Vericept CVSA Training - PowerPoint PPT Presentation


Title: Vericept CVSA Training


1
Certified Vericept Sales Architect CVSA Sales
Certification Training
Ken Totura Vericept Corporation
1Q 2005
www.vericept.com
2
Why We Are Here Today
  • Internet Security / Privacy Market is Hot! (IDC)
  • 15 growth rate by 2005 which translates into
    more than 118b by 2007
  • Worldwide spending will grow twice as fast as IT
    overall
  • 40 of IT managers saw security as their top IT
    budget priority
  • Risk Management is Even Hotter
  • FTC 10 million victims of Identity Theft in
    2003 costing 47b
  • KPMG -60 of companies being victimized by
    employee fraud
  • IDC Over one-third of the financial or data
    loss incidents involved insiders
  • PWC Companies view Security as a strategic
    enabler
  • Vericept is a Wildly Unique Solution
  • Differentiate yourself from your competitors
  • Customer escalation CxO
  • Customer acquisition Beachhead
  • Tremendous margins

3
Agenda
  • Section I The Problem and Solution
  • Section II Business Risk Drivers
  • Section III Vericept Sales Cycle
  • Section IV Vericept Products are Called
    Solutions
  • Section V Partner Resource Center
  • Section VI Vericept Corporation
  • Section VII Best Practices
  • Certified Vericept Sales Architect
    Congratulations!

4
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

5
What Keeps These Folks Up At Night?
  • Board of Directors
  • Chief Executive Officer
  • President Chief Operating Officer
  • Chief Financial Officer
  • Chief Information Security Officer (Compliance
    Officer)
  • Chief Information Officer
  • VP of Sales
  • VP of Marketing
  • VP of Legal
  • VP of Human Resources

6
Would You Immediately Know If
  • A trusted employee pasted confidential
    acquisition information into a webmail message
    and sent it to your competitor?
  • An employee downloaded hacker tools to their work
    computer with the intention of stealing your
    customers private data?
  • An employee posted your confidential executive
    communications or financial data on
    www.internalmemos.com or some other internet
    posting site like Yahoo Finance?
  • An employee is using a P2P client and is
    inadvertently exposing your proprietary
    information to millions of other P2P users?

7
The Problem
  • Lack of EFFECTIVE VISIBILITY to confidential and
    inappropriate content flowing across the network.
    The risk and results can be significant
  • Information Loss
  • Company Intellectual Property, RD, Customer
    Lists, source codeCorp. Espionage
  • Customer Information SSN, credit card number,
    mothers maiden nameID Theft
  • Non-Compliance
  • GLBA, HIPAA, CA 1386 protecting customer
    privacy
  • Sarbanes-Oxley protecting investors, corporate
    ethical responsibility
  • Abuse of Internet Usage
  • Productivity employees and contractors surfing
    the web for hours and hours
  • Legal Liability sexual harassment, workplace
    violence, wrongful termination
  • Insider IT System Mischief/Hacking
  • Sabotage and Hacking viruses, worms, exploits
  • (leading to) Theft keyloggers, unauthorized
    access
  • System Downtime troubleshooting and fixing
    problems

8
Where is the Exposure and Risk?
  • Email and Web-based mail
  • Instant Messaging
  • Internet Postings
  • FTP
  • Peer-to-Peer ( i.e. KaZaA and Limewire)
  • Chat rooms
  • Attachments
  • Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
10
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information (eNPI) Social
Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis
  • Goes far beyond keyword searches by reading
    content and understanding the context of the
    communication
  • Can catch the more subtle risky communication
    that other technologies miss
  • Almost 60 predefined categories leverage the
    intelligence platform, flag and classify various
    types of content traveling into, out of and
    across a network
  • Works immediately out of the box, requiring no
    lengthy data definition exercises or expensive
    development efforts
  • How it works
  • Content looks at the text of the communication,
    effectively reading it
  • Context looks at the communication format to
    understand the meaning of the text
  • Structure looks at the communication type,
    whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters
  • Leverages Vericepts Extended Regular Expressions
    which have been optimized by Vericept Labs
  • Combines power of intelligence with keyword
    driven matches to enable more effective
    identification of risks to an enterprise

14
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting
  • Passively monitors the content of ALL internet
    traffic
  • Includes web, web-mail, email, chat, instant
    messaging, peer-to-peer file sharing, telnet,
    ftp, postings and more...
  • Intelligently analyzes and identifies ONLY the
    pertinent content at risk
  • Provides detailed content capture,
    proof-positive evidence
  • Identity Match ties inappropriate activity and
    content to the user
  • Provides detailed information delivery and
    reporting
  • Ability to perform same intelligent analysis on
    stored data

15
Vericept Value and Benefits
  • Prevents Information Loss, Identity Theft and
    Corporate Espionage
  • Enables regulatory compliance
  • - Sarbanes Oxley
  • - GLBA
  • Reduces liability associated with inappropriate
    use
  • Identifies rogue protocol usage
  • Stops unproductive and unethical internet use
  • Provides never before seen visibility to
    enterprise risk
  • Compelling ROI and low TCO
  • Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
16
Approximately 600 customers trust Vericept
.over 1,500,000 workstations being monitored!
Healthcare and Pharma
Financial
Utilities
Comm. Svcs
Retail and Manufacturing
Government and Education
17
Award-Winning Technology
  • Reflects technical excellence, professional
    achievement and the important role that
    information security professionals play in
    helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
18
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS
  • Information Privacy, Compliance, Productivity
    Reputation

19
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
20
Vericept Drivers
Internally Driven Policies Information Controls
  • Executive communications
  • Marketing plans
  • Merger and Acquisition activity
  • Research and development
  • Patents and trade secrets
  • Customer lists
  • Employee information (SSN, compensation)
  • and the list goes on

21
Vericept Drivers
Internally Driven Policies Acceptable Use
  • Internet use
  • Corporate email use
  • Instant Messaging use
  • Peer-to-Peer use
  • Appropriate content (or inappropriate)
  • Safe work or school environments (free from
    violence, hostility and harassment)

22
Vericept Drivers
Externally Driven Policies Compliance
  • HIPAA Security Rule
  • Gramm-Leach-Bliley
  • Sarbanes-Oxley
  • California Senate Bill 1386
  • USA Patriot Act
  • Childrens Internet Protection Act
  • Over 300 pieces of pending Privacy legislation

23
Vericept Protecting Your Information and
Reputation
  • Health Insurance Portability Accountability
    ActHIPAA

24
Health Insurance Portability Accountability Act
of 1996
  • SEC. 261. PURPOSE.
  • It is the purpose of this subtitle to improve
    the Medicare program under title XVIII of the
    Social Security Act, the medicaid program under
    title XIX of such Act, and the efficiency and
    effectiveness of the health care system, by
    encouraging the development of a health
    information system through the establishment of
    standards and requirements for the electronic
    transmission of certain health information.

25
HIPAA The Five Basic Principles
  • Consumer Control The regulation provides
    consumers with critical new rights to control the
    release of their medical information. 
  • Boundaries With few exceptions, an individual's
    health care information should be used for health
    purposes only, including treatment and payment. 
  • Accountability Under HIPAA, for the first time,
    there will be specific federal penalties if a
    patient's right to privacy is violated. 
  • Public Responsibility The new standards reflect
    the need to balance privacy protections with the
    public responsibility to support such national
    priorities as protecting public health,
    conducting medical research, improving the
    quality of care, and fighting health care fraud
    and abuse.
  • Security It is the responsibility of
    organizations that are entrusted with health
    information to protect it against deliberate or
    inadvertent misuse or disclosure.

26
Vericept Protecting Your Information and
Reputation
  • Sarbanes Oxley

27
Sarbanes-Oxley Requirements
  • Antifraud Programs and Controls
  • Fraud risk assessment (Section 103)
  • CEO and CFO Certification
  • Disclosure of controls and procedures (Section
    302)
  • Managements Annual Assessment Report
  • Assessment of Internal Controls over Financial
    Reporting (Section 404)
  • Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)
  • Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to
    satisfy and enforce Internal Control requirements

28
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
29
Vericept Protecting Your Information and
Reputation
  • Gramm-Leach-Bliley
  • Financial Modernization Act of 1999
  • (GLBA)

30
GLBA Data Protection Requirements -
  • Mandate that financial institutions protect the
    security and confidentiality of customers'
    non-public personal information and institute
    appropriate administrative, technical, and
    physical safeguards to accomplish this
    requirement.
  • Requires covered institutions to protect against
    any anticipated threats or hazards to the
    security or integrity of customer records
  • and to protect against unauthorized access to or
    use of records or information which could result
    in substantial harm or inconvenience to any
    customer.

31
How Vericept Enables GLBA Compliance
  • FFIEC Handbook Safeguards
  • Risk Assessment
  • Continuous, formal process
  • Security Controls Implementation
  • Controls to protect against malicious code
  • Personnel security / authorized use
  • Logging and data collection
  • Monitoring and Updating
  • Continuously analyze threats
  • Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
32
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks.  Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
33
Vericept Protecting Your Information and
Reputation
  • California
  • Senate Bill 1386
  • July 1, 2003

34
SB 1386 Requirements
  • What it is?
  • Mandate requiring public disclosure of
    computer-security breaches in which confidential
    information of ANY California resident MAY have
    been compromised
  • Who is affected?
  • The law covers every enterprise, public or
    private, doing business with California
    residents.
  • "Personal Information" means an individual's
    first name or first initial and last name in
    combination with any one or more of the following
    non-encrypted data elements
  • Social Security Number
  • California Driver's License Number or California
    Identification Card Number
  • Account number, credit or debit card number, in
    combo with security code, access code, or
    password that would permit access to an
    individual's financial account

35
CA SB 1386 Requirements
  • Mandated Action
  • Companies must warn California customers of
    security holes in their corporate computer
    networks
  • When a business discovers that confidentiality
    has or may have been breached it must notify the
    customers
  • If the business is unsure which customers have
    been affected, it must notify ALL customers of
    the breach. Obviously this is both an expensive
    and embarrassing event.
  • Impact
  • Burden is on to notify any, and all possible,
    effected consumers. If you cant identify which
    ones, you must go public
  • Significant CMPs (civil money penalties) are at
    risk

36
Vericept Protecting Your Information and
Reputation
  • Fraud and Identity Theft

37
Fraud and Identity Theft
  • Over 9.9 million Americans Were Victims
  • Thats 4.6 of the population
  • One third from new accounts, two thirds from
    existing accounts
  • Average loss - 4,800 per victim
  • Businesses Lost 47.6 Billion
  • 32.9 billion attributable to new accounts opened
    by unauthorized users
  • 14 billion attributable to existing account
    misuse by unauthorized users
  • 25 per card the cost of canceling and issuing
    a new credit card
  • When victims lost 5,000 or more, 81 told
    someone else this behavior places the companys
    reputation at risk!!

38
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
39
Vericept Protecting your Information and
Reputation
Section III VERICEPT SALES CYCLE
40
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE
  • Call Scripts
  • Referrals
  • Online Demo
  • Initial
  • Exposure
  • Assessment
  • Implement. Expectations
  • PO
  • SLA
  • Move to Implement.
  • Secondary
  • EA Present.
  • SLA Review
  • Proposal
  • SOW
  • Implement. Plan

VERICEPTSALES TOOLS
41
Vericept Sales Cycle
Create Interest
  • CREATE INTEREST
  • Research your prospect
  • Identify corporate mission, company positioning,
    key players, financials, recent news, Code of
    Conduct, etc.
  • Contact Prospect at Business Decision-Maker Level
    - (e.g., CIO, Compliance, HR, Finance, Internal
    Audit, etc.)
  • Understand what they are responsible for and then
    link Vericept benefit to them
  • Business Decision Makers
  • Chief Financial Officer
  • CSO / CISO
  • Chief Information Officer
  • Chief Ethics Officer
  • Corporate Compliance Officer
  • Chief Risk Officer
  • VP of HR
  • Corporate Governance Officer
  • Legal / Corporate Counsel
  • Chief Privacy Officer
  • Director of Security
  • Head of Marketing
  • CEO
  • Internal Audit

42
Elevator Pitch
  • Vericept Corporation is the leading provider of
    enterprise risk management solutions enabling
    corporations, government agencies and education
    institutions to manage and dramatically reduce
    insider risk.
  • Vericept provides immediate visibility to
    multiple forms of business risk including
    regulation compliance violations, corporate
    governance concerns, internal policy infractions,
    information leaks, and unacceptable internet use.
    Based on the patented advanced linguistics
    engine, the Vericept Solutions analyze all
    content of inbound and outbound internet traffic
    using pre-defined categories, enabling companies
    to instantly identify and terminate any activity
    falling outside of an organizations predefined
    acceptable use policy.
  • Vericepts innovative solutions prevent losses
    to valuable information assets and protect the
    organization Brand and reputation.

43
Vericept Sales Cycle
Qualification
  • QUALIFICATION The Initial Hook
  • Flesh out their current security infrastructure
  • Flesh out their acceptable use policies
  • Would You Know If Questions
  • Share customer anecdotes
  • Present Vericept Corporate Overview and Online
    Demo
  • Commit to next step (meet with other
    stakeholders, Exposure Assessment, etc)
  • QUALIFICATION Understand the Procurement
    Process
  • Learn typical procurement process
  • Determine availability of funds
  • Determine appropriation of funds (especially for
    out-of-budget purchases)
  • Identify the titles and names of those affecting
    the purchasing process
  • If youre pressured to deliver pricing prior to
    the EA or proposal give them budget and
    planning numbers of 20 to 30 per workstation
    annually.

44
Vericept Protecting Your Information and
Reputation
Qualification
  • The Online Demo
  • Actual Logs - just anonymized

45
Vericept Sales Cycle
Qualification
  • QUALIFICATION Reference Trial Close
  • The Demo you have just seen reflects the manner
    in which the solution would be used and the types
    of information that would be captured if the
    solution were installed on your network. Based
    upon your feedback, it sounds like this has a
    clear and valuable fit in your environment. We
    have the ability to deliver the solution in a
    manner that can be recognized either as an
    Operating Expense or Capital Expense. Which
    would better fit with your budget and financial
    structure?
  • Contact your Vericept Channel Sales Manager (CSM)
  • Share Customer Anecdotes, Case Studies and
    Analyst Quotes
  • References Online
  • Broker a concall between the two parties

46
Vericept Sales Cycle
Qualification
  • QUALIFICATION Exposure Assessment Trial Close
  • We have a program we refer to as the Exposure
    Assessment. This Program provides a 7 day snap
    shot of activity on your network and the various
    points of business risk tied to inappropriate
    network use and abuse. We install a Vericept
    device on your network, let it run for 7 days
    then present the results of our findings in the
    form of an Executive Presentation. Typically the
    Exposure Assessment is priced at 20,000.
    However, as the program has evolved, at times
    waive that fee provided your organization is
    committed to gaining the executive level buy-in
    on the program. This is done by confirming the
    key stake-holders attend the Executive
    Presentation. The reason for this request comes
    from our desire to ensure were not wasting your
    time or ours. Frankly, in the past we have had
    some organizations that have learned, only after
    performing an EA that they are not prepared to
    address the issues and risks that were discovered
    during the assessment. Usually, the key stake
    holders are the executives responsible for
    Compliance, HR, IT and Legal. Do you have
    separate individuals responsible for these
    functional areas? Would those individuals be of
    a mindset to address these issues?
  • If yes, send the EA Agreement and require them to
    get it signed by the individual that would
    ultimately have purchasing authority should they
    decide to purchase the Vericept solution.

47
Vericept Sales Cycle
Qualification
  • QUALIFICATION Exposure Assessment Trial Close
  • Pull Exposure Assessment Agreement from
    www.vericept.com and get it signed by customer
    (decision-maker)
  • Set Exposure Assessment best practices
    expectations
  • Provide Network Configuration Diagram Worksheet
  • Proactively secure the EA installation
    presentation dates key contacts
  • Present a quick, but compelling, EA presentation.
    Follow the proven Vericept format discuss the
    deployment process (not as overwhelming as they
    assume).
  • IMPLEMENTATION METHODOLOGY
  • Set Implementation Expectations
  • Scope to be fully defined in the final proposal
    to your customer

48
Qualification
Implementation Methodology
Phase I
Phase II
Phase III

Initial Assessment and Sale
Discovery
Build, Install and Test
Phase IV
Phase V
Post Implementation Review
Implementation and Support
49
Vericept Sales Cycle
Conviction
  • CONVICTION Secondary EA Presentation
  • If all stake holders are not present for the
    Initial EA Presentation, the customer usually
    conducts a secondary EA presentation to
    additional decision-makers, stakeholders and
    budget committees.
  • Offer to present to the secondary decision-makers
    (not unusual to be declined because generally
    additional action items are discussed during
    those meetings that dont involve Vericept).
  • Do insist on helping the champion develop
    his/hers Vericept presentation
  • Provide EA Presentation or shorter version
  • Provide role-play assistance
  • Provide additional documents, white-papers, or
    references to solidify the decision and budget.
  • Help them find the budget dollars to buy now.
  • Express a willingness and capability to get
    creative with the financing of the solution if
    you think there may be budget issues.
  • Secure a date and time you will follow up with
    the champion (typically the day after their
    internal meeting)

50
Vericept Sales Cycle
Conviction
  • CONVICTION Deliver Proposal
  • Deliver a Quote, Proposal or Statement of Work
    put something in front of the customer for them
    to say yes to.
  • Include the full complement of Vericept Solutions
  • Info Privacy protects your valuable information
  • Acceptable Use addresses employee productivity
    and reputation risk management
  • Preventative Security capture the internal
    hackers
  • Stored Data data-at-rest
  • Custom Search Parameters the tool to customize
    Vericept
  • Never line item the pricing include all modules
    with one aggregate investment price.
  • Be sure to include the points of pain
    identified early on and the cost associated with
    them
  • Include detailed solution implementation plan
    (Statement of Work)
  • Follow up, follow up, follow up

51
Vericept Sales Cycle
Conviction
  • CONVICTION Software License Agreement
  • Deliver the SLA as early as possible for the
    Customer to expedite the legal review process
  • Make the SLA review a non-event. It is just
    standard software licensing language
  • Pull the latest version from www.vericept.com
  • Engage your Channel Sales Manager to field 100
    of the questions and proposed red-line. Under no
    circumstance should our CVSP negotiate verbiage
    changes to the SLA!
  • Get signature on the SLA or online approval for
    the electronic version

52
Vericept Sales Cycle
Close
  • CLOSE The Win
  • The deal is booked when two things happen
  • Vericept receives a valid Purchase Order from the
    CVSP or Distributor and
  • Vericept receives the signed Software License
    Agreement (either hardcopy or electronic)
  • CONGRATULATIONS youve now delivered a true
    solution that will positively impact the senior
    members of your Customer. You will now be
    elevated to a trusted advisor level in their eyes
    (if you werent there already).
  • Move to Implementation

53
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
54
Our Piece of the Pie
Security MarketLandscape
3.3 Billion (2008) Messaging Security -
1.7B SCM Appliance - 1.6B
VericeptMarketOpportunity
SecureContentMonitoringMarket
7.5 Billion (2008)
Internet SecurityPrivacy Market
16 Billion (2008)
IDC Estimates (April, 2004)
55
Gartners Hype Cycle
Vericept
56
Vericept Solutions System Requirements
  • Dedicated Appliance
  • Intel-compatible processor
  • 3 GHz minimum processing speed
  • 2 GB RAM
  • 120 GB Hard drive or larger
  • 2 network interface cards (NICs)
  • CD-ROM drive
  • Floppy disk drive
  • Operating System
  • Red Hat Enterprise Linux (RHEL) version 3.0 WS

57
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
58
Vericept Distributed Deployment
59
Vericept Distributed Deployment cont.
60
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
61
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
62
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
(eNPI) Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
63
Vericept Pricing Strategy
  • 3 year term - paid up front (software
    maintenance included)
  • Perpetual License (software maintenance 20)
  • Pricing volume discount based on number of
    users
  • Minimum deal size priced at 250 users
  • VSP or Vericept can source hardware
  • Work passionately to maintain the List Price!
  • Price List updated quarterly

64
Training Exercise
  • CASE STUDY You have called on the Chief
    Information Security Officer of a major hospital
    group. Youve learned that she is very concerned
    about protecting protected health information and
    HIPAA is a constant board-level topic. In
    addition, her VP of Human Resources asked her if
    she was aware of any technology to track
    employees who visit unauthorized websites. Their
    network is comprised of 1,100 workstations but
    1,900 users.
  • What Vericept Solutions would you recommend?
    Which solutions would address which problems?
  • What is the price of the proposed solutions?
  • What else beside software should be factored into
    your proposal?

65
Vericept Protecting your Information and
Reputation
Section V PARTNER RESOURCE CENTER
66
Partner Resource Center www.vericept.com
67
Vericept Solutions Online Demos
68
References Online
69
Sample Policy Concerns and Solution Mapping
70
Sample Policy Concerns and Solutions Mapping
(cont.)
71
(No Transcript)
72
Vericept Protecting Your Information and
Reputation
Section V VERICEPT CORPORATION

73
Vericept Background
  • Founded in 1999 Denver, Colorado
  • Award-winning, patent-pending (5) technology
  • Seasoned Management Team Approximately 65
    Outstanding Personnel
  • Financial backers Sigma Venture Partners,
    William Blair Venture Capital, Sequel Venture
    Partners, Visa International
  • Industries financial services, healthcare,
    retail, manufacturing, government, education,
    pharma, telecommunications, energy
  • Approximately 600 customers trust Vericept over
    1.5M workstations being monitored

74
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
75
Vericept Sales Strategy
  • Direct Accessible Markets
  • Enterprise 500m
  • Hospitals 4b
  • Federal Government
  • VSP Accessible Markets
  • SME
  • Hospitals
  • State Local Government
  • Education

Direct Sales
Solutions Partners
Distributors
76
Vericept Solutions Partner Program VSPs
  • VISIONTo be the standard in which our partners
    measure their other vendors.
  • MISSIONCreate a global ecosystem of solution
    partners who leverage the unique capabilities of
    Vericept solutions to create new customers and
    organically grow existing customers in a
    profitable and mutually beneficial manner.
  • VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
    revenue in each region.

77
Vericept Solution Partner Program VSPs
  • Certified Vericept Solution Partner Requirements
  • Certified Vericept Solutions Architect
  • Certified Vericept Sales Engineer
  • Self-Sufficient Through Entire Sales Process
    (conduct EAs)
  • Relentlessly pursue customers defined in the VSP
    Accessible Markets
  • Generate at Least 500k in Vericept revenue to
    CVSP
  • VSP Accessible Market (as defined by Hoovers
    Online)
  • SMEs annual revenue
  • Education (K-12 and higher-ed)
  • State Local Government
  • Standalone Hospitals Hospital Groups in annual revenue
  • CSMs have the named account list

78
Lead Referral Program
  • For Customers Outside of the Scope of the VSP
    Accessible Markets
  • Principles of Engagement
  • Submit a completed VSP Lead Qualification Form
  • One VSP Lead Qualification Form per Customer
    transaction.
  • Vericept controls the sales process from the
    moment the VSP Lead Referral Qualification Form
    is approved in writing.
  • Vericept, as a best practice, will incorporate
    the CVSPs service delivery team to the extent it
    has the certification, experience, and desire.
  • Referral fee is only applicable to the Vericept
    software portion of the transaction.
  • One referral payment per VSP Lead Qualification
    Form.

79
(No Transcript)
80
Market Landscape
TIER 1 Content Monitoring
  • Direct competitors

TIER 2 Employee Internet Management / Messaging
  • Not directly competitive
  • Potential partners

Compliance
TIER 3 Network Security / Forensics
  • Not competitive
  • Sometimes asked about

81
  • Vericept Differentiators Why Vericept?
  • Differentiator 1 Its all about what you
    DONT know
  • Differentiator 2 Vericept identifies sensitive
    content in unstructured formats
  • Differentiator 3 Linguistic Analysis Engine
  • Differentiator 4 Vericept monitors all TCP/IP
    traffic
  • Differentiator 5 Vericept monitors both
    incoming and outgoing traffic
  • Differentiator 6 Low Total Cost of Ownership
  • Differentiator 7 Preventive Security
  • Differentiator 8 Stored Data Analyzer
  • Differentiator 9 Partners, Customers, Customer
    Quotes 3rd party validation
  • Differentiator 10 We will work just as hard
    to keep you as a customer as we will to make you
    a customer

82
Vericept Protecting Your Information and
Reputation
Section VII BEST PRACTICES

83
Best Practices
  • Target the industry verticals
  • Healthcare, Education, Finance
  • Any one with information and a reputation to
    protect
  • This is a strategic business decision not an
    IT decision
  • But remember IT is a critical stakeholder
  • The economic decision-maker is usually a CIO,
    CFO, and or CEO
  • Critical coaches include Compliance Officer,
    Director of Security, VP of Human Resources,
    Internal Audit, etc.
  • Sales Math (per month) 12 leads (3/wk) 3
    EAs 1 Win

84
Best Practices
  • Selling Vericept Requires
  • Focus, focus, focus persistence, persistence,
    persistence
  • But know when to fish or cut bait
  • Consultative Selling because this is a solution
    not a product sale
  • Leverage the proven best practices, resources,
    and your Channel Sales Manager
  • Forecasting (yes forecasting and heres why)
  • Your Channel Sales Manager can proactively engage
    resources to expedite the sales process
    (themselves, Vericept Executives, key Customer
    References, etc.)
  • Reduces channel conflict because your Channel
    Sales Manager will only go on account calls with
    one CVSP. Race goes to the swiftest.
  • Vericept leads get distributed to those who focus
    on Vericept the most and forecast diligently.
  • Because your Channel Sales Manager has to
    forecast to Vericept each and every week!!

85
The Best Best Practice
  • STRIKE WHEN THE IRON IS HOT
  • Especially after the initial Exposure Assessment
    presentation
  • If the sales process is not moving forward then
    it is moving backwards.
  • Our most successful Partners have learned that
    lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
86
Youre Not the Only One Who Believes in Vericept!
  • Partnering to combat Fraud and Identity Theft
  • Vericept is the only Content Monitoring Partner
    within Visas exclusive Strategic Alliances
    Program
  • Strategic discussions and planning underway to
    develop initiatives for managing information risk
  • www.visa.com/sai

87
Award-Winning Technology
  • Reflects technical excellence, professional
    achievement and the important role that
    information security professionals play in
    helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
88
Vericept Protecting your Information and
Reputation
THANK YOU VERY MUCH
  • CONGRATULATIONS Youre a CVSA!
View by Category
About This Presentation
Title:

Vericept CVSA Training

Description:

... Peer ( i.e. KaZaA and Limewire) Chat rooms. Attachments. Web. hacking tools ... Safe work or school environments (free from violence, hostility and harassment) ... – PowerPoint PPT presentation

Number of Views:193
Avg rating:3.0/5.0
Slides: 89
Provided by: kento
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Vericept CVSA Training


1
Certified Vericept Sales Architect CVSA Sales
Certification Training
Ken Totura Vericept Corporation
1Q 2005
www.vericept.com
2
Why We Are Here Today
  • Internet Security / Privacy Market is Hot! (IDC)
  • 15 growth rate by 2005 which translates into
    more than 118b by 2007
  • Worldwide spending will grow twice as fast as IT
    overall
  • 40 of IT managers saw security as their top IT
    budget priority
  • Risk Management is Even Hotter
  • FTC 10 million victims of Identity Theft in
    2003 costing 47b
  • KPMG -60 of companies being victimized by
    employee fraud
  • IDC Over one-third of the financial or data
    loss incidents involved insiders
  • PWC Companies view Security as a strategic
    enabler
  • Vericept is a Wildly Unique Solution
  • Differentiate yourself from your competitors
  • Customer escalation CxO
  • Customer acquisition Beachhead
  • Tremendous margins

3
Agenda
  • Section I The Problem and Solution
  • Section II Business Risk Drivers
  • Section III Vericept Sales Cycle
  • Section IV Vericept Products are Called
    Solutions
  • Section V Partner Resource Center
  • Section VI Vericept Corporation
  • Section VII Best Practices
  • Certified Vericept Sales Architect
    Congratulations!

4
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

5
What Keeps These Folks Up At Night?
  • Board of Directors
  • Chief Executive Officer
  • President Chief Operating Officer
  • Chief Financial Officer
  • Chief Information Security Officer (Compliance
    Officer)
  • Chief Information Officer
  • VP of Sales
  • VP of Marketing
  • VP of Legal
  • VP of Human Resources

6
Would You Immediately Know If
  • A trusted employee pasted confidential
    acquisition information into a webmail message
    and sent it to your competitor?
  • An employee downloaded hacker tools to their work
    computer with the intention of stealing your
    customers private data?
  • An employee posted your confidential executive
    communications or financial data on
    www.internalmemos.com or some other internet
    posting site like Yahoo Finance?
  • An employee is using a P2P client and is
    inadvertently exposing your proprietary
    information to millions of other P2P users?

7
The Problem
  • Lack of EFFECTIVE VISIBILITY to confidential and
    inappropriate content flowing across the network.
    The risk and results can be significant
  • Information Loss
  • Company Intellectual Property, RD, Customer
    Lists, source codeCorp. Espionage
  • Customer Information SSN, credit card number,
    mothers maiden nameID Theft
  • Non-Compliance
  • GLBA, HIPAA, CA 1386 protecting customer
    privacy
  • Sarbanes-Oxley protecting investors, corporate
    ethical responsibility
  • Abuse of Internet Usage
  • Productivity employees and contractors surfing
    the web for hours and hours
  • Legal Liability sexual harassment, workplace
    violence, wrongful termination
  • Insider IT System Mischief/Hacking
  • Sabotage and Hacking viruses, worms, exploits
  • (leading to) Theft keyloggers, unauthorized
    access
  • System Downtime troubleshooting and fixing
    problems

8
Where is the Exposure and Risk?
  • Email and Web-based mail
  • Instant Messaging
  • Internet Postings
  • FTP
  • Peer-to-Peer ( i.e. KaZaA and Limewire)
  • Chat rooms
  • Attachments
  • Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
10
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information (eNPI) Social
Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis
  • Goes far beyond keyword searches by reading
    content and understanding the context of the
    communication
  • Can catch the more subtle risky communication
    that other technologies miss
  • Almost 60 predefined categories leverage the
    intelligence platform, flag and classify various
    types of content traveling into, out of and
    across a network
  • Works immediately out of the box, requiring no
    lengthy data definition exercises or expensive
    development efforts
  • How it works
  • Content looks at the text of the communication,
    effectively reading it
  • Context looks at the communication format to
    understand the meaning of the text
  • Structure looks at the communication type,
    whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters
  • Leverages Vericepts Extended Regular Expressions
    which have been optimized by Vericept Labs
  • Combines power of intelligence with keyword
    driven matches to enable more effective
    identification of risks to an enterprise

14
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting
  • Passively monitors the content of ALL internet
    traffic
  • Includes web, web-mail, email, chat, instant
    messaging, peer-to-peer file sharing, telnet,
    ftp, postings and more...
  • Intelligently analyzes and identifies ONLY the
    pertinent content at risk
  • Provides detailed content capture,
    proof-positive evidence
  • Identity Match ties inappropriate activity and
    content to the user
  • Provides detailed information delivery and
    reporting
  • Ability to perform same intelligent analysis on
    stored data

15
Vericept Value and Benefits
  • Prevents Information Loss, Identity Theft and
    Corporate Espionage
  • Enables regulatory compliance
  • - Sarbanes Oxley
  • - GLBA
  • Reduces liability associated with inappropriate
    use
  • Identifies rogue protocol usage
  • Stops unproductive and unethical internet use
  • Provides never before seen visibility to
    enterprise risk
  • Compelling ROI and low TCO
  • Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
16
Approximately 600 customers trust Vericept
.over 1,500,000 workstations being monitored!
Healthcare and Pharma
Financial
Utilities
Comm. Svcs
Retail and Manufacturing
Government and Education
17
Award-Winning Technology
  • Reflects technical excellence, professional
    achievement and the important role that
    information security professionals play in
    helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
18
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS
  • Information Privacy, Compliance, Productivity
    Reputation

19
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
20
Vericept Drivers
Internally Driven Policies Information Controls
  • Executive communications
  • Marketing plans
  • Merger and Acquisition activity
  • Research and development
  • Patents and trade secrets
  • Customer lists
  • Employee information (SSN, compensation)
  • and the list goes on

21
Vericept Drivers
Internally Driven Policies Acceptable Use
  • Internet use
  • Corporate email use
  • Instant Messaging use
  • Peer-to-Peer use
  • Appropriate content (or inappropriate)
  • Safe work or school environments (free from
    violence, hostility and harassment)

22
Vericept Drivers
Externally Driven Policies Compliance
  • HIPAA Security Rule
  • Gramm-Leach-Bliley
  • Sarbanes-Oxley
  • California Senate Bill 1386
  • USA Patriot Act
  • Childrens Internet Protection Act
  • Over 300 pieces of pending Privacy legislation

23
Vericept Protecting Your Information and
Reputation
  • Health Insurance Portability Accountability
    ActHIPAA

24
Health Insurance Portability Accountability Act
of 1996
  • SEC. 261. PURPOSE.
  • It is the purpose of this subtitle to improve
    the Medicare program under title XVIII of the
    Social Security Act, the medicaid program under
    title XIX of such Act, and the efficiency and
    effectiveness of the health care system, by
    encouraging the development of a health
    information system through the establishment of
    standards and requirements for the electronic
    transmission of certain health information.

25
HIPAA The Five Basic Principles
  • Consumer Control The regulation provides
    consumers with critical new rights to control the
    release of their medical information. 
  • Boundaries With few exceptions, an individual's
    health care information should be used for health
    purposes only, including treatment and payment. 
  • Accountability Under HIPAA, for the first time,
    there will be specific federal penalties if a
    patient's right to privacy is violated. 
  • Public Responsibility The new standards reflect
    the need to balance privacy protections with the
    public responsibility to support such national
    priorities as protecting public health,
    conducting medical research, improving the
    quality of care, and fighting health care fraud
    and abuse.
  • Security It is the responsibility of
    organizations that are entrusted with health
    information to protect it against deliberate or
    inadvertent misuse or disclosure.

26
Vericept Protecting Your Information and
Reputation
  • Sarbanes Oxley

27
Sarbanes-Oxley Requirements
  • Antifraud Programs and Controls
  • Fraud risk assessment (Section 103)
  • CEO and CFO Certification
  • Disclosure of controls and procedures (Section
    302)
  • Managements Annual Assessment Report
  • Assessment of Internal Controls over Financial
    Reporting (Section 404)
  • Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)
  • Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to
    satisfy and enforce Internal Control requirements

28
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
29
Vericept Protecting Your Information and
Reputation
  • Gramm-Leach-Bliley
  • Financial Modernization Act of 1999
  • (GLBA)

30
GLBA Data Protection Requirements -
  • Mandate that financial institutions protect the
    security and confidentiality of customers'
    non-public personal information and institute
    appropriate administrative, technical, and
    physical safeguards to accomplish this
    requirement.
  • Requires covered institutions to protect against
    any anticipated threats or hazards to the
    security or integrity of customer records
  • and to protect against unauthorized access to or
    use of records or information which could result
    in substantial harm or inconvenience to any
    customer.

31
How Vericept Enables GLBA Compliance
  • FFIEC Handbook Safeguards
  • Risk Assessment
  • Continuous, formal process
  • Security Controls Implementation
  • Controls to protect against malicious code
  • Personnel security / authorized use
  • Logging and data collection
  • Monitoring and Updating
  • Continuously analyze threats
  • Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
32
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks.  Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
33
Vericept Protecting Your Information and
Reputation
  • California
  • Senate Bill 1386
  • July 1, 2003

34
SB 1386 Requirements
  • What it is?
  • Mandate requiring public disclosure of
    computer-security breaches in which confidential
    information of ANY California resident MAY have
    been compromised
  • Who is affected?
  • The law covers every enterprise, public or
    private, doing business with California
    residents.
  • "Personal Information" means an individual's
    first name or first initial and last name in
    combination with any one or more of the following
    non-encrypted data elements
  • Social Security Number
  • California Driver's License Number or California
    Identification Card Number
  • Account number, credit or debit card number, in
    combo with security code, access code, or
    password that would permit access to an
    individual's financial account

35
CA SB 1386 Requirements
  • Mandated Action
  • Companies must warn California customers of
    security holes in their corporate computer
    networks
  • When a business discovers that confidentiality
    has or may have been breached it must notify the
    customers
  • If the business is unsure which customers have
    been affected, it must notify ALL customers of
    the breach. Obviously this is both an expensive
    and embarrassing event.
  • Impact
  • Burden is on to notify any, and all possible,
    effected consumers. If you cant identify which
    ones, you must go public
  • Significant CMPs (civil money penalties) are at
    risk

36
Vericept Protecting Your Information and
Reputation
  • Fraud and Identity Theft

37
Fraud and Identity Theft
  • Over 9.9 million Americans Were Victims
  • Thats 4.6 of the population
  • One third from new accounts, two thirds from
    existing accounts
  • Average loss - 4,800 per victim
  • Businesses Lost 47.6 Billion
  • 32.9 billion attributable to new accounts opened
    by unauthorized users
  • 14 billion attributable to existing account
    misuse by unauthorized users
  • 25 per card the cost of canceling and issuing
    a new credit card
  • When victims lost 5,000 or more, 81 told
    someone else this behavior places the companys
    reputation at risk!!

38
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
39
Vericept Protecting your Information and
Reputation
Section III VERICEPT SALES CYCLE
40
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE
  • Call Scripts
  • Referrals
  • Online Demo
  • Initial
  • Exposure
  • Assessment
  • Implement. Expectations
  • PO
  • SLA
  • Move to Implement.
  • Secondary
  • EA Present.
  • SLA Review
  • Proposal
  • SOW
  • Implement. Plan

VERICEPTSALES TOOLS
41
Vericept Sales Cycle
Create Interest
  • CREATE INTEREST
  • Research your prospect
  • Identify corporate mission, company positioning,
    key players, financials, recent news, Code of
    Conduct, etc.
  • Contact Prospect at Business Decision-Maker Level
    - (e.g., CIO, Compliance, HR, Finance, Internal
    Audit, etc.)
  • Understand what they are responsible for and then
    link Vericept benefit to them
  • Business Decision Makers
  • Chief Financial Officer
  • CSO / CISO
  • Chief Information Officer
  • Chief Ethics Officer
  • Corporate Compliance Officer
  • Chief Risk Officer
  • VP of HR
  • Corporate Governance Officer
  • Legal / Corporate Counsel
  • Chief Privacy Officer
  • Director of Security
  • Head of Marketing
  • CEO
  • Internal Audit

42
Elevator Pitch
  • Vericept Corporation is the leading provider of
    enterprise risk management solutions enabling
    corporations, government agencies and education
    institutions to manage and dramatically reduce
    insider risk.
  • Vericept provides immediate visibility to
    multiple forms of business risk including
    regulation compliance violations, corporate
    governance concerns, internal policy infractions,
    information leaks, and unacceptable internet use.
    Based on the patented advanced linguistics
    engine, the Vericept Solutions analyze all
    content of inbound and outbound internet traffic
    using pre-defined categories, enabling companies
    to instantly identify and terminate any activity
    falling outside of an organizations predefined
    acceptable use policy.
  • Vericepts innovative solutions prevent losses
    to valuable information assets and protect the
    organization Brand and reputation.

43
Vericept Sales Cycle
Qualification
  • QUALIFICATION The Initial Hook
  • Flesh out their current security infrastructure
  • Flesh out their acceptable use policies
  • Would You Know If Questions
  • Share customer anecdotes
  • Present Vericept Corporate Overview and Online
    Demo
  • Commit to next step (meet with other
    stakeholders, Exposure Assessment, etc)
  • QUALIFICATION Understand the Procurement
    Process
  • Learn typical procurement process
  • Determine availability of funds
  • Determine appropriation of funds (especially for
    out-of-budget purchases)
  • Identify the titles and names of those affecting
    the purchasing process
  • If youre pressured to deliver pricing prior to
    the EA or proposal give them budget and
    planning numbers of 20 to 30 per workstation
    annually.

44
Vericept Protecting Your Information and
Reputation
Qualification
  • The Online Demo
  • Actual Logs - just anonymized

45
Vericept Sales Cycle
Qualification
  • QUALIFICATION Reference Trial Close
  • The Demo you have just seen reflects the manner
    in which the solution would be used and the types
    of information that would be captured if the
    solution were installed on your network. Based
    upon your feedback, it sounds like this has a
    clear and valuable fit in your environment. We
    have the ability to deliver the solution in a
    manner that can be recognized either as an
    Operating Expense or Capital Expense. Which
    would better fit with your budget and financial
    structure?
  • Contact your Vericept Channel Sales Manager (CSM)
  • Share Customer Anecdotes, Case Studies and
    Analyst Quotes
  • References Online
  • Broker a concall between the two parties

46
Vericept Sales Cycle
Qualification
  • QUALIFICATION Exposure Assessment Trial Close
  • We have a program we refer to as the Exposure
    Assessment. This Program provides a 7 day snap
    shot of activity on your network and the various
    points of business risk tied to inappropriate
    network use and abuse. We install a Vericept
    device on your network, let it run for 7 days
    then present the results of our findings in the
    form of an Executive Presentation. Typically the
    Exposure Assessment is priced at 20,000.
    However, as the program has evolved, at times
    waive that fee provided your organization is
    committed to gaining the executive level buy-in
    on the program. This is done by confirming the
    key stake-holders attend the Executive
    Presentation. The reason for this request comes
    from our desire to ensure were not wasting your
    time or ours. Frankly, in the past we have had
    some organizations that have learned, only after
    performing an EA that they are not prepared to
    address the issues and risks that were discovered
    during the assessment. Usually, the key stake
    holders are the executives responsible for
    Compliance, HR, IT and Legal. Do you have
    separate individuals responsible for these
    functional areas? Would those individuals be of
    a mindset to address these issues?
  • If yes, send the EA Agreement and require them to
    get it signed by the individual that would
    ultimately have purchasing authority should they
    decide to purchase the Vericept solution.

47
Vericept Sales Cycle
Qualification
  • QUALIFICATION Exposure Assessment Trial Close
  • Pull Exposure Assessment Agreement from
    www.vericept.com and get it signed by customer
    (decision-maker)
  • Set Exposure Assessment best practices
    expectations
  • Provide Network Configuration Diagram Worksheet
  • Proactively secure the EA installation
    presentation dates key contacts
  • Present a quick, but compelling, EA presentation.
    Follow the proven Vericept format discuss the
    deployment process (not as overwhelming as they
    assume).
  • IMPLEMENTATION METHODOLOGY
  • Set Implementation Expectations
  • Scope to be fully defined in the final proposal
    to your customer

48
Qualification
Implementation Methodology
Phase I
Phase II
Phase III

Initial Assessment and Sale
Discovery
Build, Install and Test
Phase IV
Phase V
Post Implementation Review
Implementation and Support
49
Vericept Sales Cycle
Conviction
  • CONVICTION Secondary EA Presentation
  • If all stake holders are not present for the
    Initial EA Presentation, the customer usually
    conducts a secondary EA presentation to
    additional decision-makers, stakeholders and
    budget committees.
  • Offer to present to the secondary decision-makers
    (not unusual to be declined because generally
    additional action items are discussed during
    those meetings that dont involve Vericept).
  • Do insist on helping the champion develop
    his/hers Vericept presentation
  • Provide EA Presentation or shorter version
  • Provide role-play assistance
  • Provide additional documents, white-papers, or
    references to solidify the decision and budget.
  • Help them find the budget dollars to buy now.
  • Express a willingness and capability to get
    creative with the financing of the solution if
    you think there may be budget issues.
  • Secure a date and time you will follow up with
    the champion (typically the day after their
    internal meeting)

50
Vericept Sales Cycle
Conviction
  • CONVICTION Deliver Proposal
  • Deliver a Quote, Proposal or Statement of Work
    put something in front of the customer for them
    to say yes to.
  • Include the full complement of Vericept Solutions
  • Info Privacy protects your valuable information
  • Acceptable Use addresses employee productivity
    and reputation risk management
  • Preventative Security capture the internal
    hackers
  • Stored Data data-at-rest
  • Custom Search Parameters the tool to customize
    Vericept
  • Never line item the pricing include all modules
    with one aggregate investment price.
  • Be sure to include the points of pain
    identified early on and the cost associated with
    them
  • Include detailed solution implementation plan
    (Statement of Work)
  • Follow up, follow up, follow up

51
Vericept Sales Cycle
Conviction
  • CONVICTION Software License Agreement
  • Deliver the SLA as early as possible for the
    Customer to expedite the legal review process
  • Make the SLA review a non-event. It is just
    standard software licensing language
  • Pull the latest version from www.vericept.com
  • Engage your Channel Sales Manager to field 100
    of the questions and proposed red-line. Under no
    circumstance should our CVSP negotiate verbiage
    changes to the SLA!
  • Get signature on the SLA or online approval for
    the electronic version

52
Vericept Sales Cycle
Close
  • CLOSE The Win
  • The deal is booked when two things happen
  • Vericept receives a valid Purchase Order from the
    CVSP or Distributor and
  • Vericept receives the signed Software License
    Agreement (either hardcopy or electronic)
  • CONGRATULATIONS youve now delivered a true
    solution that will positively impact the senior
    members of your Customer. You will now be
    elevated to a trusted advisor level in their eyes
    (if you werent there already).
  • Move to Implementation

53
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
54
Our Piece of the Pie
Security MarketLandscape
3.3 Billion (2008) Messaging Security -
1.7B SCM Appliance - 1.6B
VericeptMarketOpportunity
SecureContentMonitoringMarket
7.5 Billion (2008)
Internet SecurityPrivacy Market
16 Billion (2008)
IDC Estimates (April, 2004)
55
Gartners Hype Cycle
Vericept
56
Vericept Solutions System Requirements
  • Dedicated Appliance
  • Intel-compatible processor
  • 3 GHz minimum processing speed
  • 2 GB RAM
  • 120 GB Hard drive or larger
  • 2 network interface cards (NICs)
  • CD-ROM drive
  • Floppy disk drive
  • Operating System
  • Red Hat Enterprise Linux (RHEL) version 3.0 WS

57
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
58
Vericept Distributed Deployment
59
Vericept Distributed Deployment cont.
60
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solution
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
61
Vericept Solutions Composition by Solution
Acceptable Use Manager
Unstructured Data Adult Conflict Gambling Games Ra
cism Shopping Sports Substance Abuse Trading Viole
nt Acts Weapons Peer-to-Peer File
Research Capture All Instances IM Chat Mailing
Lists Peer-to-peer File Share Postings Webmail
62
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - EDU (AUMe)

Custom Search Parameters
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
CSPs are used to identify company-specific
information Examples Proprietary
information Trade secrets Intellectual
property Communication with competitors Company-sp
ecific jargon Project acronyms Customer
account numbers
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal Information
(eNPI) Social Security Number
2. RCM HIPAA Structured Data Protected Health
Information (ePHI) Social Security Number
Stored Data Analyzer Data At Rest
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
63
Vericept Pricing Strategy
  • 3 year term - paid up front (software
    maintenance included)
  • Perpetual License (software maintenance 20)
  • Pricing volume discount based on number of
    users
  • Minimum deal size priced at 250 users
  • VSP or Vericept can source hardware
  • Work passionately to maintain the List Price!
  • Price List updated quarterly

64
Training Exercise
  • CASE STUDY You have called on the Chief
    Information Security Officer of a major hospital
    group. Youve learned that she is very concerned
    about protecting protected health information and
    HIPAA is a constant board-level topic. In
    addition, her VP of Human Resources asked her if
    she was aware of any technology to track
    employees who visit unauthorized websites. Their
    network is comprised of 1,100 workstations but
    1,900 users.
  • What Vericept Solutions would you recommend?
    Which solutions would address which problems?
  • What is the price of the proposed solutions?
  • What else beside software should be factored into
    your proposal?

65
Vericept Protecting your Information and
Reputation
Section V PARTNER RESOURCE CENTER
66
Partner Resource Center www.vericept.com
67
Vericept Solutions Online Demos
68
References Online
69
Sample Policy Concerns and Solution Mapping
70
Sample Policy Concerns and Solutions Mapping
(cont.)
71
(No Transcript)
72
Vericept Protecting Your Information and
Reputation
Section V VERICEPT CORPORATION

73
Vericept Background
  • Founded in 1999 Denver, Colorado
  • Award-winning, patent-pending (5) technology
  • Seasoned Management Team Approximately 65
    Outstanding Personnel
  • Financial backers Sigma Venture Partners,
    William Blair Venture Capital, Sequel Venture
    Partners, Visa International
  • Industries financial services, healthcare,
    retail, manufacturing, government, education,
    pharma, telecommunications, energy
  • Approximately 600 customers trust Vericept over
    1.5M workstations being monitored

74
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
75
Vericept Sales Strategy
  • Direct Accessible Markets
  • Enterprise 500m
  • Hospitals 4b
  • Federal Government
  • VSP Accessible Markets
  • SME
  • Hospitals
  • State Local Government
  • Education

Direct Sales
Solutions Partners
Distributors
76
Vericept Solutions Partner Program VSPs
  • VISIONTo be the standard in which our partners
    measure their other vendors.
  • MISSIONCreate a global ecosystem of solution
    partners who leverage the unique capabilities of
    Vericept solutions to create new customers and
    organically grow existing customers in a
    profitable and mutually beneficial manner.
  • VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
    revenue in each region.

77
Vericept Solution Partner Program VSPs
  • Certified Vericept Solution Partner Requirements
  • Certified Vericept Solutions Architect
  • Certified Vericept Sales Engineer
  • Self-Sufficient Through Entire Sales Process
    (conduct EAs)
  • Relentlessly pursue customers defined in the VSP
    Accessible Markets
  • Generate at Least 500k in Vericept revenue to
    CVSP
  • VSP Accessible Market (as defined by Hoovers
    Online)
  • SMEs annual revenue
  • Education (K-12 and higher-ed)
  • State Local Government
  • Standalone Hospitals Hospital Groups in annual revenue
  • CSMs have the named account list

78
Lead Referral Program
  • For Customers Outside of the Scope of the VSP
    Accessible Markets
  • Principles of Engagement
  • Submit a completed VSP Lead Qualification Form
  • One VSP Lead Qualification Form per Customer
    transaction.
  • Vericept controls the sales process from the
    moment the VSP Lead Referral Qualification Form
    is approved in writing.
  • Vericept, as a best practice, will incorporate
    the CVSPs service delivery team to the extent it
    has the certification, experience, and desire.
  • Referral fee is only applicable to the Vericept
    software portion of the transaction.
  • One referral payment per VSP Lead Qualification
    Form.

79
(No Transcript)
80
Market Landscape
TIER 1 Content Monitoring
  • Direct competitors

TIER 2 Employee Internet Management / Messaging
  • Not directly competitive
  • Potential partners

Compliance
TIER 3 Network Security / Forensics
  • Not competitive
  • Sometimes asked about

81
  • Vericept Differentiators Why Vericept?
  • Differentiator 1 Its all about what you
    DONT know
  • Differentiator 2 Vericept identifies sensitive
    content in unstructured formats
  • Differentiator 3 Linguistic Analysis Engine
  • Differentiator 4 Vericept monitors all TCP/IP
    traffic
  • Differentiator 5 Vericept monitors both
    incoming and outgoing traffic
  • Differentiator 6 Low Total Cost of Ownership
  • Differentiator 7 Preventive Security
  • Differentiator 8 Stored Data Analyzer
  • Differentiator 9 Partners, Customers, Customer
    Quotes 3rd party validation
  • Differentiator 10 We will work just as hard
    to keep you as a customer as we will to make you
    a customer

82
Vericept Protecting Your Information and
Reputation
Section VII BEST PRACTICES

83
Best Practices
  • Target the industry verticals
  • Healthcare, Education, Finance
  • Any one with information and a reputation to
    protect
  • This is a strategic business decision not an
    IT decision
  • But remember IT is a critical stakeholder
  • The economic decision-maker is usually a CIO,
    CFO, and or CEO
  • Critical coaches include Compliance Officer,
    Director of Security, VP of Human Resources,
    Internal Audit, etc.
  • Sales Math (per month) 12 leads (3/wk) 3
    EAs 1 Win

84
Best Practices
  • Selling Vericept Requires
  • Focus, focus, focus persistence, persistence,
    persistence
  • But know when to fish or cut bait
  • Consultative Selling because this is a solution
    not a product sale
  • Leverage the proven best practices, resources,
    and your Channel Sales Manager
  • Forecasting (yes forecasting and heres why)
  • Your Channel Sales Manager can proactively engage
    resources to expedite the sales process
    (themselves, Vericept Executives, key Customer
    References, etc.)
  • Reduces channel conflict because your Channel
    Sales Manager will only go on account calls with
    one CVSP. Race goes to the swiftest.
  • Vericept leads get distributed to those who focus
    on Vericept the most and forecast diligently.
  • Because your Channel Sales Manager has to
    forecast to Vericept each and every week!!

85
The Best Best Practice
  • STRIKE WHEN THE IRON IS HOT
  • Especially after the initial Exposure Assessment
    presentation
  • If the sales process is not moving forward then
    it is moving backwards.
  • Our most successful Partners have learned that
    lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
86
Youre Not the Only One Who Believes in Vericept!
  • Partnering to combat Fraud and Identity Theft
  • Vericept is the only Content Monitoring Partner
    within Visas exclusive Strategic Alliances
    Program
  • Strategic discussions and planning underway to
    develop initiatives for managing information risk
  • www.visa.com/sai

87
Award-Winning Technology
  • Reflects technical excellence, professional
    achievement and the important role that
    information security professionals play in
    helping to shape the industry.

Honors leading-edge technology that provides
measurable business value to end-user
organizations.
Vericept earned our Editor's Choice Award by
providing a path of least resistance to
monitoring network use and for its superiority in
identifying abuse.
88
Vericept Protecting your Information and
Reputation
THANK YOU VERY MUCH
  • CONGRATULATIONS Youre a CVSA!
About PowerShow.com