ENTERPRISE

Radware Security Solutions Battle Card

KEY SELLING POINTS QUALIFYING QUESTIONS

LEAD OFFERING DIFFERENTIATORS SOLUTION KIT QUALIFYING QUESTIONS - ENTERPRISE RESPONSE APPROPRIATE SOLUTION
Is application availability the main concern of the Yes GTM #1 – Online business protection
Hybrid attack Coverage Service DefensePro
mitigation • Unique SSL mitigation solution • ERT when under attack business (vs. data center protection)? No GTM #2 – Data center protection
GTM 1 – Service Availability

managed service • Best of breed integrated WAF • Fully managed service DefenseSSL Yes Lead with Cloud WAF (w/ DDoS) offering

GTM 1 – Service Availability

Are there any web applications in the cloud or planned
Accuracy Solution to be migrated? Do these require protection? No Lead with hybrid attack mitigation
DefensePipe
ERT Premium • Behavioral-based detection • Single-vendor, full solution
• Real-time signature creation (WAF and SSL) AppWall Do they have a strong web presence that requires Yes Include WAF in the offering
WAF + SSL Time to Protect • Synchronized operations protection or compliance?
ERT Premium Do they have encrypted traffic through their network? Yes Include SSL mitigation solution
mitigation • Real-time response in seconds with Defense Messaging
Lead with hybrid attack mitigation managed
No
Web Security Service Do they employ security experts to manage devices? service (w/ ERT Premium)
• Adaptive, automated policy generation • 24x7 full service Would they prefer to manage their own devices? Lead with hybrid attack mitigation
Cloud WAF • Full OWASP Top 10 in the cloud
Cloud WAF Yes
Solution self-managed solution
Service • Behavioral-based DDoS included • Integrated CPE & Cloud
(w/ built in DDoS)
Yes Lead with hybrid attack mitigation
• Positive & negative security models WAF technologies
Is the customer open to having gear on premise? Offer Standalone DefensePipe yet present
No full hybrid solution to clarify differentiator and
Coverage Service potential upsell
• Unique SSL mitigation solution • 24x7 full service DefensePro
Hybrid attack • Best of breed WAF integrated Is data center protection the main concern of the Yes GTM #2 – Data center protection
Solution
GTM 2 – DC Protection

mitigation DefenseSSL business (vs. application availability)?

Accuracy • Single-vendor, full solution No GTM #1 – Online business protection

GTM 2 – DC Protection
(self-managed) • Behavioral-based detection (WAF and SSL) DefensePipe Lead with hybrid attack mitigation
WAF + SSL • Real-time signature creation Yes
Synchronized operations self-managed solution
mitigation Do they employ security experts to manage devices?
Time to Protect with Defense Messaging AppWall
• Real-time response in secs Would they prefer to manage their own devices? Lead with hybrid attack mitigation managed
No
service (w/ ERT Premium)
Security Do they have encrypted traffic through their network? Yes Include SSL mitigation solution
• SSL mitigation in the cloud
On-Demand • Mitigation quality with real-time signature (vs. non Akamai/Prolexic) Standalone Yes Lead with hybrid attack mitigation
Cloud DDoS Only Solution DefensePipe Customer is open to having gear on-premise? Offer DefensePipe Standalone but walkthrough
• Ability to scale to full hybrid (add on-premise) No full hybrid solution to clarify differentiator +
• Radware owns technology and service potential upsell

OBJECTION HANDLING COMPETITIVE LANDSCAPE

I don’t have the resources to manage this additional equipment. DDoS
Radware’s Attack Mitigation System reduces TCO by significantly reducing the time security teams have to spend on configuration, maintenance,
reporting and analysis. Radware’s fully managed service deployment options cover all protection elements. Customers can outsource their cyber security Differentiator Radware Arbor F5 Akamai A10 Corero
defense to industry experts to monitor and manage.
Single Vendor Hybrid
Protection
I haven’t been targeted with advanced cyber-attacks.
Radware’s research suggests that over 90% of organizations suffered a cyber-security attack that could have been mitigated by Radware’s Attack Mitigation Capacity and
Mitigation System. Most likely the customer was attacked and is not aware. Today’s ease of launching attacks makes organizations of all sizes, industries Scale
and geographies potential targets. Proactive protection will prevent financial impact of an attack (which is higher than the cost of Radware’s AMS) Behavioral Attack
Detection
My applications are hosted in the cloud and protected by my cloud service provider.
Radware offers a variety of cloud-based deployments that work in conjunction with cloud-based applications. Many cloud providers offer some security Coverage (L3/4, L7,
services, but it is important to fully understand the scalability and vector coverage as they vary. Finally, Radware’s Attack Mitigation System is designed encrypted, dynamic)
to streamline security policy management and orchestration in application environments leveraging both on-premise and cloud-based application Zero Day Protection via RT
hosting (hybrid solution). Signatures

I have other perimeter security products, such as a NGFW providing protection. WAF
Firewalls provide policy-based control of access to critical network or application infrastructure components, however they don’t provide protection from Differentiator Radware Imperva F5 Akamai Cloud Flare Incapsula
volumetric threats (like DDoS) or vulnerabilities inherent in the application’s code. For volumetric attacks, firewalls (like any stateful device) will only be
able to track a limited number of connections before their session tables fill up and they fail. When application logic attacks that attempt to ‘crack’ the OWASP Top 10 Coverage
application, firewalls can only provide protection based on known signatures with no automated policy learning to proactively protect applications from
new attack vectors. Cisco recently partnered with Radware, leveraging its DDoS mitigation technology to complement the NGFW capabilities. Adaptive Auto Policy
Generation
I use security protections from my CDN provider.
Many CDN providers offer security services in conjunction with site optimization. While convenient to purchase together, these security services often Cloud + CPE Applications
provide weak protection from multi-vector attacks combining OWASP Top 10 application threats and DDoS. A wide variety of dynamic content attack Policy Coordination
tools that take advantage of CDN behavior with requests for non-cached content. Other attack tools that can generate sophisticated attacks across Cross Network
CDN nodes, essentially turning the CDN itself into a large attack source. Finally, leveraging CDN based protections means an organization has limited Synchronization
coordination of security policy across environments where multiple CDNs are leveraged, and limited protection for attacks against the data center. Bot Detection and
Fingerprinting
 CARRIER AND SERVICE PROVIDERS
Radware Security Solutions Battle Card

KEY SELLING POINTS QUALIFYING QUESTIONS

LEAD OFFERING DIFFERENTIATORS SOLUTION KIT QUALIFYING QUESTIONS - SERVICE PROVIDERS RESPONSE APPROPRIATE SOLUTION
1. Comprehensive solution covering both DDoS and Cloud WAF Has the service provider had a customer who went down?
Resell Radware GTM #3 – Building a Business with reselling
application attacks Hybrid Attack Mitigation Is the service provider liable for customer SLA outages? Yes
Cloud Services Radware’s cloud services
2. Flexible terms in structuring the deal (DefensePipe) Are they looking for additional revenue streams?
GTM 3 – Resell

(Opex, Capex)

GTM 3 – Resell
Radware products Open to Lead with reselling Radware’s existing cloud
to build a business: 3. Unmatched security expert support for SPs by ERT 1. DefensePro + Does the service provider require a customized resell services
1. DDoS as a 4. Marketplace credibility and good record DefenseSSL solution or open to reselling Radware’s offering?
5. MSSP Portal - flexible tool for extended
Customized Lead with Radware products to build their own
Service + Peak Protection solution service
2. WAF as a tenant visibility 2. AppWall + Elastic WAF
Service 6. Go-To-Market support in marketing their 3. MSSP Portal Can go with Radware products to build their
Can the service provider handle the complexity Yes
3. MSSP Portal security services own service
involved with building his own service?
DefensePro No Lead with reselling Radware’s existing cloud services
1. Industry’s most scalable platform for
Scrubbing Center DefenseFlow
GTM 4 – Infrastructure Protection

service providers Is the service provider interested in building & selling Inline AMS – provides immediate detection &
Yes

GTM 4 – Infrastructure Protection

2. Unmatched attack detection - patented behavioral (recommended) always-on (inline) solutions (vs. on-demand (out-of- mitigation
Always On analysis technology path))? No Out-of-Path AMS for on-demand/scrubbing centers
DefensePro
Protection 3. Highly automated attack detection and mitigation DefensePipe Network-based AMS (inline or OOP) for widest
Network-based and minimizing OPEX costs by reducing manual efforts Yes
Peak Protection coverage and multi-tenant support
Hybrid Solutions 4. Widest attack coverage including out-of-path Does the service provider want to deploy multi-tenant
NetFlow & protection from SSL/encrypted attacks Radware Flow Collector platforms (vs. dedicated appliances)? Lead with hybrid attack mitigation – TOR with
5. Integrated security solution across DDoS and WAF No
OpenFlow DefenseFlow dedicated hardware per customer
(SDN based) 6. SDN-ready, seamless integration with DefensePro Yes Network-based on TOR self-managed by the SP
today’s offering Does the service provider have dedicated networking
Peak Protection 7. Unmatched security expert support for service Peak Protection and/or security teams? Resell Radware cloud solutions,
No
providers by ERT backed up by Radware ERT/TAC

OBJECTION HANDLING COMPETITIVE LANDSCAPE

My customers don’t ask for security services. DDoS
According to industry analysts, the security services market is projected to grow to $170M by 2020. As enterprises continue to migrate more mission
critical, production systems into the cloud they will put more emphasis on ensuring their service provider is putting appropriate security around those Differentiator Radware Arbor F5 Akamai A10 Corero
applications. Radware’s packaged application delivery and attack mitigation technologies enable cloud and hosting providers to sell to clients as high
Single Vendor Hybrid
value, revenue generating services. Service providers that deploy advanced services based on Radware solutions typically generate margins of 40-60%
Protection
and benefit from a variety of flexible investment options that include OPEX-only payment models. These services differentiate a provider’s business, add
margin to current tenant revenues and attract new customers. Mitigation Capacity and
Scale
I am moving to NFV/SDN. Behavioral Attack
As service providers plan and deploy SDN architectures, it’s important to find solutions that can bridge data to the SDN control plane. With the right Detection
solution, service providers can get automated control of security across the entire network. Radware offers service providers deploying SDN/NFV,
DefenseFlow to provide the intelligence needed to analyze network-wide telemetry from multiple sources and quickly perform optimal mitigation based Coverage (L3/4, L7,
on automated network policy rules. DefenseFlow is a software product that leverages network technologies to provide attack mitigation as a native encrypted, dynamic)
network service. It is the first SDN application that programs networks for DDoS security and provides real time DDoS network-wide mitigation and Zero Day Protection via RT
protection. Signatures

I have other security products in my environment. WAF

At Radware, we’re accustomed to working with security providers that have a wide variety of security products within their environment. Often we Differentiator Radware Imperva F5 Akamai Cloud Flare Incapsula
work with service providers that are looking to replace certain security products that don’t offer the breadth of attack vector coverage or automation
capabilities of Radware products. Other times service providers are looking to add high margin service capabilities that they can offer customers, and OWASP Top 10 Coverage
see benefits in Radware’s multi-tenant capabilities.
Adaptive Auto Policy
I don’t have the staff to support customers with security services. Generation
Radware can augment existing support teams to ensure customers get the support they need. Technical support is available for all of Radware products
through the Certainty Support Program. Each level consists of four elements: phone support, software updates, hardware maintenance, and on-site Cloud + CPE Applications
support. Dedicated engineering staff can assist service provider clients on a professional services basis for advanced project deployments. Policy Coordination
Cross Network
I don’t want another box in my network. Synchronization
This is a common concern for service providers, either because they don’t have the staff to manage the solutions or aren’t sure how the hardware can Bot Detection and
be architected into their infrastructure. Radware offers fully managed services for all of its security products and services. Additionally, Radware offers Fingerprinting
a wide array of form factors that don’t require the deployment of new hardware. Radware cloud-based resources can be leveraged to support service
provider offerings. Also, DefenseFlow is a software product that leverages network technologies to provide attack mitigation as a native network service.
It is the first SDN application that programs networks for DDoS security and provides real time DDoS network-wide mitigation and protection.