Vericept CVSA Training

1
Certified Vericept Sales Architect CVSA Sales
Certification Training
Ken Totura Vericept Corporation
1Q 2005
www.vericept.com
2
Why We Are Here Today

• Internet Security / Privacy Market is Hot! (IDC)
• 15 growth rate by 2005 which translates into
  more than 118b by 2007
• Worldwide spending will grow twice as fast as IT
  overall
• 40 of IT managers saw security as their top IT
  budget priority
• Risk Management is Even Hotter
• FTC 10 million victims of Identity Theft in
  2003 costing 47b
• KPMG -60 of companies being victimized by
  employee fraud
• IDC Over one-third of the financial or data
  loss incidents involved insiders
• PWC Companies view Security as a strategic
  enabler
• Vericept is a Wildly Unique Solution
• Differentiate yourself from your competitors
• Customer escalation CxO
• Customer acquisition Beachhead
• Tremendous margins

3
Agenda

• Section I The Problem and Solution
• Section II Business Risk Drivers
• Section III Vericept Sales Cycle
• Section IV Vericept Products are Called
  Solutions
• Section V Partner Resource Center
• Section VI Vericept Corporation
• Section VII Best Practices
• Certified Vericept Sales Architect
  Congratulations!

4
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

5
What Keeps These Folks Up At Night?

• Board of Directors
• Chief Executive Officer
• President Chief Operating Officer
• Chief Financial Officer
• Chief Information Security Officer (Compliance
  Officer)

• Chief Information Officer
• VP of Sales
• VP of Marketing
• VP of Legal
• VP of Human Resources

6
Would You Immediately Know If

• A trusted employee pasted confidential
  acquisition information into a webmail message
  and sent it to your competitor?
• An employee downloaded hacker tools to their work
  computer with the intention of stealing your
  customers private data?
• An employee posted your confidential executive
  communications or financial data on
  www.internalmemos.com or some other internet
  posting site like Yahoo Finance?
• An employee is using a P2P client and is
  inadvertently exposing your proprietary
  information to millions of other P2P users?

7
The Problem

• Lack of EFFECTIVE VISIBILITY to confidential and
  inappropriate content flowing across the network.
  The risk and results can be significant

• Information Loss
• Company Intellectual Property, RD, Customer
  Lists, source codeCorp. Espionage
• Customer Information SSN, credit card number,
  mothers maiden nameID Theft
• Non-Compliance
• GLBA, HIPAA, CA 1386 protecting customer
  privacy
• Sarbanes-Oxley protecting investors, corporate
  ethical responsibility
• Abuse of Internet Usage
• Productivity employees and contractors surfing
  the web for hours and hours
• Legal Liability sexual harassment, workplace
  violence, wrongful termination
• Insider IT System Mischief/Hacking
• Sabotage and Hacking viruses, worms, exploits
• (leading to) Theft keyloggers, unauthorized
  access
• System Downtime troubleshooting and fixing
  problems

8
Where is the Exposure and Risk?

• Email and Web-based mail
• Instant Messaging
• Internet Postings
• FTP
• Peer-to-Peer ( i.e. KaZaA and Limewire)
• Chat rooms
• Attachments
• Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
10
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information (eNPI) Social
Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis

• Goes far beyond keyword searches by reading
  content and understanding the context of the
  communication
• Can catch the more subtle risky communication
  that other technologies miss
• Almost 60 predefined categories leverage the
  intelligence platform, flag and classify various
  types of content traveling into, out of and
  across a network
• Works immediately out of the box, requiring no
  lengthy data definition exercises or expensive
  development efforts
• How it works
• Content looks at the text of the communication,
  effectively reading it
• Context looks at the communication format to
  understand the meaning of the text
• Structure looks at the communication type,
  whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters

• Leverages Vericepts Extended Regular Expressions
  which have been optimized by Vericept Labs
• Combines power of intelligence with keyword
  driven matches to enable more effective
  identification of risks to an enterprise

14
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting

• Passively monitors the content of ALL internet
  traffic
• Includes web, web-mail, email, chat, instant
  messaging, peer-to-peer file sharing, telnet,
  ftp, postings and more...
• Intelligently analyzes and identifies ONLY the
  pertinent content at risk
• Provides detailed content capture,
  proof-positive evidence
• Identity Match ties inappropriate activity and
  content to the user
• Provides detailed information delivery and
  reporting
• Ability to perform same intelligent analysis on
  stored data

15
Vericept Value and Benefits

• Prevents Information Loss, Identity Theft and
  Corporate Espionage
• Enables regulatory compliance
• - Sarbanes Oxley
• - GLBA
• Reduces liability associated with inappropriate
  use
• Identifies rogue protocol usage
• Stops unproductive and unethical internet use
• Provides never before seen visibility to
  enterprise risk
• Compelling ROI and low TCO
• Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
16
Approximately 600 customers trust Vericept
.over 1,500,000 workstations being monitored!
Healthcare and Pharma
Financial
Utilities
Comm. Svcs
Retail and Manufacturing
Government and Education
17
Award-Winning Technology

• Reflects technical excellence, professional
  achievement and the important role that
  information security professionals play in
  helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
18
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS

• Information Privacy, Compliance, Productivity
  Reputation

19
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
20
Vericept Drivers
Internally Driven Policies Information Controls

• Executive communications
• Marketing plans
• Merger and Acquisition activity
• Research and development
• Patents and trade secrets
• Customer lists
• Employee information (SSN, compensation)
• and the list goes on

21
Vericept Drivers
Internally Driven Policies Acceptable Use

• Internet use
• Corporate email use
• Instant Messaging use
• Peer-to-Peer use
• Appropriate content (or inappropriate)
• Safe work or school environments (free from
  violence, hostility and harassment)

22
Vericept Drivers
Externally Driven Policies Compliance

• HIPAA Security Rule
• Gramm-Leach-Bliley
• Sarbanes-Oxley
• California Senate Bill 1386
• USA Patriot Act
• Childrens Internet Protection Act
• Over 300 pieces of pending Privacy legislation

23
Vericept Protecting Your Information and
Reputation

• Health Insurance Portability Accountability
  ActHIPAA

24
Health Insurance Portability Accountability Act
of 1996

• SEC. 261. PURPOSE.
• It is the purpose of this subtitle to improve
  the Medicare program under title XVIII of the
  Social Security Act, the medicaid program under
  title XIX of such Act, and the efficiency and
  effectiveness of the health care system, by
  encouraging the development of a health
  information system through the establishment of
  standards and requirements for the electronic
  transmission of certain health information.

25
HIPAA The Five Basic Principles

• Consumer Control The regulation provides
  consumers with critical new rights to control the
  release of their medical information. 
• Boundaries With few exceptions, an individual's
  health care information should be used for health
  purposes only, including treatment and payment. 
  
• Accountability Under HIPAA, for the first time,
  there will be specific federal penalties if a
  patient's right to privacy is violated. 
• Public Responsibility The new standards reflect
  the need to balance privacy protections with the
  public responsibility to support such national
  priorities as protecting public health,
  conducting medical research, improving the
  quality of care, and fighting health care fraud
  and abuse.
• Security It is the responsibility of
  organizations that are entrusted with health
  information to protect it against deliberate or
  inadvertent misuse or disclosure.

26
Vericept Protecting Your Information and
Reputation

• Sarbanes Oxley

27
Sarbanes-Oxley Requirements

• Antifraud Programs and Controls
• Fraud risk assessment (Section 103)
• CEO and CFO Certification
• Disclosure of controls and procedures (Section
  302)
• Managements Annual Assessment Report
• Assessment of Internal Controls over Financial
  Reporting (Section 404)
• Code of Conduct and Ethics
• Ensuring adherence to Code (Section 406)
• Managing and Strengthening Internal Controls
• Provides a continuous monitoring mechanism to
  satisfy and enforce Internal Control requirements

28
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
29
Vericept Protecting Your Information and
Reputation

• Gramm-Leach-Bliley
• Financial Modernization Act of 1999
• (GLBA)

30
GLBA Data Protection Requirements -

• Mandate that financial institutions protect the
  security and confidentiality of customers'
  non-public personal information and institute
  appropriate administrative, technical, and
  physical safeguards to accomplish this
  requirement.
• Requires covered institutions to protect against
  any anticipated threats or hazards to the
  security or integrity of customer records
• and to protect against unauthorized access to or
  use of records or information which could result
  in substantial harm or inconvenience to any
  customer.

31
How Vericept Enables GLBA Compliance

• FFIEC Handbook Safeguards
• Risk Assessment
• Continuous, formal process
• Security Controls Implementation
• Controls to protect against malicious code
• Personnel security / authorized use
• Logging and data collection
• Monitoring and Updating
• Continuously analyze threats
• Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
32
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks.  Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
33
Vericept Protecting Your Information and
Reputation

• California
• Senate Bill 1386
• July 1, 2003

34
SB 1386 Requirements

• What it is?
• Mandate requiring public disclosure of
  computer-security breaches in which confidential
  information of ANY California resident MAY have
  been compromised
• Who is affected?
• The law covers every enterprise, public or
  private, doing business with California
  residents.
• "Personal Information" means an individual's
  first name or first initial and last name in
  combination with any one or more of the following
  non-encrypted data elements
• Social Security Number
• California Driver's License Number or California
  Identification Card Number
• Account number, credit or debit card number, in
  combo with security code, access code, or
  password that would permit access to an
  individual's financial account

35
CA SB 1386 Requirements

• Mandated Action
• Companies must warn California customers of
  security holes in their corporate computer
  networks
• When a business discovers that confidentiality
  has or may have been breached it must notify the
  customers
• If the business is unsure which customers have
  been affected, it must notify ALL customers of
  the breach. Obviously this is both an expensive
  and embarrassing event.

• Impact
• Burden is on to notify any, and all possible,
  effected consumers. If you cant identify which
  ones, you must go public
• Significant CMPs (civil money penalties) are at
  risk

36
Vericept Protecting Your Information and
Reputation

• Fraud and Identity Theft

37
Fraud and Identity Theft

• Over 9.9 million Americans Were Victims
• Thats 4.6 of the population
• One third from new accounts, two thirds from
  existing accounts
• Average loss - 4,800 per victim
• Businesses Lost 47.6 Billion
• 32.9 billion attributable to new accounts opened
  by unauthorized users
• 14 billion attributable to existing account
  misuse by unauthorized users
• 25 per card the cost of canceling and issuing
  a new credit card
• When victims lost 5,000 or more, 81 told
  someone else this behavior places the companys
  reputation at risk!!

38
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
39
Vericept Protecting your Information and
Reputation
Section III VERICEPT SALES CYCLE
40
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE

• Call Scripts
• Referrals

• Online Demo
• Initial
• Exposure
• Assessment
• Implement. Expectations

• PO
• SLA
• Move to Implement.

• Secondary
• EA Present.
• SLA Review
• Proposal
• SOW
• Implement. Plan

VERICEPTSALES TOOLS
41
Vericept Sales Cycle
Create Interest

• CREATE INTEREST
• Research your prospect
• Identify corporate mission, company positioning,
  key players, financials, recent news, Code of
  Conduct, etc.
• Contact Prospect at Business Decision-Maker Level
  - (e.g., CIO, Compliance, HR, Finance, Internal
  Audit, etc.)
• Understand what they are responsible for and then
  link Vericept benefit to them
• Business Decision Makers

• Chief Financial Officer
• CSO / CISO
• Chief Information Officer
• Chief Ethics Officer
• Corporate Compliance Officer

• Chief Risk Officer
• VP of HR
• Corporate Governance Officer
• Legal / Corporate Counsel
• Chief Privacy Officer

• Director of Security
• Head of Marketing
• CEO
• Internal Audit

42
Elevator Pitch

• Vericept Corporation is the leading provider of
  enterprise risk management solutions enabling
  corporations, government agencies and education
  institutions to manage and dramatically reduce
  insider risk.
• Vericept provides immediate visibility to
  multiple forms of business risk including
  regulation compliance violations, corporate
  governance concerns, internal policy infractions,
  information leaks, and unacceptable internet use.
  Based on the patented advanced linguistics
  engine, the Vericept Solutions analyze all
  content of inbound and outbound internet traffic
  using pre-defined categories, enabling companies
  to instantly identify and terminate any activity
  falling outside of an organizations predefined
  acceptable use policy.
• Vericepts innovative solutions prevent losses
  to valuable information assets and protect the
  organization Brand and reputation.

43
Vericept Sales Cycle
Qualification

• QUALIFICATION The Initial Hook
• Flesh out their current security infrastructure
• Flesh out their acceptable use policies
• Would You Know If Questions
• Share customer anecdotes
• Present Vericept Corporate Overview and Online
  Demo
• Commit to next step (meet with other
  stakeholders, Exposure Assessment, etc)
• QUALIFICATION Understand the Procurement
  Process
• Learn typical procurement process
• Determine availability of funds
• Determine appropriation of funds (especially for
  out-of-budget purchases)
• Identify the titles and names of those affecting
  the purchasing process
• If youre pressured to deliver pricing prior to
  the EA or proposal give them budget and
  planning numbers of 20 to 30 per workstation
  annually.

44
Vericept Protecting Your Information and
Reputation
Qualification

• The Online Demo
• Actual Logs - just anonymized

45
Vericept Sales Cycle
Qualification

• QUALIFICATION Reference Trial Close
• The Demo you have just seen reflects the manner
  in which the solution would be used and the types
  of information that would be captured if the
  solution were installed on your network. Based
  upon your feedback, it sounds like this has a
  clear and valuable fit in your environment. We
  have the ability to deliver the solution in a
  manner that can be recognized either as an
  Operating Expense or Capital Expense. Which
  would better fit with your budget and financial
  structure?
• Contact your Vericept Channel Sales Manager (CSM)
• Share Customer Anecdotes, Case Studies and
  Analyst Quotes
• References Online
• Broker a concall between the two parties

46
Vericept Sales Cycle
Qualification

• QUALIFICATION Exposure Assessment Trial Close
• We have a program we refer to as the Exposure
  Assessment. This Program provides a 7 day snap
  shot of activity on your network and the various
  points of business risk tied to inappropriate
  network use and abuse. We install a Vericept
  device on your network, let it run for 7 days
  then present the results of our findings in the
  form of an Executive Presentation. Typically the
  Exposure Assessment is priced at 20,000.
  However, as the program has evolved, at times
  waive that fee provided your organization is
  committed to gaining the executive level buy-in
  on the program. This is done by confirming the
  key stake-holders attend the Executive
  Presentation. The reason for this request comes
  from our desire to ensure were not wasting your
  time or ours. Frankly, in the past we have had
  some organizations that have learned, only after
  performing an EA that they are not prepared to
  address the issues and risks that were discovered
  during the assessment. Usually, the key stake
  holders are the executives responsible for
  Compliance, HR, IT and Legal. Do you have
  separate individuals responsible for these
  functional areas? Would those individuals be of
  a mindset to address these issues?
• If yes, send the EA Agreement and require them to
  get it signed by the individual that would
  ultimately have purchasing authority should they
  decide to purchase the Vericept solution.

47
Vericept Sales Cycle
Qualification

• QUALIFICATION Exposure Assessment Trial Close
• Pull Exposure Assessment Agreement from
  www.vericept.com and get it signed by customer
  (decision-maker)
• Set Exposure Assessment best practices
  expectations
• Provide Network Configuration Diagram Worksheet
• Proactively secure the EA installation
  presentation dates key contacts
• Present a quick, but compelling, EA presentation.
  Follow the proven Vericept format discuss the
  deployment process (not as overwhelming as they
  assume).
• IMPLEMENTATION METHODOLOGY
• Set Implementation Expectations
• Scope to be fully defined in the final proposal
  to your customer

48
Qualification
Implementation Methodology
Phase I
Phase II
Phase III

Initial Assessment and Sale
Discovery
Build, Install and Test
Phase IV
Phase V
Post Implementation Review
Implementation and Support
49
Vericept Sales Cycle
Conviction

• CONVICTION Secondary EA Presentation
• If all stake holders are not present for the
  Initial EA Presentation, the customer usually
  conducts a secondary EA presentation to
  additional decision-makers, stakeholders and
  budget committees.
• Offer to present to the secondary decision-makers
  (not unusual to be declined because generally
  additional action items are discussed during
  those meetings that dont involve Vericept).
• Do insist on helping the champion develop
  his/hers Vericept presentation
• Provide EA Presentation or shorter version
• Provide role-play assistance
• Provide additional documents, white-papers, or
  references to solidify the decision and budget.
• Help them find the budget dollars to buy now.
• Express a willingness and capability to get
  creative with the financing of the solution if
  you think there may be budget issues.
• Secure a date and time you will follow up with
  the champion (typically the day after their
  internal meeting)

50
Vericept Sales Cycle
Conviction

• CONVICTION Deliver Proposal
• Deliver a Quote, Proposal or Statement of Work
  put something in front of the customer for them
  to say yes to.
• Include the full complement of Vericept Solutions
• Info Privacy protects your valuable information
• Acceptable Use addresses employee productivity
  and reputation risk management
• Preventative Security capture the internal
  hackers
• Stored Data data-at-rest
• Custom Search Parameters the tool to customize
  Vericept
• Never line item the pricing include all modules
  with one aggregate investment price.
• Be sure to include the points of pain
  identified early on and the cost associated with
  them
• Include detailed solution implementation plan
  (Statement of Work)
• Follow up, follow up, follow up

51
Vericept Sales Cycle
Conviction

• CONVICTION Software License Agreement
• Deliver the SLA as early as possible for the
  Customer to expedite the legal review process
• Make the SLA review a non-event. It is just
  standard software licensing language
• Pull the latest version from www.vericept.com
• Engage your Channel Sales Manager to field 100
  of the questions and proposed red-line. Under no
  circumstance should our CVSP negotiate verbiage
  changes to the SLA!
• Get signature on the SLA or online approval for
  the electronic version

52
Vericept Sales Cycle
Close

• CLOSE The Win
• The deal is booked when two things happen
• Vericept receives a valid Purchase Order from the
  CVSP or Distributor and
• Vericept receives the signed Software License
  Agreement (either hardcopy or electronic)
• CONGRATULATIONS youve now delivered a true
  solution that will positively impact the senior
  members of your Customer. You will now be
  elevated to a trusted advisor level in their eyes
  (if you werent there already).
• Move to Implementation

53
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
54
Our Piece of the Pie
Security MarketLandscape
3.3 Billion (2008) Messaging Security -
1.7B SCM Appliance - 1.6B
VericeptMarketOpportunity
SecureContentMonitoringMarket
7.5 Billion (2008)
Internet SecurityPrivacy Market
16 Billion (2008)
IDC Estimates (April, 2004)
55
Gartners Hype Cycle
Vericept
56
Vericept Solutions System Requirements

• Dedicated Appliance
• Intel-compatible processor
• 3 GHz minimum processing speed
• 2 GB RAM
• 120 GB Hard drive or larger
• 2 network interface cards (NICs)
• CD-ROM drive
• Floppy disk drive
• Operating System
• Red Hat Enterprise Linux (RHEL) version 3.0 WS

57
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
58
Vericept Distributed Deployment
59
Vericept Distributed Deployment cont.
60
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
61
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
62
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
(eNPI) Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
63
Vericept Pricing Strategy

• 3 year term - paid up front (software
  maintenance included)
• Perpetual License (software maintenance 20)
• Pricing volume discount based on number of
  users
• Minimum deal size priced at 250 users
• VSP or Vericept can source hardware
• Work passionately to maintain the List Price!
• Price List updated quarterly

64
Training Exercise

• CASE STUDY You have called on the Chief
  Information Security Officer of a major hospital
  group. Youve learned that she is very concerned
  about protecting protected health information and
  HIPAA is a constant board-level topic. In
  addition, her VP of Human Resources asked her if
  she was aware of any technology to track
  employees who visit unauthorized websites. Their
  network is comprised of 1,100 workstations but
  1,900 users.
• What Vericept Solutions would you recommend?
  Which solutions would address which problems?
• What is the price of the proposed solutions?
• What else beside software should be factored into
  your proposal?

65
Vericept Protecting your Information and
Reputation
Section V PARTNER RESOURCE CENTER
66
Partner Resource Center www.vericept.com
67
Vericept Solutions Online Demos
68
References Online
69
Sample Policy Concerns and Solution Mapping
70
Sample Policy Concerns and Solutions Mapping
(cont.)
71
(No Transcript)
72
Vericept Protecting Your Information and
Reputation
Section V VERICEPT CORPORATION

73
Vericept Background

• Founded in 1999 Denver, Colorado
• Award-winning, patent-pending (5) technology
• Seasoned Management Team Approximately 65
  Outstanding Personnel
• Financial backers Sigma Venture Partners,
  William Blair Venture Capital, Sequel Venture
  Partners, Visa International
• Industries financial services, healthcare,
  retail, manufacturing, government, education,
  pharma, telecommunications, energy
• Approximately 600 customers trust Vericept over
  1.5M workstations being monitored

74
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
75
Vericept Sales Strategy

• Direct Accessible Markets
• Enterprise 500m
• Hospitals 4b
• Federal Government

• VSP Accessible Markets
• SME
• Hospitals
• State Local Government
• Education

Direct Sales
Solutions Partners
Distributors
76
Vericept Solutions Partner Program VSPs

• VISIONTo be the standard in which our partners
  measure their other vendors.
• MISSIONCreate a global ecosystem of solution
  partners who leverage the unique capabilities of
  Vericept solutions to create new customers and
  organically grow existing customers in a
  profitable and mutually beneficial manner.
• VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
  revenue in each region.

77
Vericept Solution Partner Program VSPs

• Certified Vericept Solution Partner Requirements
• Certified Vericept Solutions Architect
• Certified Vericept Sales Engineer
• Self-Sufficient Through Entire Sales Process
  (conduct EAs)
• Relentlessly pursue customers defined in the VSP
  Accessible Markets
• Generate at Least 500k in Vericept revenue to
  CVSP
• VSP Accessible Market (as defined by Hoovers
  Online)
• SMEs annual revenue
• Education (K-12 and higher-ed)
• State Local Government
• Standalone Hospitals Hospital Groups in annual revenue
• CSMs have the named account list

78
Lead Referral Program

• For Customers Outside of the Scope of the VSP
  Accessible Markets
• Principles of Engagement
• Submit a completed VSP Lead Qualification Form
• One VSP Lead Qualification Form per Customer
  transaction.
• Vericept controls the sales process from the
  moment the VSP Lead Referral Qualification Form
  is approved in writing.
• Vericept, as a best practice, will incorporate
  the CVSPs service delivery team to the extent it
  has the certification, experience, and desire.
• Referral fee is only applicable to the Vericept
  software portion of the transaction.
• One referral payment per VSP Lead Qualification
  Form.

79
(No Transcript)
80
Market Landscape
TIER 1 Content Monitoring

• Direct competitors

TIER 2 Employee Internet Management / Messaging

• Not directly competitive
• Potential partners

Compliance
TIER 3 Network Security / Forensics

• Not competitive
• Sometimes asked about

81

• Vericept Differentiators Why Vericept?
• Differentiator 1 Its all about what you
  DONT know
• Differentiator 2 Vericept identifies sensitive
  content in unstructured formats
• Differentiator 3 Linguistic Analysis Engine
• Differentiator 4 Vericept monitors all TCP/IP
  traffic
• Differentiator 5 Vericept monitors both
  incoming and outgoing traffic
• Differentiator 6 Low Total Cost of Ownership
• Differentiator 7 Preventive Security
• Differentiator 8 Stored Data Analyzer
• Differentiator 9 Partners, Customers, Customer
  Quotes 3rd party validation
• Differentiator 10 We will work just as hard
  to keep you as a customer as we will to make you
  a customer

82
Vericept Protecting Your Information and
Reputation
Section VII BEST PRACTICES

83
Best Practices

• Target the industry verticals
• Healthcare, Education, Finance
• Any one with information and a reputation to
  protect
• This is a strategic business decision not an
  IT decision
• But remember IT is a critical stakeholder
• The economic decision-maker is usually a CIO,
  CFO, and or CEO
• Critical coaches include Compliance Officer,
  Director of Security, VP of Human Resources,
  Internal Audit, etc.
• Sales Math (per month) 12 leads (3/wk) 3
  EAs 1 Win

84
Best Practices

• Selling Vericept Requires
• Focus, focus, focus persistence, persistence,
  persistence
• But know when to fish or cut bait
• Consultative Selling because this is a solution
  not a product sale
• Leverage the proven best practices, resources,
  and your Channel Sales Manager
• Forecasting (yes forecasting and heres why)
• Your Channel Sales Manager can proactively engage
  resources to expedite the sales process
  (themselves, Vericept Executives, key Customer
  References, etc.)
• Reduces channel conflict because your Channel
  Sales Manager will only go on account calls with
  one CVSP. Race goes to the swiftest.
• Vericept leads get distributed to those who focus
  on Vericept the most and forecast diligently.
• Because your Channel Sales Manager has to
  forecast to Vericept each and every week!!

85
The Best Best Practice

• STRIKE WHEN THE IRON IS HOT
• Especially after the initial Exposure Assessment
  presentation
• If the sales process is not moving forward then
  it is moving backwards.
• Our most successful Partners have learned that
  lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
86
Youre Not the Only One Who Believes in Vericept!

• Partnering to combat Fraud and Identity Theft
• Vericept is the only Content Monitoring Partner
  within Visas exclusive Strategic Alliances
  Program
• Strategic discussions and planning underway to
  develop initiatives for managing information risk
• www.visa.com/sai

87
Award-Winning Technology

• Reflects technical excellence, professional
  achievement and the important role that
  information security professionals play in
  helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
88
Vericept Protecting your Information and
Reputation
THANK YOU VERY MUCH

• CONGRATULATIONS Youre a CVSA!