NSE Insider Energizing Your Sales Pipeline with CTAP Assessments - Replay ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
NSE Insider
Energizing Your Sales Pipeline with
CTAP Assessments
Neil Matz,
Replay: https://attendee.gotowebinar.com/recording/3486741996216584207
Sr. PMM CTAP 1
Primer for New Sellers
If You’re New to CTAP…
The Cyber Threat Assessment Program (CTAP) enables
assessment-based selling for our partners and internal sellers
After monitoring your prospect’s network, CTAP generates an
assessment report with key findings that change the conversation
ACCELERATE MANAGE CLOSE
your sales cycles your time investments more business
Get to the technology validation Predictable workflows mean you Converts 4 out of 5
discussion faster spend less time wasting time opportunities on average
ctap@fortinet.com 3
Assessment Reports Facilitate Sales Conversations
“Looks like you are constantly under attack; do you currently have
automated defenses in place with your existing firewall vendor?”
“At least 4 malware bypassed your existing security controls; does your
incumbent solution provide the best content security/heuristics/etc.?”
“Were you aware that 7 proxies have circumvented your filtering controls?”
“It looks like your log rate is high at 357 logs per second – how do
you process those logs now? Do you use an upstream SIEM?”
“Over 75% of your web traffic is encrypted, do you currently inspect those packets?
What’s your strategy to deal with encrypted traffic as an organization?”
ctap@fortinet.com 4
Building an Assessment Based Selling Mindset
Learning
Familiarize yourself with the CTAP portal Read documentation and watch videos Conduct a test assessment in your own
https://ctap.fortinet.com under the Help section of the portal lab environment
Login with your Take time to understand the end to end You don’t want to run into any speedbumps
partner portal or network credentials assessment based selling process on-site or in front of the customer
Promoting
Send copies of sample reports Use the CTAP call to action slides Offer to run an assessment to validate
to your prospects in your own presentations your prospect’s defenses
Generate interest from your prospects, you want Append assessment based selling slides Remind them that “it never hurts to get a
them to say “I want that for my network!” to your pitch deck as a next step second opinion”
ctap@fortinet.com 5
Recent CTAP Success Story
• 822K attacks
US School District w/ 23 schools & 12K students • 13 malware
• 91% encrypted
What started as a CTAP NGFW assessment FortiGate
ended with a full Security Fabric sale
FortiAuthenticator
CTAP broke the ice with networking team
FortiAnalyzer
PAN displacement in part due to limited
performance when inspecting encrypted traffic FortiNAC
Great example of landing with CTAP FortiClient
$246,000 Total Deal Size
ctap@fortinet.com 6
Recent Features Added to CTAP
Opening up evaluation pool for FortiGates again (US only)
» Allows partners to onboard/test CTAP before making NFR commitment
FortiOS 6.4.1 support for E models (60E/300E)
Improved SFDC integration
» Better account linking and updated SFDC reports available
FortiGate AWS support (beta)
» If you have an interested customer, please send inquiry to CTAP alias
FortiGate VM support (GA on 8/13)
» Setup guide, elevator pitch, and walkthrough video available
» Materials on FUSE under Sales > CTAP, partner portal, and CTAP portal
ctap@fortinet.com 7
Introducing Remote FortiGate Assessments…
Current Drivers and Resulting Behaviors
Driver Resulting Behaviors
Restricted access to datacenters and test labs Aversion to on-site POCs and lab validations
affects conventional technical sales motions
Logistics delays and carrier restrictions Hardware inherently more challenging to
procure and transport from point A to point B
Limited physical contact Less face to face selling equates to shift in
traditional sales tactics
Prioritize essential services Can’t rely on refresh cycle for pipeline;
must prove immediate and essential value
Remote assessments are ideal for the current operational climate
ctap@fortinet.com 9
Remote Assessments Aren’t “One Size Fits All” Though
If your locale is unaffected by the aforementioned drivers,
hardware assessments are still very valuable
» Performance metrics normally excel with hardware-based assessments
Don’t over-rotate by sidelining your NFR or ITF units; use them
Partners building their assessment practice are still encouraged to
procure Not For Resale (NFR) units to use with multiple prospects
US sellers can still take advantage of the evaluation program
(loaner FortiGates for running on premises assessments)
ctap@fortinet.com 10FortiGate-Based Assessments with FG-VM Particulars
The CTAP Program now supports FortiGate VM 6.4.1
To be clear, it only supports ESXi 6.5 and above
(that said, ~70% of all organizations utilize VMware hypervisors)
We recommend 8 cores and 8GB memory for oversizing purposes
CTAP team is investigating other hypervisors and refining process
FG-VM support means sellers can work with many of their
prospects to run FortiGate-based assessments remotely
ctap@fortinet.com 11Clarifying FortiGate-Based Assessment Types
FortiGate-Based Assessment Types
ctap@fortinet.com 12Assessment Creation Form Nuances With FG-VM
FG-VM is a new “model” within the assessment creation form
No need to specify a serial number; you’ll be given a license instead
Only “One Arm Sniffer” is selectable as a deployment mode
ctap@fortinet.com 13After Successfully Submitting a FG-VM Assessment
After creating an FG-VM
assessment, you will be presented
with the following:
» Setup Checklist
» Binaries
» License File
» Configuration File
Download everything locally; you’ll
need the binaries, license, and
config file when deploying within
your customer’s ESXi environment
ctap@fortinet.com 14Deploying the FG-VM Instance Within Customer’s ESXi
Login to the customer’s VMware server using their credentials
» We suggest they login and then you take control remotely
Choose Create/Register VM to start
the New virtual machine wizard
You’ll want to Deploy a virtual
machine from an OVF or OVA file
Use the binaries you downloaded
previously; you’ll want to drag over:
» datadrive.vmdk
» fortios.vmdk
» FortiGate-VM64.hw14.ovf
ctap@fortinet.com 15Finish Deploying the FG-VM Instance
Using the Setup Checklist document, finalize the FG-VM deployment
» Select the customer’s datastore, accept the EULA, & configure network mappings/interfaces
» We recommend allocating the full 8 cores & using a minimum of 8GB memory
» Note: some CLI configuration is required to be able to access the FortiGate’s web GUI
If you run into trouble, refer to the Setup Guide and/or re-watch the walkthrough video
ctap@fortinet.com 16Applying the FG-VM License
After logging into the new FG-VM instance, upload the license
(.lic file downloaded from CTAP portal) under Dashboard > Status
ctap@fortinet.com 17Importing the FortiGate Config File
Restore the .conf file downloaded from the CTAP portal
» This will configure the WAN side settings (including remote logging FAZ IP,
FSA IP if applicable, & facilitate FortiGuard lookups for web filtering, etc.)
ctap@fortinet.com 18Enable Promiscuous Mode on the Network within ESXi
Under the ESXi console, edit the Network which contains the FG-VM
Ensure that Promiscuous mode is set to Accept or inherits from
underlying vSwitch (which should be set to Accept)
Exit ESXi and port mirror the switch to port2 of the FG-VM instance
ctap@fortinet.com 19After Mirroring the Switch, Verify Log Collection in Portal
Assuming everything is configured correctly, you will see logs
populating on the FG-VM under Log & Report > Sniffer Traffic
Similarly, if you’re logging to the Remote Server, you can login
to the CTAP portal and the Logs status indicator should turn green
ctap@fortinet.com 20Denote Logs Ready, Generate the Assessment Report
On the CTAP portal dashboard, select the Assessment Actions
button for your specific assessment
Then click on the Logs Ready button and your report will be
automatically generated (usually within 5 minutes)
ctap@fortinet.com 21Available Materials
Materials are available on both the CTAP and partner portals
» https://ctap.fortinet.com and https://partnerportal.fortinet.com
FG-VM Setup Checklist
» PDF describes entire setup from CTAP portal to ESXi configuration
FG-VM Walkthrough Training Video
» MP4 step by step video guide – this can be replayed in webinars/trainings
FG-VM Presentation
» PPTX slide deck includes materials sellers can reuse to spawn interest in
running a remote assessment
ctap@fortinet.com 22Closing Thoughts
Don’t Forget: Email Assessments Are Cloud-Based!
After creating an email assessment,
a FortiMail Cloud instance is provisioned
Customers configure their O365 or G Suite
transport rules to BCC emails to the cloud
No on premise equipment or setup required
We’ve seen a significant uptick in email
assessments over the past 4-5 months
ctap@fortinet.com 24On the Horizon for CTAP…
Hardware model validation
» F model (60/1F & 100/1F) support starting with 6.4.2
» Add’l CTAP hardware lineup additions (400/1E & 1100/1E)
Support for AWS-based FortiGates
» Available now in limited beta (please be patient)
» Please contact CTAP alias with interested partners/prospects
Revisions to existing assessment types
» SD-WAN = jitter/latency/packet loss stats for DIA apps
» NGFW = inclusion of new FortiGuard services
» Email = improved regional support and backend changes
New assessment types
CTAP
» Announcements likely in Q4 2020 + Q1 2021 timeframe for…?
ctap@fortinet.com 25Recap
Current conditions mandate a shift in selling
strategies; remote interactions are preferred
Remote assessments with FG-VM are now
supported with the CTAP program
Refer to FG-VM video and/or setup checklist for
more details or just email the CTAP team
All CTAP assessment types can be run remotely
(NGFW, SD-WAN, and Email)
ctap@fortinet.com 26Q&A Session
You can also read
