Frost & Sullivan 5


Practitioner’s Guide to Building a Security Operations Center (SOC)

For individual SOC analysts or small SOC teams, the implementation and on-going monitoring of the SOC is both art
and science. In this case, let’s assume that in building a SOC from scratch, the tools buyer is also going to be the person
ultimately monitoring the SOC. That person may buy tools that he or she understands. The person may write custom
scripts or create playbooks that are consistent with processes unique to his personal experiences and methodology.

One easily observable problem with the chart above is that we have only provided for one dedicated SOC analyst.
Obviously, it would be impossible for any one person to have 24x7 monitoring and response capabilities. For this model,
we assume that there is some redundancy between IT and security and that if a security incident rises to criticality, the
SOC analyst would be contacted. Admittedly, these assumptions seem thin, but this is the real-life scenario. While the
charts above represent cost-related items, these are not the lone concerns (see the table below).

Table 3. Periphery Concerns about Building and Maintaining a SOC

Periphery Concerns

Current statistics indicate that dedicated cybersecurity talent is in short supply and high demand. The
Personnel unemployment rate for cybersecurity is -5%, highlighting how difficult it is to obtain and retain skilled
cybersecurity personnel.

For organizations with dedicated security personnel, the SOC is often fashioned based on their direct
experiences. The software security monitoring platforms all work, but they are used in different ways,
SOC Design
depending on the personnel. If the SOC personnel leave, the knowledge gap for new personnel can be
significant and can lead to inefficiencies and ineffectiveness.

SIEMs, firewalls, systems and other cybersecurity tools provide valuable data and physical logs to provide
Internal Threat a trail of activity within the infrastructure. A skilled SOC analyst will be able to provide contextual
Detection understanding and awareness about the environment following an alarm. However, the true severity of the
threat requires deeper analysis to understand fully.
Having a clear understanding of the threat landscape expressed in a language that a security tool can
understand is critical to effective threat detection and response. Companies can access open-source feeds
Threat Intelligence
or license commercial threat feeds to augment their tools. None of this threat intelligence, however, aligns
perfectly with the organization’s assets, rules and tools, making it difficult to integrate and use effectively.

The word “analytics” invokes various meanings but is critical to building an effective SOC. Analytics combine
internal logo data with external threat data to develop an incident storyboard to help identify anomalous
Data Analytics
behavior (e.g., lateral movement, data exfiltration, etc.) and prioritize those incidents to help the SOC analyst
be effective.

Source: Frost & Sullivan, AlienVault™

It should be noted that there are advantages to building your own SOC. Each network security surface is slightly different
and, as a result, each SOC is different. If security, operations, and IT are aligned (or if each function is done by the same
practitioner), then building a customized solution makes sense. In fairness, the protection of company assets is the
combination of the efficacy of the tools and the direct responsibility of the people in charge of the defense, monitoring, and
investigation of security incidents.

In a nutshell, that is the midsized cybersecurity market dilemma. An in-house SOC requires the acquisition and maintenance
of cybersecurity, new software/hardware additions, the cost of storage, and new personnel. Scalability is problematic. Many
companies are considering alternatives.

6 All rights reserved © 2018 Frost & Sullivan


Practitioner’s Guide to Building a Security Operations Center (SOC)

ALIENVAULT ® USM ANYWHERE™

AlienVault’s cloud-based platform, USM Anywhere™, is designed to address the security operations needs of mid-market
organizations and also offers features that allow enterprises and managed security service providers (MSSPs) to centrally
manage larger deployments.

AlienVault built USM Anywhere from the ground up to monitor cloud environments as well as on-premises environments
from one unified solution. By working with a new architecture rather than trying to kludge cloud monitoring onto their
on-premises appliance, AlienVault was able to create an extensible security operations platform with integrations into other
major IT security and productivity tools via the AlienApps™ ecosystem.

The next few sections explain how AlienVault is able to offer a multifaceted SIEM and threat detection and response
platform that is affordable to midsized businesses but also scalable and extensible as a company grows.

SIEM

SIEM is not just the collection of data, it is the right indexing and classifying of data at the time of ingestion and the
meaningful enrichment of data for threat detection and compliance reporting. From the start, AlienVault has taken the
approach of unifying SIEM with other critical security controls to provide data enrichment and valuable context.

The collection and analytics center of cloud-based USM Anywhere is fully hosted in AlienVault’s Secure Cloud. Sensors
are deployed in the environments you wish to monitor and are responsible for data collection, asset scanning, vulnerability
scanning, intrusion detection, and environmental awareness. Sensors provide extensibility by allowing a company to easily
deploy more sensors to add greater capacity and more distributed coverage.

Importantly, AlienVault USM Anywhere sensors can be deployed into the public cloud or in virtual environments. USM
Anywhere includes cloud-native sensors for AWS and Azure and virtual sensors for VMware and Hyper-V environments.
With AWS, cloud-native log aggregations occur through integration with CloudTrail, CloudWatch, and S3. Similar to S3,
Microsoft has a Security Center fabric. The USM Anywhere integration occurs using Azure REST Monitor API (Insights).

Proving compliant practices is a traditional SIEM function. AlienVault USM Anywhere includes reporting templates for PCI
DSS, HIPAA, and NIST CSF. Important service-level certifications include HIPAA, SOC 2 Type 2, PCI DSS Level 1 Service
Provider, and ISO 27001:2013 (note: GDPR certification is expected in May 2018).

The decentralized cloud architecture has many advantages in terms of what can happen in threat detection and analytics,
which will be discussed shortly. One significant advantage is the savings in storage. USM Anywhere includes up to 90 days
of live, online storage and one year of cold storage. Using Elasticsearch as part of the online storage tier, data is quickly
searchable. Added cold storage can be purchased to store raw logs and events longer if required for specific use cases.

PLUGINS AND ALIENAPPS™

Midsized businesses may want to leverage existing cybersecurity intelligence platforms. For several SIEM vendors, an API is
the communication fabric between platforms; AlienVault calls these plugins. The AlienVault Labs Security Research Team
regularly updates its plugin library to increase the efficacy of USM Anywhere and enable it to accept third-party data
(see AlienVault Common Supported Plugins).

All rights reserved © 2018 Frost & Sullivan 7


Practitioner’s Guide to Building a Security Operations Center (SOC)

Even more than API integrations, AlienVault wanted to offer its customers
USM Anywhere™ Pricing greater security visibility and automation through platform integrations. With
this in mind, AlienVault created AlienApps. AlienApps are modular, extensible
additions to USM Anywhere that allow AlienVault to collect data from API-based
This white paper has gone into
systems, analyze and visualize the data via pre-built dashboards, and provide
detail about what is needed to build
orchestrated security response with third-party applications.
and maintain a SOC, the types of
technologies and skillsets required, Via AlienApps, AlienVault threat detection and analytics can be integrated with
and advantages of an all-in-one platforms from key cybersecurity providers. The AlienApps are more than
security monitoring platform like USM tangential API integrations in that the bidirectional fabric can be used to gain
Anywhere. visibility and insight and (often) to block threats before they are operational.
Automated incident responses are then created.
Missing from the discussion is the
pricing of USM Anywhere. The AlienVault AlienApps page shows the summary list of Apps, but a brief
summary of key AlienApps below shows what can be done:
Pricing of AlienVault USM Anywhere
is based on an annual subscription and • Coordinate and manage endpoint security with McAfee ePolicy Orchestrator
varies primarily based on monthly data • Monitor user and admin activities in G Suite
consumption, length of data storage
• Block domains with Cisco Umbrella
and number of sensors. Entry-level
and enterprise packages are available, • Operationalize alert/incident investigations with ServiceNow
although the most-opted for is the • Block IPs with Palo Alto Networks
standard package starting at less than
• Neutralize the spread of infections with Carbon Black
$2,000 per month.
• Monitor and secure Office365 applications
View pricing and packages here

VULNERABILITY MANAGEMENT (VM)

Ensuring secure configurations remains an important capability in network security. AlienVault USM Anywhere includes a
vulnerability assessment scanner integrated with the other security controls and capable of scanning across cloud and on-
premises environments. Vulnerability management (VM) is the applied analytics of what happens after the scan. AlienVault
draws from multiple sources that help to augment its VM intelligence library. First, the AlienVault Labs security research
team publishes new vulnerability signatures to the product continuously, keeping the scanning capabilities up to date.
Secondly, USM Anywhere is integrated with the Open Threat Exchange® (OTX™), so users can investigate vulnerabilities
and threats more deeply via links to CVE reports in OTX.

INTRUSION DETECTION SYSTEM (IDS)

USM Anywhere has several methods to determine if there is an intrusion. The first method is AlienVault’s embedded
file integrity monitoring (FIM) as a native feature on USM Anywhere. FIM monitors files for extraction from a registry or
looks at files to see if they have been altered. Secondly, if user behavior as far as accessing files is different than historical
behaviors, this could be a privilege escalation and could be more than an IOC. Thirdly, USM Anywhere includes Network
IDS, Host-based IDS and Cloud IDS with IDS signatures updated continuously by the AlienVault Labs threat research

8 All rights reserved © 2018 Frost & Sullivan


Practitioner’s Guide to Building a Security Operations Center (SOC)

team to stay up to date with the latest threats. Lastly, the beauty of plugins and AlienApps is the added depth and visibility
for threat detection. The mixture of analytics and insights from USM Anywhere with the capabilities from other platform
providers, like Palo Alto Networks or McAfee, helps determine if there is an intrusion even if there is not an existing
malware signature to support the conclusion.

MINIMUM ANALYTICS

Earlier, we explained all of the necessary steps needed to initiate and maintain an effective cybersecurity posture
(securing endpoints, network visibility, contextual awareness, log management, antivirus, etc.). The same mindset is aptly
applied to analytics.

The minimum expectations for analytics include:

• Dynamic discovery. Often an endpoint will enter the network without being registered formally through Active
Directory, identity access manager (IAM), network access controller (NAC), or endpoint management system.
Additionally, infrastructure equipment can be dropped or lost when there are server OS upgrades or power supply is
temporarily interrupted. Analytics have to be able to map what is on the network and any changes to keep an accurate
picture of the available attack surface.
• Functional network segmenting. Analytics have to understand if a specific user is accessing files in unauthorized
parts of the network. While specific grouping of end users by business function can be achieved over different
technologies, just on the face of it, there has to be basic network segmentation based on behavior.
• Statistical baselines. This is a function of user and entity behavioral analytics (UEBA). Individual end users create a
pattern of uploads/downloads, websites visited, and files accessed. Again, site administrators can add additional filters
to help customize the safe security parameters of the employees of a specific department. However, if the same
filtering hierarchy is applied to each user, the task becomes onerous.
• Correlation rules. The on-platform analytics need to be able to correlate network traffic with known malware from
external threat feeds and then initiate (or automate) threat response.

Along with the quality of the analytics on AlienVault USM Anywhere, a critical difference exists between the hosted
analytics in the AlienVault Secure Cloud and the do-it-yourself SOC environment. The do-it-yourself SOC has to build in
parameters and create fabrics/scripts/APIs to make appliances interoperable. This process is happening with the AlienVault
essential security capabilities and threat intelligence as well, but the effort has been taken care of by AlienVault without
adding burden to the customer.

THE ADVANCED ANALYTICS FUNCTION

The fruition of a strong cybersecurity function is not unlike the creation of a great meal. For all of the prep work—the
boiling of water, cutting of vegetables, and many other steps—the culmination comes together all at once in a hopefully
fabulous presentation.

USM Anywhere has asset discovery, SIEM, VM, IDS, FIM, and fully integrated threat data from AlienVault Labs and
AlienVault Open Threat Exchange as discrete functions in the same platform. Underappreciated is the idea that these
cybersecurity technologies (as well as partner platforms connected through plugins or AlienApps) are better than the sum
of the parts. The central analytics on USM Anywhere create a force multiplier that adds visibility, context, and control to
the network’s security posture—providing rapid threat detection and the ability to satisfy compliance mandates.

All rights reserved © 2018 Frost & Sullivan 9


Practitioner’s Guide to Building a Security Operations Center (SOC)

CONCLUSION

Certainly, there are important use cases where building and maintaining a SOC is the appropriate play for an organization.
The most important scenario is likely for businesses that handle credit card transactions in volume or store PII. Additionally,
in that scenario, security tools should be integrated into the physical construction of the network—downtime for visitors
may mean a loss of a sale. The user experience, website availability, and network security are all crucial parts of the
business’s success.

However, if all factors are equal, a cloud-based service makes sense. The acquisition, orchestration, and maintenance of
cybersecurity technology are a constant battle. Hardware and storage costs can escalate, and extensibility becomes a
problem. Personnel are hard to train and as hard to retain. Understanding one-time costs is difficult, and maintenance costs
are 70‒80% of acquisition costs even in static and well-constructed SOC.

With AlienVault, a customer gains protection, visibility/discovery, and persistent monitoring throughout the entire threat
detection and response lifecycle. Deployment of USM Anywhere can be done quickly and efficiently, allowing organizations
to get value from the solution more quickly than deployment of the point solution equivalents, such as SIEM, vulnerability
assessment, and intrusion detection. Once the system is configured and sensors deployed, which can be done in hours,
users can realize immediate benefits of the unified platform and visibility. Lastly, USM Anywhere has multi-faceted analytics
at its foundation, but also offers additional threat detection and manageability through its many partnership integrations.

More Info:

 Explore USM Anywhere Online Demo


 View USM Anywhere Pricing and Packages
 Read Customer Reviews and Testimonials

10 All rights reserved © 2018 Frost & Sullivan


Silicon Valley San Antonio London
3211 Scott Blvd 7550 West Interstate 10, Suite 400, Floor 3 - Building 5,
Santa Clara, CA 95054 San Antonio, Texas 78229-5616 Chiswick Business Park
Tel +1 650.475.4500 Tel +1 210.348.1000 566 Chiswick High Road,
Fax +1 650.475.1571 Fax +1 210.348.1003 London W4 5YF
Tel +44 (0)20 8996 8500
Fax +44 (0)20 8994 1389

877.GoFrost • myfrost@frost.com
http://www.frost.com

NE X T S T E P S

Schedule a meeting with our global team to experience our

thought leadership and to integrate your ideas, opportunities and

challenges into the discussion.

Interested in learning more about the topics covered in this white

paper? Call us at 877.GoFrost and reference the paper you’re

interested in. We’ll have an analyst get in touch with you.

Visit our Digital Transformation web page.

Attend one of our Growth Innovation & Leadership (GIL)

events to unearth hidden growth opportunities.

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation
that addresses the global challenges and related growth opportunities that will make or break today’s market
participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging
businesses, the public sector and the investment community. Is your organization prepared for the next profound wave
of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best
practices, changing customer dynamics and emerging economies?

For information regarding permission, write:


Frost & Sullivan
3211 Scott Blvd
Santa Clara CA, 95054

Potrebbero piacerti anche