PARTNER HOW-TO

GUIDE FOR SECURITY

LIFECYCLE REVIEW
ENTER

Partner Marketing
from Palo Alto Networks

ER, HOW DO YOU DO THAT?...

Contents

1. How to use this partner how-to guide

2. What is a Security Lifecycle Review (SLR)?
3. As a partner, why should I run SLRs for my customers?
4. How do I run an SLR?
5. Copy blocks
6. Sample emails and landing page
7. Call script
FIND THE
SECTION
8. Cheat Sheet
YOU NEED...
9. Where can I find out more?
10. Appendix
 1. How to use this partner how-to guide
This how-to guide has been
specifically developed for
Palo Alto Networks partners,
to help you take our shared
messages to market.
...& USE THE
D... HOW-TO GUIDE!
It contains a whole host of (we hope!) useful information
including some sample marketing assets, plus files for
you to download and use. There is also a ‘cheat sheet’,
a sample call script for your sales team to use and links
to other pieces that you may find helpful. Plus there
are links to the partner portal and to Palo Alto Networks
branding guidelines.
Everything you need to run your own Security Lifecycle
Review campaign is here.
If there’s anything missing, or you need any help, please
contact your local Palo Alto Networks Channel Business
Manager, or email gtelford@paloaltonetworks.com
AH THATS
HOW I DO IT
 2. What is a Security Lifecycle Review (SLR)?

Complete application visibility and actionable

security intelligence
SPECIFICALLY, AN SLR WILL SHOW YOU:
A Security Lifecycle Review (SLR) is an essential tool
in helping your customers to understand their current
• Which applications are in use, and the
cybersecurity posture. What does that actually mean?
potential risks to exposure
It means that an SLR will clearly show where your • Specific details on ways adversaries
customers have potential risks on their network that are attempting to breach the network
could affect the security of their business.
• Comparison data for your customers’
The SLR will show you which applications are being used, organisations, versus that of their
including software-as-a-service, or SaaS applications industry peers
(also including any ‘shadow’ applications, that may not
have been authorised by the IT department). It will show • Key areas to focus on for reducing
URL traffic, content types and will catalogue all potential your customers’ risk exposure.
threats on the network – known and unknown - and those
linked to user behaviour.

MERS THAT UNDERTAKE AN SLR GO

A PALO ALTO NETWORKS SOLUTION
 1. • Compa
their
• Key a
3. As a partner, why should I run SLRs for my customers?

In 2013, Neiman Marcus suffered a data

1.
breach and as a result credit card data for
T Y P ES OF 350,000 customers was exposed. Of those
O
E O N LY TW AT HAVE accounts exposed, Neiman Marcus agreed
E AR TH
“THER IES: THOSE HOSE THAT that 9,200 of the accounts were later used in
AN T
COMP CKED, AND eller,
HA u “THERE ARE ONLYfraudulent
TWO TYPES OF activity.
BEEN .” - Robert Mctor, 2012
E e
WILL B FBI Dir
COMPANIES: THOSE THAT HAVE
These type of breaches are becoming more and more common
BEEN HACKED, AND THOSE THAT
as hackers focus on more targeted attacks. Ransomware is also
WILL BE.” - Robert Mueller,
becoming
FBI Director, more of a problem and some companies have been hit
2012
hard. We’ve seen massive problems such as operations being stopped
in the NHS because security systems have been held to ransom, or
massive power cuts due to hacks into utilities systems. Ransomware

0100110010
is no longer a nuisance, it threatens businesses and even lives.
When network security is breached, many companies scrabble
around for answers. Who’s to blame? What did they do? Will it

1011101010 happen again? But by then it’s often too late and the damage
can be devastating: as many as 60% of small and medium businesses
that experience a data breach go out of business after 6 months.

1010101101
0 00001001
01
 8 S
•

The introduction of two new pieces of EU Legislation –

the Network Information Security (NIS) Directive and General O
Data Protection Regulation (GDPR) – raises the bar on security T O M ER S T H A T U N D ER T A K E A N S LR G
OF CUS O NETWORKS SOLUTIO
N
requirements for all organisations that are in, or do business with,
B U Y A PA LO A LT
the EU. Key among the requirements is the need for ‘state of the art’ ON TO
security. There will also be a mandatory requirement to report
breaches which may damage the confidence in, and value of,
the affected company.
But avoiding a breach is always better than hunting for answers
afterwards. The best approach is to help your partners find out ANOTHER ADVANTAGE OF RUNNING AN SLR
where they’re at risk today — and to take action immediately. WITH YOUR CUSTOMER IS THAT IS HELPS
We find that more than 80% of customers that undertake an SLR TO DEMONSTRATE HOW WELL THE UPSELL
go on to buy a Palo Alto Networks solution. With one recent
OPPORTUNITY SUBSCRIPTIONS RUN AND THE
partner, after we’d helped their sales team understand the unique
benefits of an SLR, they went on to book 16 customer SLRs in the ADDED BENEFITS THEY CAN BRING FOR YOUR
same week! CUSTOMERS’ NETWORKS. THIS HELPS YOU
TO SELL MORE OF THE PALO ALTO NETWORKS
PLATFORM RIGHT FROM THE OUTSET.
4. How do I run an SLR?
The process really couldn’t be simpler. A Palo Alto Networks Next
Generation Firewall is installed on the customer’s network and sits
behind any existing network infrastructure passively monitoring the
network, collecting data and analysing threats. It offers complete
visibility of the traffic on the network and highlights any threats –
known and unknown – or potentially unsafe user behaviour on the
network.
If you’re interested in running an SLR with one of your clients,
then speak in the first case to your local Palo Alto Networks
Channel Business Manager who will be able to get the wheels
in motion.
If you’d like more details about the specifics of running an SLR,
you can access the resources detailed here:
Understand the value of SLR. View video
Access the Quick Start Guide
View a Sample Report
Get Better Visibility into Your Customer’s Network
This step-by-step guide allows you to generate a single SLR
across multiple next-generation firewalls with data from multiple
statistics files. The manual process should take approximately
10 minutes and is easy for partners to do. An automated solution
is on our roadmap.
Partner Marketing campaigns for SLRs
If you’d like to run a joint marketing campaign into your customer
database, we’re happy to help, too. We’ve got resources here
to help, including copy blocks and sample emails (with HTML
so you can pull the relevant sections into your own systems
and templates).
We can even push out emails for you and create landing pages for
your customers to download sample reports, or request an SLR
with you. Leads created as a result of joint marketing efforts will be
yours to follow up.
3 x HTML emails available - Header template -
HTML EMAIL 1 HTML HEADER
HTML EMAIL 2
HTML EMAIL 3
5. Copy block – for partners to use in your own marketing

100 words 50 words

The Palo Alto Networks Security Lifecycle Review (SLR) is The Palo Alto Networks Security Lifecycle Review (SLR)
a great way to get visibility of what is really happening is a great way to get visibility of what is really happening
on your network. It will show where you have potential on your network. It will show where you have potential
risks on your network that could affect your security. risks on your network that could affect your security and
help you identify what you can do to minimise them.
It will give you a full understanding of which
applications are being used, including any ‘shadow’
applications, that may not have been authorised by the
IT department. It will show URL traffic, content types,
and will catalogue all potential threats on the network
– known and unknown and those linked to user
behaviour. Best of all, it will give you recommendations
for dealing with the risks that are identified.

USE THIS
IN YOUR
ADVERTISING..
 6. Palo Alto Networks SLR Campaign

Landing pages The recommended content for the landing Put together by experts, your confidential
page is as follows: SLR report will show you:
You will have received the PSD file for the
Landing Pages
nding Pa
Labanner ges (below). Each item on the
graphic Claim your free Securityan Lifecycle
ner can eaReview
sily be Which
•  applications are in use,
nn er gra ph ic (be low). Each item on the b and the potential risks to exposure
banner can easily be hechanged
PSD file fousing
r t he the
ba here from [PARTNER NAME] and
You will have received the PSD file for the banner graphic (below). Each item on the banner can easily be
You will have received t
grouped layers.
d using the grouped Lay
ers .
changed using the grouped Layers. Palo Alto Networks Specific
•  details on ways adversaries are
change
When network security is breached, it’s attempting to breach your network
easy for people to point the finger of blame. Comparison
•  data for your organisation,
But avoiding a breach is always better than versus that of your industry peers
hunting for answers afterwards. So find out Actionable
•  intelligence - key areas you
where you’re most at risk now – and take can focus on immediately to reduce your
action immediately. risk exposure

Get a free Security Lifecycle Review (SLR) To arrange your free and confidential
from [PARTNER NAME] in collaboration Security Lifecycle Review, please submit
with Palo Alto Networks and find out what’s your details on the form below, which will
really happening with your network. also give you immediate access to a sample
report. Our team will then be in touch.

ollows:
me nd ed co nte nt for the landing page is as f
The recommended content for the landing page is as follows:
The rec om Alto Networks
Re vie w he re fro m [PA RTNER NAME] and Palo
y Lifecycle
Claim your free Security Lifecycle Review here from [PARTNER NAME] and Palo Alto Networks
Claim your free Securit oiding a
y f or pe op le to po int th e finger of blame. But av
s breached, it’s eas
When network security is breached, it’s easy for people to point the finger of blame. But avoiding a e most at risk now –
When network security i ds. So find of where you’r
 Email HTML
There are 3 different HTML templates
provided, each targeting different profiles: Are you doing everything you
can to avoid threats and Claim your Security
urity
It's better to avoid a sec
1. Early Stage/Awareness
Claim your Security Lifecycle Review -
breaches?
Lifecycle Review -
breach — than hunt for
without obligations
without obligations Have you got rules in place about who
To arrange your free and confidential Security Lifecycle Review, please submit your details on the form
excuses afterwards.
can use
what, and when?

2. Existing Prospect When network security is

breached, many Can you see threats coming in, even
from SaaS

below, which will also give you immediate access to a sample report. Our team will then be in touch. Do you have a clear view of
companies scrabble aroun
blame? What did they do?
d for answers. Who’s to
Will it happen again?
applications?
Do you know how many threats – known
and

3. Existing Customer too late and damage can be Claim your Security unknown are attacking your network?
But by then it’s often what’s happening on your Lifecycle Review -
devastating. As an existing customer, you already
Email HTML network? without obligations know you can
public sector trust us as a partner to be looking after
We’ve seen huge fines from your best

Each HTML will require small changes companies subject to data

breaches. For small and
medium size firms, the proble
ms can even be
Can you see exactly what’s happening on your
network at any given time?
interests. But things change all the time
cybersecurity, so make sure you, and
in
your systems

for use in your campaigns

nies that experience Do you know how many applications you’re are up to date and protected as fully as TELL ME HOW

There are 3 different HTML templates provided, each targeting different profiles:
terminal – over 60% of compa possible.
ss after 6 months. TELL ME HOW running, and who is using them?
a data loss go out of busine Find out what’s really happening with
your network
Do you know how many threats – known and
happening with your traffic. Get a free Security Lifecycle Review
So find out what’s really w unknown are attacking your network? (SLR).
Security Lifecycle Revie We run these in conjunction with Palo

– URL Changes
network traffic. Get a free Alto
1. Early Stage/Awareness (SLR). We run these in
conjunction with Palo Alto
Quadr ant leader and
Find out what’s really happening with your network
traffic. Get a free Security Lifecycle Review (SLR).
Networks, a Gartner Magic Quadrant
next generation security company who
leader and
Networks, a Gartner Magic g to maintain our lifestyles in the digital
are working
company who are workin
2. Existing Prospect
We run these in conjunction with Palo Alto
next generation security protect businesses like yours.
age and
in the digital age and
When you have created your landing page,
Networks, a Gartner Magic Quadrant leader and
to maintain our lifestyles TELL ME HOW
next generation security company who are working
protect businesses like yours.
3. Existing Customer
Partner Name
to maintain our lifestyles in the digital age and CLAIM YOUR FREE SLR

you need to add the links to the HTML.

Partner Name Partner Description
protect businesses like yours.
CLAIM YOUR FREE SLR Partner Description
We will give you a FREE report as part

To do this, search for “REPLACE LINK” in

of your
Each HTML will require small changes for use in your campaigns We will give you a FREE
report as part of your
you:
CLAIM YOUR FREE SLR review that will clearly show you:

review that will clearly show

the HTML and simply replace all with your We will give you a FREE report as part of your
review that will clearly show you:
• Which applications are in use, and the

- URL Changes in use, and the potential risks to exposure

• Which applications are Partner Name

own link.
• attemptin
Specific details on ways adversaries are
potential risks to exposure Partner Description g to breach your network
adversaries are • Comparison data for your organisat
• Specific details on ways • Which applications are in use, and the
when you have created your landing page, you need to add the links to the HTML. To do this,
ion,
rk
netwoisation
ting to breach your organ , potential risks to exposure versus that of your industry peers
Comparison data for your
• attemp SLR_email_3_existing _customers.html[26/09/
indust ry peers • Specific details on ways adversaries are • Actionable2016, 15:53:38]
intelligence - key areas you can
versus that of your

search for “REPLACE LINK” in the HTML and simply replace all with your own link.
• Actionable intelligence
15:51:58]
SLR_email_1.html[26/09/2016, focus on immediately to
- key areas you can
reduce your risk
attempting to breach your network
• Comparison data for your organisation,
focus on immediately to reduce your risk
exposure.
versus that of your industry peers
exposure.
• Actionable intelligence - key areas you can
focus on immediately to reduce your risk
exposure. Partner name
Partner name Partner description
Partner description SLR_email_2_existing _prospects.html[26/09/2016, 15:53:37]
Partner name
Partner description

Connect: Contact:
95054.
Connect:
© 2016 Palo Alto Networks, Inc. All Rights
Contact:

Reserved. 4401 Great America Parkway,

Parkway, Santa Clara, CA Santa Clara, CA 95054.

- Partner/Logo changes
d. 4401 Great America
s, Inc. All Rights Reserve Privacy Policy | Terms of Use | Subscribe
© 2016 Palo Alto Network Preferences Connect: Contact:
| Email Feedback | Email Preferences
Email Feedback | Email
of Use | Subscribe |
Privacy Policy | Terms www.paloaltonetworks.com
© 2016 Palo Alto Networks, Inc. All Rights Reserved. 4401 Great America Parkway, Santa Clara, CA 95054.

In the HTML There are 2 options for including information either about Palo Alto Networks or
om
www.paloaltonetworks.c
Privacy Policy | Terms of Use | Subscribe | Email Feedback | Email Preferences

www.paloaltonetworks.com

your own organization. These can be located in the HTML with Identifiers/notes. See below
 search for “REPLACE LINK” in the HTML and simply replace all with your own link.

Partner/Logo changes
It's better -to avoid a security Claim your Security
breach — than hunt for Lifecycle Review -
excuses afterwards.
– Partner/Logo In the HTML There are 2 options for including information either about Palo Alto Networks or
changes
without obligations
When network security is breached, many

In the HTML there your own organization. These can be located in the HTML with Identifiers/notes. See below
companies scrabble around for answers. Who’s to
are 2 options for including information either about Palo Alto Networks or your own organisation.
blame? What did they do? Will it happen again?

These can be located in the HTML with identifiers/notes. See below.

But by then it’s often too late and damage can be
devastating.

We’ve seen huge fines from public sector

companies subject to data breaches. For small and
medium size firms, the problems can even be
terminal – over 60% of companies that experience
a data loss go out of business after 6 months. TELL ME HOW
So find out what’s really happening with your
network traffic. Get a free Security Lifecycle Review
(SLR). We run these in conjunction with Palo Alto
Networks, a Gartner Magic Quadrant leader and
next generation security company who are working
to maintain our lifestyles in the digital age and
protect businesses like yours.
These sections can easily
be edited or removed.
Partner Name
CLAIM YOUR FREE SLR
Partner Description

We will give you a FREE report as part of your

review that will clearly show you:

• Which applications are in use, and the

potential risks to exposure
• Specific details on ways adversaries are
attempting todata
• Comparison breach your organisation,
for your network
versus that of your industry peers
• Actionable intelligence - key areas you can
SLR_email_1.html[26/09/2016, 15:51:58]
focus on immediately to reduce your risk
exposure.

Partner name
Partner description

– Legal Footer Connect: Contact:

The current legalThese sections can easily be edited or removed.

© 2016 Palo Alto Networks, Inc. All Rights Reserved. 4401 Great America Parkway, Santa Clara, CA 95054.

footer is specific to Palo Alto Networks. This needs to be changed to represent your own organisation.
Privacy Policy | Terms of Use | Subscribe | Email Feedback | Email Preferences

www.paloaltonetworks.com

- Legal Footer
The current legal footer is specific to Palo Alto Networks. This needs to be changes to represent
 Step 2: Open a new empty email in outlook >> Click “Attach File”

Sending Email in Outlook
Step 3: Locate the HTML or Plain Text file on your PC and change the “inse
Step1: Make your edits to the HTML and Save as an HTML or plain text file.
“Insert as Text”
Step 2: Open a new empty email in outlook >> Click “Attach File”
Step 3: Locate the HTML or Plain Text file on your PC and change the “insert” command to
“Insert as Text”
Sending Email in Outlook
Step1: Make your edits to the
HTML and Save as an
HTML or plain text file
Step 2: Open a new empty email in
outlook >> Click “Attach File” Step 4: You now have the email in an Outlook window and can send it to y

Step 3: Locate the HTML or
Plain Text file on your PC Step 4: You now have the email in an Outlook window and can send it to your contact.
and change the “Insert”
command to “Insert as Text”

Step 4: You now have the email in

an Outlook window and can
send it to your contact
7. Call script
See to the right a sample call script
your sales team can use to follow
up on the emails, and book SLR
appointments.
Don’t forget to contact your
Palo Alto Networks Channel
Business Manager
if you need any help!
Scenario: Known Qualifying Campaign
CONTACT THE LEAD
“ Hi may I speak with ____?” / “Hi is this ___?”
INTRODUCTION
“ Hey [contact name], my name is [caller’s name] and
I’m with [partner company name], how are you today?
(Answer)
“ Great that’s good to hear.”
Optional: Include personal quip about their product
“ I was reading about your company and you guys have
a great product”
“ I noticed your company was mentioned in XYZ article”
EASE INTO THE PITCH
“ So I’m touching base with you because we noticed that you
[qualifying lead]. So what got you interested in having a
Security Lifecycle Review?
(Answer)
Okay great.
Are you involved with network architecture/IT administration?”
“ We saw that you [qualifying campaign], have you had a chance
to see what the Security Lifecycle Review is all about?
(Answer)
Okay great. Are you involved with network architecture?”
“ We noticed you [qualifying campaign] and I was just calling to
see what you’re interest in the Security Lifecycle Review was.
(Answer)
Okay great. Are you involved with network architecture?”
SHORT PITCH
“ The Security Lifecycle Review (SLR) is a great
way to get visibility of what is really happening
on your network.
For example, it will clearly show where you may
have potential risks on your network that could
affect your security.
It will give you a full understanding of which
applications are being used, including any
‘shadow’ applications, that may not have been
authorised by the IT department. It will show
URL traffic, content types, and will catalogue all
potential threats on the network – known and
unknown and those linked to user behaviour.
Best of all, it will give you clear recommendations
for dealing with the risks that are identified.
Does that sounds of interest?”
Ask them for their role
CLOSING
“ Before I forget to ask, what is your role in the company?”
“ Are you the IT Manager in the company?” " I’ve got all the information that I need and I’ll
pass that along to the team.
Suggest an SLR
Did you have any other questions for me? "
“ Okay I see. If you’re available [time], I can have one of our
team contact you to arrange an SLR?” (Q/A)

Gauge their current plans and configuration " I’ll send over some more information and a
sample report, so keep an eye out for those. And
“ So with regards to your security infrastructure, what are you also, if anything comes up, feel free to give me a
looking to accomplish in the near future? call or shoot me an email.
(Explanation) /I have you down for a call/meeting on
What is the timeline for this project?
[date] at [time],
(Answer)
What are you currently using as a security solution? so we’ll see you then.
(Explanation)
Take care, have a great day.”
Okay I see…how large is your network?
(Answer)
How many users/how many branches?
(Answer)
What are some of your requirements?”
POSSIBLE QUESTIONS/ANSWERS
Why do I need this?
Previously, legacy firewalls were good for keeping networks
secure. A business could control traffic based on simply ports
and protocols and be okay. However, with current technology
and applications the way they are, this is no longer enough.
Applications can use evasive tactics such as port hopping,
tunneling, and SSL encryption to evade current detection
systems. Ransomware and the need to protect end points are
also extending the network and using a mix of legacy point
products doesn’t give you the overall view of your network that
you need.
How much is this?/I’m worried it will be too expensive.
It really depends on your network. Many of our current
customers initially started off with an SLR to see what their
current security measures are missing before moving to replace
their units. However, I know that we typically save our clients
about 65% in capital costs and 80% in operational costs.
I’m busy.
Okay, would it make more sense for me to call you back on
[date/time]?
I’m not interested.
Okay, well if you don’t mind me asking, what are your reasons?
I’ll go ahead and send you a sample report that you can look at in
your spare time. I’ll provide my contact information in case you
have any questions or comments. Thank you for your
time [name].
It’s not in my budget.
If we found any compelling security holes in your network,
would you consider working this into your budget for the
next time you allocate resources to your security infrastructure?
Also, because of the technology we invented, we are able
to dramatically reduce network sprawl in companies.
We typically save our clients 65% in capital costs and 80%
in operational costs.
I have no problems with my security.
Unfortunately, traditional security systems and firewalls cannot
see what they’re not looking for. Security systems implement
a negative security model, where firewalls allow everything
and block known applications. At Palo Alto Networks, we have
flipped this over in our firewalls; we use a positive enforcement
model where we deny everything by default (so that unknown
applications will not get through) and allow applications
specifically identified by the administrator.
Having an SLR will not cost anything and you are under no
obligation at all. You’ll get a detailed report showing all
your network traffic, highlighting volumes, potential risks
and threats – both known and unknown and we can
leave this with you.
8. SLR Cheat Sheet

Find out what’s going on 30 Second Pitch

The Security Lifecycle Review (SLR) is a great way
with your network with a to get visibility of what is really happening on your
Security Lifecycle Review. network. For example, it will clearly show where
you may have potential risks on your network that
could affect your security.
It will give you a full understanding of which
applications are being used, including any ‘shadow’
applications that may not have been authorised
by the IT department. It will show URL traffic and
content types, and will catalogue all potential
threats on the network – known and unknown and
those linked to user behaviour. Best of all, it will
give you clear recommendations for dealing with
the risks that are identified.
 Why should your client consider an SLR?
What will the SLR tell me?
Security is changing all the time – new threats are
• Whichapplications are in use, and the potential risks
identified and soon the law will be changing to mean
to exposure
that breaches will have to be reported.
• Specific
details on ways adversaries are attempting to
Find out now the risks that may exist on your network
breach your network
and where choosing different point products could be
leaving you vulnerable. Get a detailed, free report from Comparison
•  data for your organisation, versus that of
across your network highlighting known and unknown your industry peers
threats and recommendations for minimising them. Actionable
•  intelligence - key areas you can focus on
immediately to reduce your risk exposure

What will happen?

Working with our security partners, Palo Alto Networks,
a recognised Gartner Magic Quadrant leader, we will
attach a passive device to your network, which How do I arrange an SLR?
will simply monitor the network traffic for a short
Contact your Palo Alto Networks Channel Business
period – usually 1-2 weeks. This won’t interfere in
Manager who can help you arrange an SLR for your partner.
any way with your network and applications, but will
allow us to prepare a detailed report for you, showing
you all the potential risks from threats, ransomware
and even employee behaviour that could be opening
the network to risks – such as downloading
unauthorised applications.
9. Where can I find out more?

Contact your local Palo Alto Network Channel

Business Manager, or the Next Wave Partner
team on nextwave@paloaltonetworks.com

ER, HOW DO YOU DO THAT?...

10. Appendix
Here are some links to other resources that you may find helpful:
Palo Alto
•  Networks branding guidelines
– https://www.paloaltonetworks.com/partners/nextwave-partner-
portal/help-me-market
3
x HTML emails available–
• 
HTML EMAIL 1
HTML EMAIL 2
HTML EMAIL 3
HTML HEADER
Link
•  to SLR video
– https://www.paloaltonetworks.com/resources/videos/slr
View
•  a sample report
– https://www.paloaltonetworks.com/content/dam/pan/en_US/
partners/training/SLR_example.pdf
View
•  the quick start guide (more technical information)
– https://www.paloaltonetworks.com/content/dam/pan/en_US/
partners/training/slr-partner-guide.pdf
Find
•  out more from the step-by-step guide (technical)
– https://www.paloaltonetworks.com/content/dam/pan/en_US/
partners/marketing/docs/ slr-merging-multiple-statsdump.pdf