Anatomy IT Security Suite Commercial Guidebook PDF 01262024

Summary

This document is a commercial guidebook for Anatomy IT's Security Suite, outlining how to effectively communicate their cybersecurity solutions to prospects and customers. The guidebook details internal background information, terminology, and talking points tailored to different market segments.

Full Transcript

Security Suite Commercial Guidebook This commercial playbook is a tool you can use to communicate our Security Suite confidently and clearly to your prospects and customers. It provides internal background information, terminology, and talking points that resonate with our customers and prospects ba...

Security Suite Commercial Guidebook This commercial playbook is a tool you can use to communicate our Security Suite confidently and clearly to your prospects and customers. It provides internal background information, terminology, and talking points that resonate with our customers and prospects based on their market segment, positioning you as a trusted advisor. Dear Anatomy IT Commercial Team, In today's dynamic and ever-evolving threat landscape, we recognize that cybersecurity is not just a priority; it's at the core of Anatomy IT's mission. This guidebook is designed to help you effectively speak to our expanded Security Suite and is intended exclusively for internal use within the Anatomy IT team. At Anatomy IT, one of our foremost commitments is to safeguard our customers from the constantly evolving cybersecurity threats. By expanding our Security Suite, we are taking proactive steps to adapt, strengthen, and broaden our cybersecurity offerings. Our Security expansion is designed to bridge the "NIST gap" effectively. It significantly enhances our capabilities in threat detection and incident response, ensuring alignment with the National Institute of Standards and Technology's (NIST) five core functions of Identify, Protect, Detect, Respond, and Recover. This alignment reaffirms our commitment to providing our customers with a comprehensive cybersecurity approach that adheres to world-class security standards. In place of simply promoting individual products or solutions, we are ushering in a new era of holistic-based selling. We will initiate custom dialogues with our customers and prospects, leveraging our proprietary risk discovery tool. This approach empowers them to gain a comprehensive understanding of their unique risk environment and explore tailored recommendations that align with their specific risk tolerance levels. It's a holistic approach that fosters trust and long-term partnerships. Together, we will continue to set new standards for cybersecurity, fortify our position as a trusted partner, and drive the success of Anatomy IT in this fast-paced digital transformation age. Sincerely, Rick Passero Chief Security Information Officer Jan Koster Director of Security This content is strictly for internal use and should not be shared with external audiences. Security Suite Expansion: Internal Strategy In today’s rapidly evolving threat landscape, we see the expansion of our Security Suite as not just a necessity but a cornerstone of Anatomy IT’s mission. This section provides background information about the purpose of our Security Suite expansion. 1. Better protection for our customers Our commitment is to protect our customers from these evolving threats. By expanding our Security Suite, we're proactively adapting, fortifying, and extending our cybersecurity offerings, helping ensure our customers operate in a secure environment. 2. Complete alignment with NIST’s five core functions Our Security Suite expansion specifically addresses the "NIST gap", enhancing our detection and response capabilities. This comprehensive alignment means our customers can be assured they are benefiting from a holistic security approach that's in line with world-class standards. 3. Holistic value-based selling Rather than simply promoting individual products or solutions, we will initiate a custom dialogue using our proprietary risk tolerance tool. This approach will enable customers and prospects to gain a comprehensive view of their risk environment and explore recommendations tailored to their risk tolerance. 4. New avenues for growth & revenue generation By expanding our Security Suite, we're not just enhancing our solution lineup but actively creating new avenues for growth. This expansion means more solutions for our clients, increasing trust, longer partnerships, and new revenue streams for Anatomy IT. This content is strictly for internal use and should not be shared with external audiences. |2 Value Proposition A value proposition is a simple statement that summarizes why a customer would choose our product or service over the competition. It explains how we’re different (and better) and communicates the clearest benefit customers receive by giving us their business. A value proposition is not a script to be used externally. Instead, it is a foundational blueprint for crafting compelling and targeted messaging. Expanded Security Suite Healthcare Value Proposition Healthcare organizations choose Anatomy IT because our expertdriven Healthcare Security Standard fortifies organizations for the long term. Only Anatomy IT has the deep healthcare understanding and experience to protect and secure what matters most. Expanded Security Suite Commercial Value Proposition Organizations choose Anatomy IT because our expert-driven Commercial Security Standard fortifies organizations for the long term. Only Anatomy IT has the deep, strategic business understanding and experience to protect and secure what matters most. This content is strictly for internal use and should not be shared with external audiences. |3 Security Suite Expansion: Commercial Script The script below provides an overview of the expanded Security Suite and should be used in commercial applications: At Anatomy IT, we understand the immense pressure you’re under to keep your organization secure. That's why we created the Healthcare Security Standard, an expert-driven cybersecurity approach that provides strategic guidance and tailored solutions to fortify your organization. You can breathe easier partnering with us, knowing the experience gained from over 30 years and more than 1,000 clients is at work for you. Core This foundational level provides essential cybersecurity protection: Expert Managed Endpoint Detection and Response Enterprise Grade Multi-Factor Authentication Advanced Security, Encryption & Data Loss Prevention for Email/M365 DNS-Layer Security Best-In-Class User Security, Awareness & Training, Phish Testing & Dark Web Scanning Advanced threat hunting & persistent threat monitoring Basic Microsoft 365 SIEM (14d) Advanced Designed to be the ideal choice for most healthcare providers, this offers more comprehensive security solutions, providing robust protection: All of core, plus Full cloud and network SIEM – 1-year log retention (replaces Microsoft 365 SIEM (14d) in Level 1) This content is strictly for internal use and should not be shared with external audiences. |4 Security Suite Expansion: Commercial Script Complex Intended for large-scale healthcare providers, complex organizations, or those with elevated security demands. This offers our most comprehensive security protection, providing the highest cybersecurity measures. All of core, plus Full cloud network SIEM – 1-year log retention (replaces Microsoft 365 SIEM (14d) Application Whitelisting – Configuration Control Advisory Services Within these personalized recommendations, we also incorporate advisory and security consulting services as necessary. These services include vCISO, risk assessments, audits, penetration testing, and vulnerability scanning. This content is strictly for internal use and should not be shared with external audiences. |5 Understanding the Risk Discovery Tool Anatomy IT’s proprietary Risk Discovery Tool provides a guided approach to understanding our customers’ security needs. Rooted in a methodical approach, this tool quantifies their risk tolerance and posture through a series of insightful questions. How it works The tool calculates two critical metrics: 1. Risk Tolerance Percentage - This gauges the level of risk a customer is willing to accept, considering their needs, market segment, size, complexity, and more. 2. Risk Posture Percentage - This metric reveals the customer’s current security stance and how robustly they are equipped to handle cyber threats. Utilizing these two scores, the Risk Tolerance Tool delivers a custom solution recommendation. Using the Tool The Risk Discovery Tool is a foundation for in-depth conversations about priorities, concerns, and goals, enabling you to effectively tailor your pitch and address individual customer pain points. Engage in targeted conversations: With metrics at your fingertips, you can engage customers in meaningful and focused dialogues about their specific needs and concerns. Foster credibility: The Tool's data-backed recommendations lend credibility to your recommendations. It’s not about pushing a product; it’s about offering a solution derived from the customer’s own data. Deepen customer relationships: By understanding a customer’s risk tolerance and posture, you can offer valuable insights as a trusted advisor, not just a vendor. This content is strictly for internal use and should not be shared with external audiences. |6 Explaining Risk Tolerance to Healthcare Customers Anatomy IT’s Risk Discovery Tool analyzes customers' specific challenges and vulnerabilities and guides them toward their ideal cybersecurity level. Helping our customers understand their risk tolerance can help them see the value in what they purchase rather than viewing it solely as a cost. Here are some strategies to help explain this concept: 1. Cyber Threats Mirror Health Threats Relate cyber threats to what healthcare professionals know best – health risks: some are minor (a cold), and others are severe (a heart condition). Just as the severity of health issues dictates treatments, cyber threats require different levels of protection. 2. Regulatory Compliance While regulations like HIPAA shape the risk views of many healthcare organizations, it isn't one-size-fits-all. For example, hospitals will have a lower risk tolerance than a local clinic 3. Patient Safety Risk tolerance will vary based on the sub-vertical. For example, a hospital with a trauma center naturally has a lower risk tolerance than a small orthopedic ambulatory surgery center in a city. 4. Operational Continuity The healthcare sub-vertical will also impact attitudes toward operational continuity risk. A small ortho ASC might consider system downtime a mere inconvenience. However, a dentist's office that highly depends on its X-ray machines and EHR/EDR can’t risk those systems being offline for days or weeks. 5. Striking a Balance Just as in healthcare, where there's a balance between risk and treatment, cybersecurity is a balance between risk tolerance and security measures. Not all risks can be eliminated – in health or cybersecurity. Understanding one's tolerance can guide the right preventive and responsive actions. This content is strictly for internal use and should not be shared with external audiences. |7 Features & Benefits by Market Segment To guide your conversations, we have prepared segment-specific features and benefits to ensure our communication not only addresses each segment's unique needs but also reinforces our position as experts who truly “speak their language.” This content is strictly for internal use and should not be shared with external audiences. |8 Features & Benefits by Market Segment Clinics Typically, will fall into Core or Advanced, but the results are determined by the customer’s responses within the Risk Tolerance Tool. Core Features Benefits Essential cybersecurity protection Ensures that clinics with limited IT resources have essential safeguards in place, reducing legal, financial, and reputational risk. Value-driven Offers clinics cost-effective security solutions, allowing them to achieve compliance and patient trust without a heavy financial burden, ensuring operations remain profitable. Meets basic security requirements Helps clinics fulfill baseline regulatory requirements like HIPAA & PCI, minimizing the risk of penalties or breaches. Enterprise-Grade Prevention, Detection and Response Protects clinics from a wide range of threats in real-time, ensuring that EHRs and other critical data remain safe, even with a limited budget. Enterprise-Grade Multi-Factor Authentication Adds an extra layer of security, ensuring that only authorized personnel can access sensitive patient data, reducing the risk of breaches. Advanced Security, Encryption & Data Loss Prevention for Email/M365 Secures communication within the clinic and with third-party vendors, ensuring patient information shared via email remains confidential and protected from phishing threats. DNS-layer Security Guards against web-based threats, ensuring staff can safely use the internet without inadvertently exposing the clinic to malware or other cyber threats. Best-In-Class user security, awareness & training, phish testing & dark web scanning Empowers clinic staff with the knowledge to recognize and avoid potential cyber threats, from phishing emails to unsafe online behaviors, helping reduce vulnerabilities from human error. Basic Microsoft 365 SIEM (14d) Offers clinics streamlined real-time threat monitoring within the familiar Microsoft 365 environment, bolstering patient data protection and compliance. Advanced: All of the above plus* Comprehensive Managed SIEM and Cloud Protection (1y) *Replaces the Basic Microsoft 365 SIEM (14d) in Level 1 (14d) in Level 1 Offers year-round integrated oversight of security events and in-depth threat analysis, essential for a clinic where the constant flow of patient data requires unwavering protection. Advanced Cloud Protection is a robust safeguard for EHRs and the clinic's interconnected systems, countering continuously emerging cyber threats and ensuring the privacy and security of patient records, even when managed in cloud-based platforms. Together, they ensure clinics uphold the highest patient data protection and operational efficiency standards, simplifying compliance measures and significantly reducing vulnerability risks. This content is strictly for internal use and should not be shared with external audiences. |9 Features & Benefits by Market Segment ASCs & Multi-Location Practices Typically, will fall into Advanced or Complex + Security Consulting/Advisory Services, but the results are determined by the customer’s responses within the Risk Tolerance Tool. Advanced Features Benefits Managed Endpoint Detection and Response Offers a robust line of defense against breaches, protecting EHRs and patient data, which is fundamental for maintaining trust and operational integrity. Provides real-time monitoring and response to threats, ensuring numerous and varied medical devices and IoT in ASCs and multi-location practices are protected from vulnerabilities Enterprise Grade Multi-Factor Authentication Ensures only authorized personnel access critical systems, particularly vital for ASCs and multipractice locations with remote access needs. Advanced Security, Encryption & Data Loss Prevention for Email/M365 Protects against phishing attacks and unauthorized data access, a necessary safeguard given ASCs and multi-practice locations' frequent communication with other providers, third-party vendors, and patients DNS-layer security Shields ASCs from malicious websites and online threats, enabling safe browsing for all staff and reducing the risk from internet-based threats. Best-In-Class user security, awareness & training, phish testing & dark web scanning Equips staff with the knowledge to recognize and combat threats while monitoring for compromised data on the dark web, enhancing overall ASC and multi-location practice security posture. Advanced threat hunting & persistent threat monitoring Proactively searches for and mitigates potential threats before they cause harm, an essential feature given the high volume of sensitive patient data ASCs and multi-location practices handle and store. Comprehensive Managed SIEM and Cloud Protection (1y) Provides a year-long, centralized oversight of security events and deep threat analysis, imperative for ASCs and multi-location practices where patient data flows between locations. Enhanced Cloud Protection acts as a shield for EHRs and other interconnected systems, guarding against ever-evolving cyber threats and ensuring the integrity and confidentiality of patient data, even when it's stored or processed in the cloud. Together, this ensures that every facility, regardless of geographical location, is uniformly secure. This approach means that all ASCs and multi-location practices uphold the highest patient data protection and operational efficiency standards. It simplifies compliance efforts and reduces the risk of vulnerabilities in any part of the organization. Complex: All of the above plus Application Whitelisting – Configuration Control By permitting only vetted and approved software to operate across every facility and maintaining consistent, secure configurations, ASCs and multi-location practices achieve a unified and robust defense against malware and unauthorized applications. Safeguards the integrity of patient data and ensures seamless and secure inter-facility operations, reducing the risk of security breaches stemming from inconsistent software or system misconfigurations. Add-on (depending on customer’s results) Security Consulting/Advisory Services Specialized guidance from our expert CISOs Risk assessments tailored to the unique needs of multiple sites Thorough testing that identifies potential vulnerabilities Ensures that patient data remains secure across all locations, simplifying compliance efforts and providing consistent, high standards of data protection and operational efficiency. This content is strictly for internal use and should not be shared with external audiences. | 10 Features & Benefits by Market Segment Hospitals Typically, will fall in Advanced or Complex + Security Consulting/Advisory, but the results are determined by the customer’s responses within the Risk Tolerance Tool. Advanced Features Benefits Managed Endpoint Detection and Response Provides hospitals, which house vast amounts of sensitive patient data, with a robust defense against sophisticated cyber threats. This ensures uninterrupted medical services while prioritizing the protection of this data, making them less viable targets for cybercriminals. Offers continuous monitoring and rapid response to any suspicious activity on hospital devices, ensuring that potential threats are identified and neutralized promptly. Enterprise Grade Multi-Factor Authentication Reduces the risk of unauthorized access, even if login credentials are compromised, offering an added layer of security for critical systems and patient data. Advanced Security, Encryption & Data Loss Prevention for Email/M365 Safeguards against phishing attacks and email-borne malware, ensuring hospital communications remain confidential and protected from external threats. DNS-layer security Blocks access to malicious websites and domains, protecting the hospital network and devices from web-based attacks and potential ransomware threats. Best-In-Class user security, awareness & training, phish testing & dark web scanning Empowers staff with the knowledge and tools to recognize and thwart cyber threats, reducing the risk posed by human error and enhancing overall cybersecurity posture. Advanced threat hunting & persistent threat monitoring Proactively searches for signs of undetected threats within the hospital's IT environment, ensuring that even the most stealthy and sophisticated cyber threats are identified and remediated. Comprehensive Managed SIEM and Cloud Protection (1y) Provides a centralized view of security events and data, facilitating rapid detection and response to any security incidents. The extended Cloud Protection ensures that patient data and medical applications hosted in cloud environments are shielded from emerging threats. Together, these robust measures support HIPAA compliance by helping hospitals maintain the confidentiality, integrity, and availability of patient health information. This comprehensive coverage is vital for hospitals with multiple departments and external clinics, allowing for seamless and unified security management across all units. Complex: All of the above plus Application Whitelisting – Configuration Control Ensures that only approved and essential software runs on the network, which is critical for complex hospital environments with multiple departments and varied software requirements. Reduces the risk of malware attacks and unauthorized software interference, helping maintain the continuous, secure, and efficient operation of critical medical systems, safeguarding patient data, and ensuring the smooth delivery of patient care. Add-on (depending on customer’s results) Security Consulting/Advisory Services Equips hospitals with the specialized expertise of our CISOs Risk assessments are tailored to the unique needs of hospitals, and thorough testing identifies potential vulnerabilities. Expert guidance helps ensure patient data integrity, continuity of critical medical services, and compliance with healthcare-specific regulations. This content is strictly for internal use and should not be shared with external audiences. | 11 Features & Benefits by Market Segment Other/Non-Healthcare Typically, will fall in Core or Advanced, but the results are determined by customer’s responses within the Risk Tolerance Tool. Core Features Benefits Essential cybersecurity protection Ensures that businesses with limited IT resources have essential safeguards in place, reducing legal, financial, and reputational risk. Value-driven Offers businesses cost-effective security solutions, allowing them to achieve compliance and patient trust without a heavy financial burden, ensuring operations remain profitable. Meets basic security requirements Helps businesses fulfill baseline regulatory requirements like PCI, GDPR, CCPA, or industryspecific standards, minimizing the risk of penalties or breaches. Managed Endpoint Detection and Response Provides immediate alerts on potential threats, ensuring that companies can promptly address vulnerabilities, thereby reducing the risk of business interruption and potential reputational damage. Enterprise Grade Multi-Factor Authentication Adds an essential layer of security, minimizing the risks of stolen or weak passwords. This is especially crucial for businesses where a single account compromise can lead to significant data breaches. Advanced Security, Encryption & Data Loss Prevention for Email/M365 Protects businesses from the constant threat of phishing attacks and ensures that sensitive communications remain confidential, preventing data leaks and unauthorized access. DNS-layer security Proactively blocks malicious websites and phishing domains, protecting employees from inadvertently accessing harmful content, a must-have for companies where online research and communication are core to operations. Best-In-Class user security, awareness & training, phish testing & dark web scanning Empowers employees with the knowledge to recognize and avoid cyber threats, reducing the chances of internal errors. Regular phishing testing ensures that this training is effective and up-to-date, while dark web scanning alerts businesses if their data appears on the black market. Basic Microsoft 365 SIEM (14d) Provides businesses with streamlined real-time threat monitoring within the familiar Microsoft 365 environment, safeguarding sensitive company data and helping to ensure uninterrupted operations. Advanced: All of the above plus* Comprehensive Managed SIEM and Cloud Protection (1y) *Replaces the Basic Microsoft 365 SIEM (14d) in Level 1 Provides businesses with year-long, unified monitoring of security events and in-depth threat analysis, ensuring that sensitive company data, both on-premises and in the cloud, remains shielded from evolving cyber threats. Holistic protection enhances operational efficiency, streamlines compliance efforts, and reduces vulnerabilities, giving businesses peace of mind in today's digital landscape This content is strictly for internal use and should not be shared with external audiences. | 12

Use Quizgecko on...
Browser
Browser