NETMONASTERY - NASSCOMold.nasscom.in/sites/default/files/NM_Profile_0.pdfFocus on business while the...
Transcript of NETMONASTERY - NASSCOMold.nasscom.in/sites/default/files/NM_Profile_0.pdfFocus on business while the...
Private & Confidential
NETMONASTERY
Company Profile [2014]
Cloud & Network (In)security is dominating the Headlines
“Top engineering has been failed repeatedly, reasons for this
sustained failure is beyond the engineering itself.”
2
The Enterprise TodayMountains of data, many stakeholders
Switch logs
Web server
activity logsContent management logs
Web cache & proxy logs
Unauthorized
Service DetectionIP Leakage
Configuration ControlLockdown enforcement
False Positive
Reduction
Access Control EnforcementPrivileged User Management
Malicious Code DetectionSpyware detection
Real-Time MonitoringTroubleshooting
User
Monitoring
SLA Monitoring
How do you collect & protect all the data necessary to secure your network and comply with critical regulations?
Router logs
IDS/IDP logs
VPN logs
Firewall logs
Switch logs
Windows logs
Client & file server
logs
Wireless
access logs
Windows
domain logins
Oracle Financial Logs
San File
Access Logs
VLAN Access &
Control logs
DHCP logs
Linux, Unix,
Windows OS logs
Mainframe logs
Database Logs
VA Scan logs
3
Introducing NETMONASTERY
…where Security & Big Data converge
NETMONASTERY’s product CNAM, is a Real-Time Threat Management Platform that
detects real attacks in real-timeCNAM delivers detection, correlation, intelligence and application monitoring in the easy
subscription model.
4
CNAM(Comprehensive
Network Attack
Monitoring)
COMPREHENSIVE NETWORK ATTACK MONITORING (CNAM)Your active threat management program
THREAT
DETECTION
APPLICATION
MONITORING
THREAT
INTELLIGENCE
SIEM
ENGINE
THREAT
ANALYTICS
…thwarts real attackers in real-time
• Detection Included
Focus on business
while the chores of
threat detection are
• Profile Recorder
Automatically detect
usage patterns and
build enforcement
• Curated Intelligence
Integration of curated
3rd party feeds from
multiple partners
• Managed Correlation
Be relieved from the
complexity of
correlation models andthreat detection are
managed
• Proprietary
Components
Identify threats using
custom developed
detection systems
• Collaboration Built-IN
Threat collaboration
identifies trends and
learns automatically
• Intelligence Connectors
Integrate with
intelligence providers for
early warning signs
build enforcement
profiles
• Integration Libraries
Security integration
libraries for commonly
used platforms
• Training & Support
Continuous help and
support for integrated
applications
• Custom Correlation
Building custom
correlation modules to
trap threat scenarios
multiple partners
• Local Ranking
Module
Heuristic Models are
used to locate
actionable intelligence
• Decoy Database
Live and deliberate bots
bring in mission critical
information about
threats
• Local Intelligence
Benefit from Local
intelligence using real
time collaboration
correlation models and
rules
• Real-Time triggered
rules
Built ground up for
complex threat
computation in real
time
• Unique Weighted
Engine
Accurate detection
systems customs built for
threat management
• Multi- Layer Mixer
Contextual correlation
layers to deliver accurate
results in real time 5
• The threat detection
stack exists but has a high
false positive ratios
• Servers, devices and
apps need to be
integrated to extract
• Monitoring the external
threat landscape needs
dedicated attention
• Evaluating the
environment and
understanding the needs
• Detection and
orchestration
technologies available
are extremely complex
• Correlation stack consist
of products that are
• CNAM brings along the
entire stack (detection,
correlation and
intelligence)
• Deploys on commodity
hardware or virtual
NEED EXPERTISE CHALLENGES NETMONASTERY
Why NETMONASTERY?Detecting threats from the unknown in the cyber world is a critical challenge that
needs special skill and engineering
integrated to extract
symptoms of attack
• Threat intelligence is
available from third party
sources need to be
integrated
• Recognizing threats
from the Internet in real-
time
• Detection must be
accurate and timely (real-
time)
understanding the needs
of the enterprise
• Building models for
defense using available
tools requires experience
• Deployments are
extensive and resource
hungry
• Skilled resources are
rare and expensive
of products that are
expensive
• Multi-tenant solutions
have data privacy issues
• Accountability resides
on the customers back
• Focus on the threat
detection use case
requires continuous
improvement
• Mid market has no
solution that is
substantial
hardware or virtual
systems
• Subscription model
ensures accountability
and accuracy
• Completely eliminates
need for skilled resources
• Pay-as-you-Grow start
small and grow in scope
and price
• Hosted model retains
data privacy in enterprise
sites
6
CNAM Features:NETMONASTERY attacks the core and delivers solutions rather than products that
are demanding
• Deep packet detection
technologies like
signature based, anomaly
based, flow based and
intelligence is deployed
on the clients infra
• Named Gartner Cool
Vendor in Security for
Technology and Service
Providers, 2014
• Showcased at the
Gartner Security Summit
KEY FEATURES ACHIEVEMENTS
1. CNAM is a pre-integrated platform that
brings detection, correlation, threat
intelligence and application monitoring as a
part of the product
2. CNAM is delivered in the subscription model,
THE CNAM PLATFORM
on the clients infra
• Unique SIX layer
correlation and
aggregation engine
• Application integration
into security
infrastructure
• Global and local threat
intelligence feed
integration
• Automated risk analysis
and response system
Gartner Security Summit
as a top 3 security
startups worldwide
• Service operational for
the last six years, without
an incident, and without
losing a customer
• Customer list includes
the largest telecoms,
banks, financial
institutions, exchanges,
datacenters and
ecommerce
2. CNAM is delivered in the subscription model,
customers pay based on their monthly data
usage
3. Accountability of management, accuracy and
real-time delivery remains with vendor
4. Average deployment time is 42 hours
7
About NETMONASTERYAbout NETMONASTERY
Overview NETMONASTERY NSPL
� Network security company , founded in 2002
� Goal :
� assisting enterprises in securing their network
� and applications by detecting threats in real time.
� Dedicated core group of security industry experts
Leader in detecting and nullifying threats,
Company Profile9
� Leader in detecting and nullifying threats,
� thereby keeping enterprises free from security hassles and
dangerous intrusions.
� Mission:
� To ensure that enterprises can stay secure and be relieved from
worrying about security of their infrastructure, thereby allowing
them to concentrate on their core business aspect.
An indicative timeline with the key milestones &
phases of growth by NETMONASTERYT
HE
TIM
ELI
NE
NETMONASTERY builds SiteVaxin
(Intrusion Prevention System) and
ZoneVaxin (Traffic Anomaly Engine).
Product re-engineered three times to
match demands, incorporating multi-
layer correlation, SaaS models, app
monitoring and data privacyCustomers
Understanding market need and
identifying growth potential
Initial product engineering
and beta roll-out
Re-engineering and
strategic alignment
Growth and roll-out in
global markets
10
CNAM is launched
with the first paying
customer
NM migrates from
consulting to services
Delivers Incident Handling services
Security Consulting Consulting (Intrusion Analysis)
Pioneering Powering the SaaS delivered SIEM
Retaining all customers since launch Customers: Multiple
Presence: India
Revenue: USD -
Profitability: 30%
Customers: 3000+
Presence: IN, US
Revenue: USD 5Million
Profitability: 50+%
$$$ Capital Influx
SUSTAINANCEGROWTH CAPITAL
Named
Gartner Cool
Vendor
NETMONASTERY Team
BINEETBINEETBINEETBINEETHEAD, OPERATIONSHEAD, OPERATIONSHEAD, OPERATIONSHEAD, OPERATIONS HARSHAOPERATIONS VIKRANTOPERATIONS SEANMARKETINGSHOMIRONSHOMIRONSHOMIRONSHOMIRONFounder, CEOFounder, CEOFounder, CEOFounder, CEOSHOMIRON is an intrusion analyst,
brings vision and strategy into
engineering and product
development
BINEET handles delivery and solution
design, brings core team
India
team
11
SANJAYSANJAYSANJAYSANJAYHEAD, ALLIANCESHEAD, ALLIANCESHEAD, ALLIANCESHEAD, ALLIANCESMEGHNATHANMEGHNATHANMEGHNATHANMEGHNATHANHEAD, ENGINEERINGHEAD, ENGINEERINGHEAD, ENGINEERINGHEAD, ENGINEERING
DEVENALLIANCES MERVINALLIANCESJAGDISHENGINEERING AKASHENGINEERING GAURAVENGINEERING
FAZALDESIGNdesign, brings core team
management. Been in the system for
the last 6Yrs
SANJAY builds partners and
alliances, brings strategy and growth
insight. Largely experienced with
27Yrs in various roles in IT / Risk
MEGHNATHAN builds solutions,
drives integration and intelligence
platforms. Been in the system for
6Yrs
US
team
TBKTBKTBKTBKUS CEOUS CEOUS CEOUS CEO ProfileProfileProfileProfile
TBKTBKTBKTBKVP, AlliancesVP, AlliancesVP, AlliancesVP, Alliances ProfileProfileProfileProfile
TBKTBKTBKTBKVP, ProductsVP, ProductsVP, ProductsVP, Products
Clientele
12
Market Traction: Clientele
� NETMONASTERY’s CNAM solution had been subscribed by more than 30
enterprises including :-
� One of the world's leading telecommunications groups, with a significant presence in
Europe, the Middle East, Africa and Asia Pacific
� One of the world’s leading media and entertainment companies broadcasting more
than 40 channels in 7 languages, reaching more than 600 million viewers every week
across India and 100 other countries
� Leading financial services powerhouse in India servicing over 2 million customers
13
� Leading financial services powerhouse in India servicing over 2 million customers
� Second largest Commodity & Derivative exchange of India
� Largest Pizza Delivery chain in India
� India’s largest auto media platform
� India’s third largest Public Sector Bank
� India’s fastest growing private sector bank with a network of 180 branches across 13
states
� India’s premier lender to SMEs and MSMEs
� India’s leading online travel portal having more than 40 million customers
� India’s leading Credit Information Company
Awards
14
NETMONASTERY Named Gartner Cool Vendor in Security for
Technology and Service Providers, 2014
Business Model
� NETMONASTERY employs the ‘SaaS’ based monthly subscription model as
it provides the following advantages
� PAY-AS-YOU-GROW – Enables the smallest customers to subscribe and grow securely
� NO CAPITAL EXPENSE – Bring down the most critical entry barrier, increase accessibility
� SUBSTANTIALLY CHEAPER – The delivery model makes expensive tech share cost
advantages.
� SLA DRIVEN PROGRAM – Zero risk on failed starts, the onus of delivery on the vendor
The subscription rates have been structured in a three tier format as per
15
� The subscription rates have been structured in a three tier format as per
the client size
� Tier I Client – USD 10,000 per month
� Tier II Client – USD 6,667 per month
� Tier III Client – USD 3,333 per month
Go to Market StrategyGo to Market Strategy
• Direct marketing
strategies will help get
direct face time with
customers and partners
• Strong online content
marketing strategies, is
• Press programs is
critical to widespread
success
• Engage with the press
directly and through
agencies to float pegs
• Hosting providers are a
natural fit to use CNAM
for the security delivery
platform
• Independent Software
Vendors are key to
• Need generation – it is
key for the customer to
understand the value
prop.
• Engagement – demos,
benefits and uniqueness
MARKETING PR STRATEGYALLIANCE
PROGRAMSSALES CYCLE
Unique strategies and messaging used for marketing
CNAM to the enterprise market
marketing strategies, is
building direct connects
• Participate actively in
partner marketing
programs
• Wait and watch for high
investment event
programs
• Social forums to be used
to establish thought
leadership and build a
strong a outreach
framework
agencies to float pegs
• Focus on GEO political
stories from threat data
analysis
• Build data partnership
to share security
intelligence with
publishers
• Seed stories with
journalists and allow
them to break
intelligence information
Vendors are key to
include monitoring to
their portfolio
• System integrators can
setup managed security
offering using CNAM
• Application developers
can integrate with CNAM
to deliver secure
software
benefits and uniqueness
• Proposal – scoping,
solution and submitting
the proposal
• Evaluation – defining
evaluation criteria,
evaluation
• Closure – negotiation,
closure and booking
• Average sales cycle
between 30 – 40 days
17
• HP, Intel, EMC, IBM,
Splunk, are SIEM
products that deliver
several use cases.
• Threat management
needs special detection
• Verizon, Damballa, Dell
SecureWorks, Paladion,
HCL are security service
providers
• Use off the shelf
products or the
• AlertLogic, SumoLogic,
SplunkStorm, Loggly are
SIEM / threat
management providers in
the cloud
• Primary focus on log
• CNAM is deployed in
the pay-per-use model
substantially cheaper
than the product
approach
• Deployed product, data
PRODUCT
APPROACHMSP OPERATORS CLOUD PROVIDERS NETMONASTERY
Different models pose different challenges and competition
for NETMONASTERY, presenting a map of the space
needs special detection
stack apart from the SIEM
• Special expertise is
required to deploy and
maintain the detection
engineering
• Extremely expensive
product, deployment and
maintenance.
• Long deployment time
but results not
guaranteed
products or the
customers infra to deliver
threat management
• Focus largely on system
management revenue
• In shared systems data
privacy is a roadblock
• Expensive for ownership
solutions, results not
guaranteed
• Primary focus on log
aggregation and
monitoring and not
threat management
• Pay-per-Use offers
substantial advantages
• Data privacy is breached
• Comprehensive solution
to threat management
does not exist
• Deployed product, data
remains with customer
data privacy intact
• Focuses on the threat
management use case
• Deploys quickly, average
of 42 hours per setup
• Accountability on the
vendor
• Expertise comes with
the solution platform
18
Industry OverviewIndustry Overview
SIEM Market Overview
� The security information and event management (SIEM) market is defined by the
customer's need to analyze security event data in real time for internal and external
threat management, and to collect, store, analyze and report on log data for
incident response, forensics and regulatory compliance
� SIEM is a $1.5 billion market that grew 16% during 2013; with an expected growth
rate of 12.4% during 2014
� The SIEM market is now dominated by relatively few large vendors — HP, IBM,
McAfee, EMC (RSA) and Splunk — that command about 60% of market revenue
20
McAfee, EMC (RSA) and Splunk — that command about 60% of market revenue
� Growth Drivers
� Breach detection is the primary driver
� Compliance remains a secondary driver
� In North America, there continues to be many new deployments by smaller
companies that need to improve monitoring and breach detection
� Demand for SIEM technology in Europe and the Asia/Pacific region remains strong,
driven by a combination of threat management and compliance requirements
Source: Gartner
Why CNAM is the best SIEM option
COST – High cost of acquisition INEXPENSIVE – Easy Pay-as-you-Go
COMPLEX – Correlation is challenging EFFORTLESS – Needs no configuration
SIEM CNAM
COMPLEX – Correlation is challenging EFFORTLESS – Needs no configuration
PRODUCT – Provides only correlation SOLUTION – Delivers a focused need
UPFRONT – Failure results in huge loss SUBSCRIPTION – No lock-in, risk-free
WIDE FOCUS – Multiple use cases FOCUSSED – Real-time threat mgmt.
21
Private & Confidential
Thank You
22