Vericept CVSA Training - PowerPoint PPT Presentation


Title: Vericept CVSA Training


1
Certified Vericept Solutions Architect CVSA
Sales Certification Training
Ken Totura Vericept Corporation
4Q 2004
www.vericept.com
2
Why We Are Here Today
  • Incredibly Unique Product Means You -
  • Differentiate Yourself From Your Competitors
  • Build Trusted Relationships at the CxO Level
  • Earn Huge Margins
  • Solve Real Business Problems

3
What Keeps a CxO Up At Night?
  • Board of Directors
  • Chief Executive Officer
  • President Chief Operating Officer
  • Chief Financial Officer
  • Chief Information Security Officer (Compliance
    Officer)
  • Chief Information Officer
  • VP of Sales
  • VP of Marketing
  • VP of Legal
  • VP of Human Resources

4
Agenda
  • The Problem and Solution
  • Business Risk Drivers
  • Introducing Vericept Corporation
  • Vericept Products are Called Solutions
  • The Science of Selling Vericept
  • Action Plan for Mutual Success
  • Certified Vericept Solution Architect
    Congratulations!

5
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

6
Would You Immediately Know If
  • A trusted employee pasted confidential
    acquisition information into a webmail message
    and sent it to your competitor?
  • An employee downloaded hacker tools to their work
    computer with the intention of stealing your
    customers private data?
  • An employee posted your confidential executive
    communications or financial data on
    www.internalmemos.com or some other internet
    posting site like Yahoo Finance?
  • An employee is using a P2P client and is
    inadvertently exposing your proprietary
    information to millions of other P2P users?

7
The Problem
  • Lack of EFFECTIVE VISIBILITY to confidential and
    inappropriate content flowing across the network.
    The risk and results can be significant
  • Information Loss
  • Company Intellectual Property, RD, Customer
    Lists, source codeCorp. Espionage
  • Customer Information SSN, credit card number,
    mothers maiden nameID Theft
  • Non-Compliance
  • GLBA, HIPAA, CA 1386 protecting customer
    privacy
  • Sarbanes-Oxley protecting investors, corporate
    ethical responsibility
  • Abuse of Internet Usage
  • Productivity employees and contractors surfing
    the web for hours and hours
  • Legal Liability sexual harassment, workplace
    violence, wrongful termination
  • Insider IT System Mischief/Hacking
  • Sabotage and Hacking viruses, worms, exploits
  • (leading to) Theft keyloggers, unauthorized
    access
  • System Downtime troubleshooting and fixing
    problems

8
Where is the Exposure and Risk?
  • Email and Web-based mail
  • Instant Messaging
  • Internet Postings
  • FTP
  • Peer-to-Peer ( i.e. KaZaA and Limewire)
  • Chat rooms
  • Attachments
  • Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
10
Vericept Solutions Composition by Category
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category
2. RCM HIPAA Structured Data Protected Health
Information Social Security Number
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis
  • Goes far beyond keyword searches by reading
    content and understanding the context of the
    communication
  • Can catch the more subtle risky communication
    that other technologies miss
  • Almost 60 predefined categories leverage the
    intelligence platform, flag and classify various
    types of content traveling into, out of and
    across a network
  • Works immediately out of the box, requiring no
    lengthy data definition exercises or expensive
    development efforts
  • How it works
  • Content looks at the text of the communication,
    effectively reading it
  • Context looks at the communication format to
    understand the meaning of the text
  • Structure looks at the communication type,
    whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters
  • Leverages Vericepts Extended Regular Expressions
    which have been optimized by Vericept Labs
  • Combines power of intelligence with keyword
    driven matches to enable more effective
    identification of risks to an enterprise

14
Full Content Capture with Identity Match
Delivering unparalleled visibility, proof
positive evidence
  • Real customer examples, sensitive data has been
    anonymized

Email attachment with list of names, SSNs DOBs
Employee web searching for cloaking / log
wiping program
15
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting
  • Passively monitors the content of ALL internet
    traffic
  • Includes web, web-mail, email, chat, instant
    messaging, peer-to-peer file sharing, telnet,
    ftp, postings and more...
  • Intelligently analyzes and identifies ONLY the
    pertinent content at risk
  • Provides detailed content capture,
    proof-positive evidence
  • Identity Match ties inappropriate activity and
    content to the user
  • Provides detailed information delivery and
    reporting
  • Ability to perform same intelligent analysis on
    stored data

16
Vericept Value and Benefits
  • Prevents Information Loss, Identity Theft and
    Corporate Espionage
  • Enables regulatory compliance
  • - Sarbanes Oxley
  • - GLBA
  • Reduces liability associated with inappropriate
    use
  • Identifies rogue protocol usage
  • Stops unproductive and unethical internet use
  • Provides never before seen visibility to
    enterprise risk
  • Compelling ROI and low TCO
  • Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
17
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS
18
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
19
Vericept Drivers
Internally Driven Policies Information Controls
  • Executive communications
  • Marketing plans
  • Merger and Acquisition activity
  • Research and development
  • Patents and trade secrets
  • Customer lists
  • Employee information (SSN, compensation)
  • and the list goes on

20
Vericept Drivers
Internally Driven Policies Acceptable Use
  • Internet use
  • Corporate email use
  • Instant Messaging use
  • Peer-to-Peer use
  • Appropriate content (or inappropriate)
  • Safe work or school environments (free from
    violence, hostility and harassment)

21
Vericept Drivers
Externally Driven Policies Compliance
  • Healthcare Security HIPAA Security Rule
  • Gramm-Leach-Bliley
  • Sarbanes-Oxley
  • California Senate Bill 1386
  • USA Patriot Act
  • Childrens Internet Protection Act
  • Over 300 pieces of pending Privacy legislation

22
Vericept Protecting Your Information and
Reputation
  • Health Insurance Portability Accountability
    ActHIPAA

23
Health Insurance Portability Accountability Act
of 1996
  • SEC. 261. PURPOSE.
  • It is the purpose of this subtitle to improve
    the Medicare program under title XVIII of the
    Social Security Act, the medicaid program under
    title XIX of such Act, and the efficiency and
    effectiveness of the health care system, by
    encouraging the development of a health
    information system through the establishment of
    standards and requirements for the electronic
    transmission of certain health information.

24
HIPAA The Five Basic Principles
  • Consumer Control The regulation provides
    consumers with critical new rights to control the
    release of their medical information. 
  • Boundaries With few exceptions, an individual's
    health care information should be used for health
    purposes only, including treatment and payment. 
  • Accountability Under HIPAA, for the first time,
    there will be specific federal penalties if a
    patient's right to privacy is violated. 
  • Public Responsibility The new standards reflect
    the need to balance privacy protections with the
    public responsibility to support such national
    priorities as protecting public health,
    conducting medical research, improving the
    quality of care, and fighting health care fraud
    and abuse.
  • Security It is the responsibility of
    organizations that are entrusted with health
    information to protect it against deliberate or
    inadvertent misuse or disclosure.

25
Customer Feedback
Vericepts Health Information Protection behaves
much like a linguistic firewall, identifying
unauthorized communication of PHI. It is helpful
to be able to alert our staff to actions that
could be deemed in violation of the new privacy
rules and our Appropriate Use Policy. Our
patients deserve the best care we can provide,
including respect for their privacy. - Dave
McClain Information Systems Security
Manager Community Health Network
Vericept has consistently met my expectations
and in many cases exceeded them. The install was
effortless and generally just sits there and does
its job. I would highly recommend it to anyone
who has a need for protecting both network assets
and confidential information. -Jason
HerrenNetwork Security Administrator Source
Medical
26
Leadership Validation
Vericept's Information Protection Solution
focuses on inappropriate content and prevents it
from being communicated through the vast array of
Internet communication vehicles available to most
employees. The significant risks associated
with webmail, IM and P2P applications, combined
with the mounting pressure to secure the privacy
of patient information, can make Vericepts
solution a robust fit for Healthcare
organizations.
- Brian Burke
27
Vericept Protecting Your Information and
Reputation
  • Sarbanes Oxley

28
Sarbanes-Oxley Requirements
  • Antifraud programs and controls
  • Fraud risk assessment (Section 103)
  • Actions to identify, prevent and mitigate
    fraudulent financial reporting or misuse of
    company assets
  • Revenue recognition, pricing discussions
  • CEO and CFO certification
  • Disclosure of controls and procedures (Section
    302)
  • Ensure material information is made known to them
  • Evaluated effectiveness of disclosure controls
    and procedures
  • Disclosed to audit committee and independent
    auditors any significant control deficiencies,
    material weaknesses and actos of fraud involving
    management or other employees

29
Sarbanes-Oxley Requirements
  • Managements Annual Assessment Report
  • Assessment of Internal Controls over Financial
    Reporting (Section 404)
  • Statement Management is responsible for
    establishing and maintaining controls
  • Disclosure of any material weakness in system of
    internal controls
  • Independent Auditors attestation report on
    managements assessment of internal controls
  • Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)
  • Existence does not address effectiveness
  • Should address conflicts of interest,
    confidentiality of information, proper use of
    assets, RPT, illegal acts and compliance with
    laws and regulations
  • E-mail is a common communication method

30
Vericept Enabling Sarbanes-Oxley Compliance
  • Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to
    satisfy and enforce Internal Control requirements
  • Information financial and proprietary
  • Ethical and Conduct Codes
  • Communication paths
  • Data-in-Motion and Data-at-Rest
  • Specifically addresses 103, 302, 404 and 406

31
Actual Examples
  • Case No. 1. Potential Insider Tipping
  • Just prior to a Companys earnings announcement
    (but luckily after the close of trading), a Sales
    Employee contacts a third party by email and
    indicates that the Company will have a great
    quarter and that the third party should buy
    stock. The Companys policy as well as federal
    law prohibits such activity. The email is
    retrieved using Vericept along with other emails
    and the employee is dismissed. Employee does not
    bring a wrongful termination lawsuit.
  • Case No. 2. Posting of Confidential Company
    Information on the Internet
  • Highly confidential Product roadmap information
    is posted on a message board on the internet.
    Given the information, the Company believes that
    someone in an Engineering lab may be posting the
    information or providing a third party with the
    information. The Company conducts an
    investigation and immediately communicates to all
    employees a new email policy noting that any
    email communications are not subject to privacy.
    Management describes to the employees Vericept as
    a tool being utilized. No similar internet
    postings have occurred since the communication of
    the policy and the use of Vericept.
  • Case No. 3. Revenue Recognition Reviews
  • A non-material software sales transaction is
    identified early in the quarter close procedures
    as potentially not meeting the revenue
    recognition rules. Vericept is utilized to find
    the email trail that cleared the transaction.

32
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
33
Vericept Protecting Your Information and
Reputation
  • Gramm-Leach-Bliley Act
  • (GLBA)

34
Gramm-Leach-Bliley 3 Primary Objectives
  • Ensure the security and confidentiality of
    customer records and information
  • Protect against any anticipated threats or
    hazards to the security or integrity of such
    records
  • Protect against unauthorized access to or use of
    such records or information which could result in
    substantial harm or inconvenience to any customer

35
New Guidance Issued January, 2003
  • New guidance expanded GLBA
  • Federal Financial Institutions Examination
    Council (i.e. the Bank Examiners)
  • Requires banks to take specific action to
  • Identify and manage risks
  • Test risk management practices
  • Monitor environment to control risk continuously
  • Five part framework to Information Security
    Management

36
Five Part Framework Includes
  • Information Security Risk Assessment
  • Information Security Strategy
  • Security Controls Implemented
  • Security Tested
  • Continuous Monitoring and Updating

37
GLBA Examination and Enforcement
  • Examinations
  • Tier I
  • Assess process for identifying and monitoring
    Eight Objectives
  • Tier II
  • Only when warranted after Tier I exam
  • Generally take much longer
  • Enforcement
  • Corrective action to enforcement action with
    penalty fines

38
How Vericept Enables GLBA Compliance
  • FFIEC Handbook Safeguards
  • Risk Assessment
  • Continuous, formal process
  • Security Controls Implementation
  • Controls to protect against malicious code
  • Personnel security / authorized use
  • Logging and data collection
  • Monitoring and Updating
  • Continuously analyze threats
  • Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
39
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks.  Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
40
Vericept Protecting Your Information and
Reputation
  • California
  • Senate Bill 1386

41
CA SB 1386 Requirements
  • What it is
  • As of July 1, 2003, state mandate requiring
    public disclosure of computer-security breaches
    in which confidential information of ANY
    California resident MAY have been compromised
  • Who is affected
  • The law covers every enterprise, public or
    private, doing business with California
    residents.
  • "Personal Information" means an individual's
    first name or first initial and last name in
    combination with any one or more of the following
    non-encrypted data elements
  • Social Security Number
  • California Driver's License Number or California
    Identification Card Number
  • Account number, credit or debit card number, in
    combo with security code, access code, or
    password that would permit access to an
    individual's financial account

42
CA SB 1386 Requirements
  • Mandated Action
  • Companies must warn California customers of
    security holes in their corporate computer
    networks
  • When a business discovers that confidentiality
    has or may have been breached it must notify the
    customers
  • If the business is unsure which customers have
    been affected, it must notify ALL customers of
    the breach. Obviously this is both an expensive
    and embarrassing event.
  • Impact
  • Burden is on to notify any, and all possible,
    effected consumers. If you cant identify which
    ones, you must go public
  • Significant CMPs (civil money penalties) are at
    risk

43
Applicable CA SB 1386 Categories across all
protocols
  • Personal Information
  • Detects communications of unencrypted personal
    information such as home addresses, mothers
    maiden name, date of birth, account numbers,
    phone numbers, wiring information, security
    codes, access code or password that would allow
    access to an individual's financial account, etc
  • Social Security Number
  • Detects communications containing social
    security numbers
  • Credit Card Number
  • This category will capture transmission of
    credit or debit card numbers, in combination with
    any required expiry date, security code, access
    code, or password that would permit access to an
    individual's financial account.
  • CA Drivers Licenses
  • This category will capture transmission of
    California driver's license number or California
    Identification Card.

44
Vericept Protecting Your Information and
Reputation
  • Fraud and Identity Theft

45
Fraud and Identity Theft Real, Growing Problems
  • Identity theft is one of the most damaging and
    fastest growing crimes in the country. Almost 10
    million Americans were victims of some form of ID
    Theft within the last year
  • 4.6 of Americans 9.91 million people
    experienced some form of identity theft
  • 3.23 million people whose personal information
    was used without their knowledge had new accounts
    opened (new credit card or loans)
  • 6.68 million people whose personal information
    was used without their knowledge had their
    existing accounts misused (siphon off money, buy
    stuff on eBay...
  • Average loss from misuse 4,800 per victim

46
Resulting Business Damage
  • Businesses, including but not limited to
    financial institutions, lost 47.6 billion due to
    identity theft in the year ending Sept 2003!
  • 32.9 billion attributable to information
    security breaches leading to new account opened
    by unauthorized users
  • 14 billion attributable to information security
    breaches leading to existing account misuse by
    unauthorized users
  • Example loss the cost to a credit card company
    of canceling and issuing a new card is estimated
    at 25 per card
  • In February 2003, one hacker breached the
    security system of Data Processors International
    and got access to as many as 8 million card
    accounts
  • When victims lost 5,000 or more, 81 told
    someone else this behavior places the companys
    reputation at risk!!

47
The Insider Risk
  • Now, we have concrete data that employees are
    stealing data
  • Some 60 of companies reported being victimized
    by employee fraud

    - KPMG Forensics Practice
    Survey 2003
  • The top cause of identity fraud is now the theft
    of records from employers or other business that
    have records on many individuals"

    -Trans Union
    Report
  • More than one-third of the targeted financial or
    data loss incidents involve insiders

    - IDC Security
    Survey, 2003

48
FTC Statistics Indicting the Insider
  • In a substantial portion of the identity theft
    cases, the victims knew the perpetrators. They
    were able to positively identify the thief as
    working at a bank or company where they are a
    patron i.e. the teller at bank, a cashier at the
    point of purchase, etc.
  • Of all victims who knew the identity of the
    thief, in 23 of the cases, the victim was able
    to identify the person responsible was someone
    who worked at a company or financial institution
    that had access to the victim's personal
    information
  • 34 of victims that experienced perpetration of
    personal information leading to misuse of
    existing accounts identified an employee of a
    company or financial institution with whom they
    did business
  • 13 of those who experienced perpetration of
    personal information leading to the opening of
    new accounts identified an employee of a company
    of financial institution with whom they did
    business

49
Attacking Fraud and Identity Theft
  • Intelligent Content Monitoring enables you to
  • Understand the areas of electronic exposure
    pinpoint the areas most vulnerable to identity
    theft, electronic fraud, and system attacks
  • Identify and assess new risks and take action
    which areas demonstrate a high risk for leaks of
    private information what is the cost associated
    with a potential leak?
  • Measure the effectiveness of current measures
    are they strong enough to stop leaks both from
    external and internal attacks
  • Enforce your policies give the policies some
    teeth!

50
Industry Analyst Validation
Increasingly, Fraud and Identity Theft are
becoming significant problems for business. IDC
estimates that over one third of the financial or
data loss incidents involve insiders. Vericept's
innovative approach ties the insider problem with
the leaking of sensitive information. IDC
believes organizations that are trying to combat
fraud and identity theft should consider
integrating Vericepts solution into their
overall exposure management and security
infrastructure. Brian Burke Research
Manager IDCs Security Products Program
51
Vericept Protecting Your Information and
Reputation
  • Security Market Landscape

52
Key Deloitte Findings
  • Perception of security and its importance to the
    business was consistent across organizations of
    all sizes most saw it as a risk management
    exercise that is key to the business.
  • most financial institutions are attempting to
    demonstrate how the controls they have
    implemented to achieve security align with
    relevant regulations and the demands of their
    customers. Respondents answers reflected the
    importance to their of company brand, data
    protection and customer loyalty.
  • a well-devised privacy strategy can be a major
    asset in attempts to stay ahead
  • An effective process requires the ability to
    generate reports that detail vulnerability for
    compliance and auditing activities.

Global Security Survey 2004
53
Key Deloitte Findings
  • Executives rank security as a high priority and
    security initiatives are seen as a good
    investment
  • Security is a business issue driven by
    shareholder value, customers perception, brand
    and reputation protection, legal and regulatory
    compliance, vulnerability sustainability
  • Value more money is being spent to win back
    customer trust.
  • 83 of respondents acknowledged that their
    systems had been compromised in some way in the
    last year
  • Top 3 areas of concern for privacy compliance
    unauthorized access to personal information,
    managing 3rd party info sharing, managing
    customer privacy preferences

Global Security Survey 2004
54
CSOs Top Concerns IP Loss and Compliance
  • The theft of intellectual property or other
    proprietary information is also a top concern of
    CSOs, with 91 saying that managing access to
    critical information and documents is either
    "extremely important" or "very important.
  • 15 of the respondents said their employer has
    lost or had critical documents or corporate
    information copied without authorization in the
    past year. Almost 25 said they could not be
    sure whether such losses had occurred at their
    company.
  • 49 cited "issues related to regulatory
    compliance" as the prime reason behind their
    security purchases.

CSO Magazine Survey of 476 CSOs May, 2004
55
Gartners Hype Cycle
Vericept
56
Gartners Hype Cycle
57
Industry Trends
Corporate spending on security and business
continuity has been held back by two
factorsuncertainty about the severity of risk
posed by security threats and ongoing budget
austerity. However, any skepticism about the
potential consequences of a security breach is
fading fast as enterprises seek to improve their
ability to manage organizational risk. -John F.
Gantz Chief Research Officer SVP
International Data Corporation (IDC) September
29, 2003
  • IDC Predicts
  • Worldwide spending on security business
    continuity will grow twice as fast as overall IT
    spending.
  • 40 of 1,000 IT managers surveyed saw security
    as their top IT budget priority.
  • Spending will be driven both by immediate
    security needs but also by the need to comply
    with recent regulations that impact information
    security such as HIPAA, Gramm-Leach-Bliley,
    Californias Security Breach Notice Law, and
    Sarbanes-Oxley Act.
  • September, 2003

58
Industry Trends
Based on the results of the survey, we predict
2004 to be the year companies begin to look at
security as a strategic enabler. Survey results
show 42 of companies surveyed will be looking at
security from a more strategic perspective -Joe
Duffy Partner Global Leader Security
Privacy Practice PricewaterhouseCoopers Septembe
r, 2003
Organizations around the globe are concerned
with Information Security Not surprisingly,
Europeans are more focused on ensuring customer
privacy while in North America, we are fixated on
potential liability issues. Cyber-terrorism is
a theoretical threat, but cyber-crime is a
reality happening everyday. Scott
Berinato Senior Editor of CIO CSO
Magazines September, 2003
59
Industry Trends
By 2005, the market for security and business
continuity products should hit a 15 growth rate
which should translate into more than 118
billion being spent on the technologies by 2007.
IDC sees content filtering as a potential growth
area as companies face legal risks posed by their
employees downloads. International Data
Corporation (IDC) September 29, 2003
I would argue good security is good
business. -Joe Duffy Partner Global Leader
Security Privacy Practice PricewaterhouseCooper
s September, 2003
60
Security Market Landscape Our Piece of the Pie
Messaging Security/ Employee Internet
Management Market
1.973 Billion (2007) Secure Messaging - 1.08M /
EIM - 893M
Secure Content Management Market
6.38 Billion (2007)
Internet Security/Privacy Market
118 Billion (2007)
IDC Estimates (October, 2003)
61
Market Landscape
  • Direct competitors
  • Trying to eat our lunch

TIER 1 Content Monitoring
TIER 2 Employee Internet Management / Messaging
  • Not directly competitive
  • Potential partners

Compliance
TIER 3 Network Security / Forensics
  • Not competitive
  • Sometimes asked about

62
Structured vs. Unstructured Data
More than 75 percent of enterprise data is
unstructured and document-related, rather than
being neatly sorted numbers in a database
  • More assets and intellectual capital are captured
    in unstructured formats and documents
  • These mechanisms are more conducive for sharing
  • Unstructured data poses more risk

63
Financial Damages from Information Leakage
  • When a breach leaks confidential private
    information (such as credit-card and bank-account
    numbers or sensitive medical information)the
    breach has a marked negative impact on the market
    value of the company.
  • Cybercrimes where confidentiality is violated are
    crimes that cause measurable negative impact in
    the stock-market value of companies. In our
    study, we found that companies lost an average of
    slightly more than 5 of their market valuation.
  • - University of Maryland's Smith School of
    Business
  • Impact of cybersecurity breaches on the
    stock-market value, 2004

64
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
65
Vericept Protecting Your Information and
Reputation
Section III VERICEPT CORPORATION

66
Vericept Background
  • Founded in 1999 Denver, Colorado
  • Award-winning, patent-pending (5) technology
  • Seasoned Management Team Approximately 65
    Outstanding Personnel
  • Financial backers Sigma Venture Partners,
    William Blair Venture Capital, Sequel Venture
    Partners, Visa International
  • Industries financial services, healthcare,
    retail, manufacturing, government, education,
    pharma, telecommunications, energy
  • Approximately 600 customers trust Vericept over
    1.5M workstations being monitored

67
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
68
Elevator Pitch (79 words)
  • Vericept Corporation is the leading provider of
    enterprise risk management solutions enabling
    corporations, government agencies and education
    institutions to manage and dramatically reduce
    insider risk. Vericept provides immediate
    visibility to multiple forms of business risk
    including regulation compliance violations,
    corporate governance concerns, internal policy
    infractions, information leaks, and unacceptable
    internet use. Based on the patented advanced
    linguistics engine, the Vericept Solutions
    analyze all content of inbound and outbound
    internet traffic using pre-defined categories,
    enabling companies to instantly identify and
    terminate any activity falling outside of an
    organizations predefined acceptable use policy.
    Vericepts innovative solutions prevent losses to
    valuable information assets and protect the
    organization Brand and reputation.

69
Vericept Sales Strategy
70
Vericept Solutions Partner Program VSPs
  • VISIONTo be the standard in which our partners
    measure their other vendors.
  • MISSIONCreate a global ecosystem of solution
    partners who leverage the unique capabilities of
    Vericept solutions to create new customers and
    organically grow existing customers in a
    profitable and mutually beneficial manner.
  • VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
    revenue in each region.

71
Vericept Solution Partner Program VSPs
  • Certified Vericept Solution Partner Requirements
  • Certified Vericept Solutions Architect
  • Certified Vericept Sales Engineer
  • Self-Sufficient Through Entire Sales Process
    (conduct EAs)
  • Relentlessly pursue customers defined in the VSP
    Accessible Markets
  • Generate at Least 500k in Vericept revenue to
    CVSP
  • VSP Accessible Market (as defined by Hoovers
    Online)
  • SMEs annual revenue
  • Education (K-12 and higher-ed)
  • State Local Government
  • Standalone Hospitals Hospital Groups in annual revenue
  • CSMs have the named account list

72
Lead Referral Program
  • For Customers Outside of the Scope of the VSP
    Accessible Markets
  • Principles of Engagement
  • Submit a completed VSP Lead Qualification Form
  • One VSP Lead Qualification Form per Customer
    transaction.
  • Vericept controls the sales process from the
    moment the VSP Lead Referral Qualification Form
    is approved in writing.
  • Vericept, as a best practice, will incorporate
    the CVSPs service delivery team to the extent it
    has the certification, experience, and desire.
  • Referral fee is only applicable to the Vericept
    software portion of the transaction.
  • One referral payment per VSP Lead Qualification
    Form.

73
(No Transcript)
74
Headquarters 750 W. Hampden Ave. Suite
550 Englewood, CO 80110-2163 www.vericept.com
Michael Reagan VP Worldwide Channel Sales Office
303.268.0512 Cell 303.478.3706 mike.reagan_at_veri
cept.com
Central Region
Northeast Region
Sara Avery Channel Sales Manager Northeast
Region Office 303.268.0532 Cell
303.898.2487 sara.avery_at_vericept.com Kevin
Homer Channel Sales Manager Southeast
Region Office 303.268.0533 Cell
303.570.6699 kevin.homer_at_vericept.com Damon
Morriss Channel Sales Manager Western
Region Office 310.545.7699 Cell
310.947.2594 damon.morriss_at_vericept.com
Technical Support 800.262.0274 x7500 support_at_veric
ept.com

Western Region
Ken Totura Director of Partner Development Office
303.268.0537 Cell 303.506.1568 ken.totura_at_veri
cept.com
Southeast Region
Updated 1/8/04
75
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
76
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
77
Vericept Solutions Composition by Category
78
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category
  • RCM HIPAA
  • Protected Health Information
  • Social Security Number

3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
79
Vericept Pricing Strategy
  • 3 year term - paid up front (software
    maintenance included)
  • Perpetual License (software maintenance 20)
  • Pricing volume discount based on number of
    workstations
  • Minimum deal size of 250 workstations
  • VSP or Vericept can source hardware
  • Work passionately to maintain the List Price!
  • Price List updated quarterly

80
Training Exercise
  • CASE STUDY You have called on the Chief
    Information Security Officer of a major hospital
    group. Youve learned that she is very concerned
    about protecting protected health information and
    HIPAA is a constant board-level topic. In
    addition, her VP of Human Resources asked her if
    she was aware of any technology to track
    employees who visit unauthorized websites. Their
    network is comprised of 1,100 workstations.
  • What Vericept Solutions would you recommend?
    Which solutions would address which problems?
  • What is the price of the proposed solutions?
  • What else beside software should be factored into
    your proposal?

81
Vericept Deployment
Vericept Protecting your Information and
Reputation
82
Vericept Solutions System Requirements
  • Dedicated Appliance
  • Intel-compatible processor
  • 3 GHz minimum processing speed
  • 2 GB RAM
  • 120 GB Hard drive or larger
  • 2 network interface cards (NICs)
  • CD-ROM drive
  • Floppy disk drive
  • Operating System
  • Red Hat Enterprise Linux (RHEL) version 3.0 WS

83
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
84
Vericept Distributed Deployment
85
Vericept Distributed Deployment cont.
86
Vericept Protecting your Information and
Reputation
Section V SELLING VERICEPT
87
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE
  • Call Scripts
  • Referrals
  • Online Demo
  • Initial
  • Exposure
  • Assessment
  • PO
  • SLA
  • Secondary
  • EA Present.
  • SLA Review
  • Proposal
  • SOW

VERICEPTSALES TOOLS
88
Vericept Sales Cycle
  • CREATE INTEREST
  • Research your prospect
  • Identify corporate mission, company positioning,
    key players, financials, recent news, Code of
    Conduct, etc.
  • Contact Prospect at Business Decision-Maker Level
    - (e.g., CIO, Compliance, HR, Finance, Internal
    Audit, etc.)
  • Understand what they are responsible for and then
    link Vericept benefit to them
  • Business Decision Makers
  • Chief Financial Officer
  • CSO / CISO
  • Chief Information Officer
  • Chief Ethics Officer
  • Corporate Compliance Officer
  • Chief Risk Officer
  • VP of HR
  • Corporate Governance Officer
  • Legal / Corporate Counsel
  • Chief Privacy Officer
  • Director of Security
  • Head of Marketing
  • CEO
  • Internal Audit

89
Vericept Sales Cycle
  • QUALIFICATION The Initial Hook
  • Flesh out their current security infrastructure
  • Flesh out their acceptable use policies
  • Would You Know If Questions
  • Share customer anecdotes
  • Present Vericept Corporate Overview and Online
    Demo
  • Commit to next step (meet with other
    stakeholders, Exposure Assessment, etc)
  • QUALIFICATION Understand the Procurement
    Process
  • Learn typical procurement process
  • Determine availability of funds
  • Determine appropriation of funds (especially for
    out-of-budget purchases)
  • Identify the titles and names of those affecting
    the purchasing process
  • If youre pressured to deliver pricing prior to
    the EA or proposal give them budget and
    planning numbers of 20 to 30 per workstation
    annually.

90
Vericept Sales Cycle
  • QUALIFICATION Reference Trial Close
  • The Demo you have just seen reflects the manner
    in which the solution would be used and the types
    of information that would be captured if the
    solution were installed on your network. Based
    upon your feedback, it sounds like this has a
    clear and valuable fit in your environment. We
    have the ability to deliver the solution in a
    manner that can be recognized either as an
    Operating Expense or Capital Expense. Which
    would better fit with your budget and financial
    structure?
  • Contact your Vericept Channel Sales Manager (CSM)
  • Share Customer Anecdotes, Case Studies and
    Analyst Quotes
  • References Online
  • Broker a concall between the two parties

91
Vericept Sales Cycle
  • QUALIFICATION Exposure Assessment Trial Close
  • We have a program we refer to as the Exposure
    Assessment. This Program provides a 7 day snap
    shot of activity on your network and the various
    points of business risk tied to inappropriate
    network use and abuse. We install a Vericept
    device on your network, let it run for 7 days
    then present the results of our findings in the
    form of an Executive Presentation. Typically the
    Exposure Assessment is priced at 20,000.
    However, as the program has evolved, at times
    waive that fee provided your organization is
    committed to gaining the executive level buy-in
    on the program. This is done by confirming the
    key stake-holders attend the Executive
    Presentation. The reason for this request comes
    from our desire to ensure were not wasting your
    time or ours. Frankly, in the past we have had
    some organizations that have learned, only after
    performing an EA that they are not prepared to
    address the issues and risks that were discovered
    during the assessment. Usually, the key stake
    holders are the executives responsible for
    Compliance, HR, IT and Legal. Do you have
    separate individuals responsible for these
    functional areas? Would those individuals be of
    a mindset to address these issues?
  • If yes, send the EA Agreement and require them to
    get it signed by the individual that would
    ultimately have purchasing authority should they
    decide to purchase the Vericept solution.

92
Vericept Sales Cycle
  • QUALIFICATION Exposure Assessment Trial Close
  • Pull Exposure Assessment Agreement from
    www.vericept.com and get it signed by customer
    (decision-maker)
  • Set Exposure Assessment best practices
    expectations
  • Provide Network Configuration Diagram Worksheet
  • Proactively secure the EA installation
    presentation dates key contacts
  • Present a quick, but compelling, EA presentation.
    Follow the proven Vericept format discuss the
    deployment process (not as overwhelming as they
    assume).

93
Vericept Sales Cycle
  • CONVICTION Secondary EA Presentation
  • If all stake holders are not present for the
    Initial EA Presentation, the customer usually
    conducts a secondary EA presentation to
    additional decision-makers, stakeholders and
    budget committees.
  • Offer to present to the secondary decision-makers
    (not unusual to be declined because generally
    additional action items are discussed during
    those meetings that dont involve Vericept).
  • Do insist on helping the champion develop
    his/hers Vericept presentation
  • Provide EA Presentation or shorter version
  • Provide role-play assistance
  • Provide additional documents, white-papers, or
    references to solidify the decision and budget.
  • Help them find the budget dollars to buy now.
  • Express a willingness and capability to get
    creative with the financing of the solution if
    you think there may be budget issues.
  • Secure a date and time you will follow up with
    the champion (typically the day after their
    internal meeting)

94
Vericept Sales Cycle
  • CONVICTION Deliver Proposal
  • Deliver a Quote, Proposal or Statement of Work
    put something in front of the customer for them
    to say yes to.
  • Include the full complement of Vericept Solutions
  • Info Privacy protects your valuable information
  • Acceptable Use addresses employee productivity
    and reputation risk management
  • Preventative Security capture the internal
    hackers
  • Stored Data data at rest
  • Custom Search Parameters the tool to customize
    Vericept
  • Never line item the pricing include all modules
    with one aggregate investment price.
  • Be sure to include the points of pain
    identified early on and the cost associated with
    them
  • Follow up, follow up, follow up

95
Vericept Sales Cycle
  • CONVICTION Software License Agreement
  • Deliver the SLA as early as possible for the
    Customer to expedite the legal review process
  • Make the SLA review a non-event. It is just
    standard software licensing language
  • Pull the latest version from www.vericept.com
  • Engage your Channel Sales Manager to field 100
    of the questions and proposed red-line. Under no
    circumstance should our CVSP negotiate verbiage
    changes to the SLA!
  • Get signature on the SLA or online approval for
    the electronic version

96
Vericept Sales Cycle
  • CLOSE The Win
  • The deal is booked when two things happen
  • Vericept receives a valid Purchase Order from the
    CVSP or Distributor and
  • Vericept receives the signed Software License
    Agreement (either hardcopy or electronic)
  • CONGRATULATIONS youve now delivered a true
    solution that will positively impact the senior
    members of your Customer. You will now be
    elevated to a trusted advisor level in their eyes
    (if you werent there already).
  • Implementation is just as critical as the sales
    process. Your Channel Sales Manager will deeply
    assist you with the best practices, tools and
    technical project management needed for a
    positive customer experience.

97
Vericept Protecting your Information and
Reputation
SELLING VERICEPT
  • Tools, Deliverables and Support

98
Partner Resource Center www.vericept.com
99
Vericept Solutions Online Demos
100
Vericept delivers Summarized violations
This Vericept screen shows an organizational view
of the inappropriate activity on the network, it
is color-coded by category
101
Inappropriate use of the organizations assets
This real example shows an event that was
captured in the Adult category. In this case,
an employee is looking for free sex pics on the
internet
102
an employee conducting Hacker Research
Here Vericept captured a web-mail conversation in
which an inside hacker is proclaiming
victory Note the data has been anonymized
103
and Confidential info being sent in an
attachment via webmail
This is an actual example of Vericept catching a
Sales and Purchase Agreement in the form of an
attachment Note the data has been anonymized
104
References Online
105
Sample Policy Concerns and Solution Mapping
106
Sample Policy Concerns and Solutions Mapping
(cont.)
107
Some Helpful Resources
108
Vericept Protecting your Information and
Reputation
Action Plan for Mutual Success
  • Critical Success Factors

109
Critical Success Factors
  • Target the industry verticals
  • Healthcare, Education, Finance
  • Any one with information and a reputation to
    protect
  • This is a strategic business decision not an
    IT decision
  • But remember IT is a critical stakeholder
  • The economic decision-maker is usually a CIO,
    CFO, and or CEO
  • Critical coaches include Compliance Officer,
    Director of Security, VP of Human Resources,
    Internal Audit, etc.
  • Sales Math (per month) 12 leads (3/wk) 3
    EAs 1 Win

110
Critical Success Factors
  • Selling with Vericept Requires
  • Focus, focus, focus persistence, persistence,
    persistence
  • But know when to fish or cut bait
  • Consultative Selling because this is a solution
    not a product sale
  • Leverage the proven best practices, resources,
    and your Channel Sales Manager
  • Forecasting (yes forecasting and heres why)
  • Helps Channel Sales Manager to proactively engage
    additional resources such as themselves, Vericept
    Executives, key Customer References, etc.
  • Eliminates channel conflict because your Channel
    Sales Manager will only go on account calls with
    one CVSP. Race goes to the swiftist.
  • Vericept leads get distributed to those who focus
    on Vericept the most and forecast diligently.
  • Because your Channel Sales Manager has to
    forecast to Vericept each and every week!!

111
The Most Critical Success Factor
  • STRIKE WHEN THE IRON IS HOT
  • Especially after the initial Exposure Assessment
    presentation
  • If the sales process is not moving forward then
    it is moving backwards.
  • Our most successful Partners have learned that
    lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
112
Youre Not the Only One Who Believes in Vericept!
  • Partnering to combat Fraud and Identity Theft
  • Vericept is the only Content Monitoring Partner
    within Visas exclusive Strategic Alliances
    Program
  • Strategic discussions and planning underway to
    develop initiatives for managing information risk
  • www.visa.com/sai

113
Vericept Protecting your Information and
Reputation
THANK YOU VERY MUCH
  • Good Luck and Good Selling!
View by Category
About This Presentation
Title:

Vericept CVSA Training

Description:

... Peer ( i.e. KaZaA and Limewire) Chat rooms. Attachments. Web. hacking tools ... Safe work or school environments (free from violence, hostility and harassment) ... – PowerPoint PPT presentation

Number of Views:164
Avg rating:3.0/5.0
Slides: 114
Provided by: kento
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Vericept CVSA Training


1
Certified Vericept Solutions Architect CVSA
Sales Certification Training
Ken Totura Vericept Corporation
4Q 2004
www.vericept.com
2
Why We Are Here Today
  • Incredibly Unique Product Means You -
  • Differentiate Yourself From Your Competitors
  • Build Trusted Relationships at the CxO Level
  • Earn Huge Margins
  • Solve Real Business Problems

3
What Keeps a CxO Up At Night?
  • Board of Directors
  • Chief Executive Officer
  • President Chief Operating Officer
  • Chief Financial Officer
  • Chief Information Security Officer (Compliance
    Officer)
  • Chief Information Officer
  • VP of Sales
  • VP of Marketing
  • VP of Legal
  • VP of Human Resources

4
Agenda
  • The Problem and Solution
  • Business Risk Drivers
  • Introducing Vericept Corporation
  • Vericept Products are Called Solutions
  • The Science of Selling Vericept
  • Action Plan for Mutual Success
  • Certified Vericept Solution Architect
    Congratulations!

5
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

6
Would You Immediately Know If
  • A trusted employee pasted confidential
    acquisition information into a webmail message
    and sent it to your competitor?
  • An employee downloaded hacker tools to their work
    computer with the intention of stealing your
    customers private data?
  • An employee posted your confidential executive
    communications or financial data on
    www.internalmemos.com or some other internet
    posting site like Yahoo Finance?
  • An employee is using a P2P client and is
    inadvertently exposing your proprietary
    information to millions of other P2P users?

7
The Problem
  • Lack of EFFECTIVE VISIBILITY to confidential and
    inappropriate content flowing across the network.
    The risk and results can be significant
  • Information Loss
  • Company Intellectual Property, RD, Customer
    Lists, source codeCorp. Espionage
  • Customer Information SSN, credit card number,
    mothers maiden nameID Theft
  • Non-Compliance
  • GLBA, HIPAA, CA 1386 protecting customer
    privacy
  • Sarbanes-Oxley protecting investors, corporate
    ethical responsibility
  • Abuse of Internet Usage
  • Productivity employees and contractors surfing
    the web for hours and hours
  • Legal Liability sexual harassment, workplace
    violence, wrongful termination
  • Insider IT System Mischief/Hacking
  • Sabotage and Hacking viruses, worms, exploits
  • (leading to) Theft keyloggers, unauthorized
    access
  • System Downtime troubleshooting and fixing
    problems

8
Where is the Exposure and Risk?
  • Email and Web-based mail
  • Instant Messaging
  • Internet Postings
  • FTP
  • Peer-to-Peer ( i.e. KaZaA and Limewire)
  • Chat rooms
  • Attachments
  • Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
10
Vericept Solutions Composition by Category
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category
2. RCM HIPAA Structured Data Protected Health
Information Social Security Number
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis
  • Goes far beyond keyword searches by reading
    content and understanding the context of the
    communication
  • Can catch the more subtle risky communication
    that other technologies miss
  • Almost 60 predefined categories leverage the
    intelligence platform, flag and classify various
    types of content traveling into, out of and
    across a network
  • Works immediately out of the box, requiring no
    lengthy data definition exercises or expensive
    development efforts
  • How it works
  • Content looks at the text of the communication,
    effectively reading it
  • Context looks at the communication format to
    understand the meaning of the text
  • Structure looks at the communication type,
    whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters
  • Leverages Vericepts Extended Regular Expressions
    which have been optimized by Vericept Labs
  • Combines power of intelligence with keyword
    driven matches to enable more effective
    identification of risks to an enterprise

14
Full Content Capture with Identity Match
Delivering unparalleled visibility, proof
positive evidence
  • Real customer examples, sensitive data has been
    anonymized

Email attachment with list of names, SSNs DOBs
Employee web searching for cloaking / log
wiping program
15
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting
  • Passively monitors the content of ALL internet
    traffic
  • Includes web, web-mail, email, chat, instant
    messaging, peer-to-peer file sharing, telnet,
    ftp, postings and more...
  • Intelligently analyzes and identifies ONLY the
    pertinent content at risk
  • Provides detailed content capture,
    proof-positive evidence
  • Identity Match ties inappropriate activity and
    content to the user
  • Provides detailed information delivery and
    reporting
  • Ability to perform same intelligent analysis on
    stored data

16
Vericept Value and Benefits
  • Prevents Information Loss, Identity Theft and
    Corporate Espionage
  • Enables regulatory compliance
  • - Sarbanes Oxley
  • - GLBA
  • Reduces liability associated with inappropriate
    use
  • Identifies rogue protocol usage
  • Stops unproductive and unethical internet use
  • Provides never before seen visibility to
    enterprise risk
  • Compelling ROI and low TCO
  • Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
17
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS
18
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
19
Vericept Drivers
Internally Driven Policies Information Controls
  • Executive communications
  • Marketing plans
  • Merger and Acquisition activity
  • Research and development
  • Patents and trade secrets
  • Customer lists
  • Employee information (SSN, compensation)
  • and the list goes on

20
Vericept Drivers
Internally Driven Policies Acceptable Use
  • Internet use
  • Corporate email use
  • Instant Messaging use
  • Peer-to-Peer use
  • Appropriate content (or inappropriate)
  • Safe work or school environments (free from
    violence, hostility and harassment)

21
Vericept Drivers
Externally Driven Policies Compliance
  • Healthcare Security HIPAA Security Rule
  • Gramm-Leach-Bliley
  • Sarbanes-Oxley
  • California Senate Bill 1386
  • USA Patriot Act
  • Childrens Internet Protection Act
  • Over 300 pieces of pending Privacy legislation

22
Vericept Protecting Your Information and
Reputation
  • Health Insurance Portability Accountability
    ActHIPAA

23
Health Insurance Portability Accountability Act
of 1996
  • SEC. 261. PURPOSE.
  • It is the purpose of this subtitle to improve
    the Medicare program under title XVIII of the
    Social Security Act, the medicaid program under
    title XIX of such Act, and the efficiency and
    effectiveness of the health care system, by
    encouraging the development of a health
    information system through the establishment of
    standards and requirements for the electronic
    transmission of certain health information.

24
HIPAA The Five Basic Principles
  • Consumer Control The regulation provides
    consumers with critical new rights to control the
    release of their medical information. 
  • Boundaries With few exceptions, an individual's
    health care information should be used for health
    purposes only, including treatment and payment. 
  • Accountability Under HIPAA, for the first time,
    there will be specific federal penalties if a
    patient's right to privacy is violated. 
  • Public Responsibility The new standards reflect
    the need to balance privacy protections with the
    public responsibility to support such national
    priorities as protecting public health,
    conducting medical research, improving the
    quality of care, and fighting health care fraud
    and abuse.
  • Security It is the responsibility of
    organizations that are entrusted with health
    information to protect it against deliberate or
    inadvertent misuse or disclosure.

25
Customer Feedback
Vericepts Health Information Protection behaves
much like a linguistic firewall, identifying
unauthorized communication of PHI. It is helpful
to be able to alert our staff to actions that
could be deemed in violation of the new privacy
rules and our Appropriate Use Policy. Our
patients deserve the best care we can provide,
including respect for their privacy. - Dave
McClain Information Systems Security
Manager Community Health Network
Vericept has consistently met my expectations
and in many cases exceeded them. The install was
effortless and generally just sits there and does
its job. I would highly recommend it to anyone
who has a need for protecting both network assets
and confidential information. -Jason
HerrenNetwork Security Administrator Source
Medical
26
Leadership Validation
Vericept's Information Protection Solution
focuses on inappropriate content and prevents it
from being communicated through the vast array of
Internet communication vehicles available to most
employees. The significant risks associated
with webmail, IM and P2P applications, combined
with the mounting pressure to secure the privacy
of patient information, can make Vericepts
solution a robust fit for Healthcare
organizations.
- Brian Burke
27
Vericept Protecting Your Information and
Reputation
  • Sarbanes Oxley

28
Sarbanes-Oxley Requirements
  • Antifraud programs and controls
  • Fraud risk assessment (Section 103)
  • Actions to identify, prevent and mitigate
    fraudulent financial reporting or misuse of
    company assets
  • Revenue recognition, pricing discussions
  • CEO and CFO certification
  • Disclosure of controls and procedures (Section
    302)
  • Ensure material information is made known to them
  • Evaluated effectiveness of disclosure controls
    and procedures
  • Disclosed to audit committee and independent
    auditors any significant control deficiencies,
    material weaknesses and actos of fraud involving
    management or other employees

29
Sarbanes-Oxley Requirements
  • Managements Annual Assessment Report
  • Assessment of Internal Controls over Financial
    Reporting (Section 404)
  • Statement Management is responsible for
    establishing and maintaining controls
  • Disclosure of any material weakness in system of
    internal controls
  • Independent Auditors attestation report on
    managements assessment of internal controls
  • Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)
  • Existence does not address effectiveness
  • Should address conflicts of interest,
    confidentiality of information, proper use of
    assets, RPT, illegal acts and compliance with
    laws and regulations
  • E-mail is a common communication method

30
Vericept Enabling Sarbanes-Oxley Compliance
  • Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to
    satisfy and enforce Internal Control requirements
  • Information financial and proprietary
  • Ethical and Conduct Codes
  • Communication paths
  • Data-in-Motion and Data-at-Rest
  • Specifically addresses 103, 302, 404 and 406

31
Actual Examples
  • Case No. 1. Potential Insider Tipping
  • Just prior to a Companys earnings announcement
    (but luckily after the close of trading), a Sales
    Employee contacts a third party by email and
    indicates that the Company will have a great
    quarter and that the third party should buy
    stock. The Companys policy as well as federal
    law prohibits such activity. The email is
    retrieved using Vericept along with other emails
    and the employee is dismissed. Employee does not
    bring a wrongful termination lawsuit.
  • Case No. 2. Posting of Confidential Company
    Information on the Internet
  • Highly confidential Product roadmap information
    is posted on a message board on the internet.
    Given the information, the Company believes that
    someone in an Engineering lab may be posting the
    information or providing a third party with the
    information. The Company conducts an
    investigation and immediately communicates to all
    employees a new email policy noting that any
    email communications are not subject to privacy.
    Management describes to the employees Vericept as
    a tool being utilized. No similar internet
    postings have occurred since the communication of
    the policy and the use of Vericept.
  • Case No. 3. Revenue Recognition Reviews
  • A non-material software sales transaction is
    identified early in the quarter close procedures
    as potentially not meeting the revenue
    recognition rules. Vericept is utilized to find
    the email trail that cleared the transaction.

32
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
33
Vericept Protecting Your Information and
Reputation
  • Gramm-Leach-Bliley Act
  • (GLBA)

34
Gramm-Leach-Bliley 3 Primary Objectives
  • Ensure the security and confidentiality of
    customer records and information
  • Protect against any anticipated threats or
    hazards to the security or integrity of such
    records
  • Protect against unauthorized access to or use of
    such records or information which could result in
    substantial harm or inconvenience to any customer

35
New Guidance Issued January, 2003
  • New guidance expanded GLBA
  • Federal Financial Institutions Examination
    Council (i.e. the Bank Examiners)
  • Requires banks to take specific action to
  • Identify and manage risks
  • Test risk management practices
  • Monitor environment to control risk continuously
  • Five part framework to Information Security
    Management

36
Five Part Framework Includes
  • Information Security Risk Assessment
  • Information Security Strategy
  • Security Controls Implemented
  • Security Tested
  • Continuous Monitoring and Updating

37
GLBA Examination and Enforcement
  • Examinations
  • Tier I
  • Assess process for identifying and monitoring
    Eight Objectives
  • Tier II
  • Only when warranted after Tier I exam
  • Generally take much longer
  • Enforcement
  • Corrective action to enforcement action with
    penalty fines

38
How Vericept Enables GLBA Compliance
  • FFIEC Handbook Safeguards
  • Risk Assessment
  • Continuous, formal process
  • Security Controls Implementation
  • Controls to protect against malicious code
  • Personnel security / authorized use
  • Logging and data collection
  • Monitoring and Updating
  • Continuously analyze threats
  • Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
39
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks.  Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
40
Vericept Protecting Your Information and
Reputation
  • California
  • Senate Bill 1386

41
CA SB 1386 Requirements
  • What it is
  • As of July 1, 2003, state mandate requiring
    public disclosure of computer-security breaches
    in which confidential information of ANY
    California resident MAY have been compromised
  • Who is affected
  • The law covers every enterprise, public or
    private, doing business with California
    residents.
  • "Personal Information" means an individual's
    first name or first initial and last name in
    combination with any one or more of the following
    non-encrypted data elements
  • Social Security Number
  • California Driver's License Number or California
    Identification Card Number
  • Account number, credit or debit card number, in
    combo with security code, access code, or
    password that would permit access to an
    individual's financial account

42
CA SB 1386 Requirements
  • Mandated Action
  • Companies must warn California customers of
    security holes in their corporate computer
    networks
  • When a business discovers that confidentiality
    has or may have been breached it must notify the
    customers
  • If the business is unsure which customers have
    been affected, it must notify ALL customers of
    the breach. Obviously this is both an expensive
    and embarrassing event.
  • Impact
  • Burden is on to notify any, and all possible,
    effected consumers. If you cant identify which
    ones, you must go public
  • Significant CMPs (civil money penalties) are at
    risk

43
Applicable CA SB 1386 Categories across all
protocols
  • Personal Information
  • Detects communications of unencrypted personal
    information such as home addresses, mothers
    maiden name, date of birth, account numbers,
    phone numbers, wiring information, security
    codes, access code or password that would allow
    access to an individual's financial account, etc
  • Social Security Number
  • Detects communications containing social
    security numbers
  • Credit Card Number
  • This category will capture transmission of
    credit or debit card numbers, in combination with
    any required expiry date, security code, access
    code, or password that would permit access to an
    individual's financial account.
  • CA Drivers Licenses
  • This category will capture transmission of
    California driver's license number or California
    Identification Card.

44
Vericept Protecting Your Information and
Reputation
  • Fraud and Identity Theft

45
Fraud and Identity Theft Real, Growing Problems
  • Identity theft is one of the most damaging and
    fastest growing crimes in the country. Almost 10
    million Americans were victims of some form of ID
    Theft within the last year
  • 4.6 of Americans 9.91 million people
    experienced some form of identity theft
  • 3.23 million people whose personal information
    was used without their knowledge had new accounts
    opened (new credit card or loans)
  • 6.68 million people whose personal information
    was used without their knowledge had their
    existing accounts misused (siphon off money, buy
    stuff on eBay...
  • Average loss from misuse 4,800 per victim

46
Resulting Business Damage
  • Businesses, including but not limited to
    financial institutions, lost 47.6 billion due to
    identity theft in the year ending Sept 2003!
  • 32.9 billion attributable to information
    security breaches leading to new account opened
    by unauthorized users
  • 14 billion attributable to information security
    breaches leading to existing account misuse by
    unauthorized users
  • Example loss the cost to a credit card company
    of canceling and issuing a new card is estimated
    at 25 per card
  • In February 2003, one hacker breached the
    security system of Data Processors International
    and got access to as many as 8 million card
    accounts
  • When victims lost 5,000 or more, 81 told
    someone else this behavior places the companys
    reputation at risk!!

47
The Insider Risk
  • Now, we have concrete data that employees are
    stealing data
  • Some 60 of companies reported being victimized
    by employee fraud

    - KPMG Forensics Practice
    Survey 2003
  • The top cause of identity fraud is now the theft
    of records from employers or other business that
    have records on many individuals"

    -Trans Union
    Report
  • More than one-third of the targeted financial or
    data loss incidents involve insiders

    - IDC Security
    Survey, 2003

48
FTC Statistics Indicting the Insider
  • In a substantial portion of the identity theft
    cases, the victims knew the perpetrators. They
    were able to positively identify the thief as
    working at a bank or company where they are a
    patron i.e. the teller at bank, a cashier at the
    point of purchase, etc.
  • Of all victims who knew the identity of the
    thief, in 23 of the cases, the victim was able
    to identify the person responsible was someone
    who worked at a company or financial institution
    that had access to the victim's personal
    information
  • 34 of victims that experienced perpetration of
    personal information leading to misuse of
    existing accounts identified an employee of a
    company or financial institution with whom they
    did business
  • 13 of those who experienced perpetration of
    personal information leading to the opening of
    new accounts identified an employee of a company
    of financial institution with whom they did
    business

49
Attacking Fraud and Identity Theft
  • Intelligent Content Monitoring enables you to
  • Understand the areas of electronic exposure
    pinpoint the areas most vulnerable to identity
    theft, electronic fraud, and system attacks
  • Identify and assess new risks and take action
    which areas demonstrate a high risk for leaks of
    private information what is the cost associated
    with a potential leak?
  • Measure the effectiveness of current measures
    are they strong enough to stop leaks both from
    external and internal attacks
  • Enforce your policies give the policies some
    teeth!

50
Industry Analyst Validation
Increasingly, Fraud and Identity Theft are
becoming significant problems for business. IDC
estimates that over one third of the financial or
data loss incidents involve insiders. Vericept's
innovative approach ties the insider problem with
the leaking of sensitive information. IDC
believes organizations that are trying to combat
fraud and identity theft should consider
integrating Vericepts solution into their
overall exposure management and security
infrastructure. Brian Burke Research
Manager IDCs Security Products Program
51
Vericept Protecting Your Information and
Reputation
  • Security Market Landscape

52
Key Deloitte Findings
  • Perception of security and its importance to the
    business was consistent across organizations of
    all sizes most saw it as a risk management
    exercise that is key to the business.
  • most financial institutions are attempting to
    demonstrate how the controls they have
    implemented to achieve security align with
    relevant regulations and the demands of their
    customers. Respondents answers reflected the
    importance to their of company brand, data
    protection and customer loyalty.
  • a well-devised privacy strategy can be a major
    asset in attempts to stay ahead
  • An effective process requires the ability to
    generate reports that detail vulnerability for
    compliance and auditing activities.

Global Security Survey 2004
53
Key Deloitte Findings
  • Executives rank security as a high priority and
    security initiatives are seen as a good
    investment
  • Security is a business issue driven by
    shareholder value, customers perception, brand
    and reputation protection, legal and regulatory
    compliance, vulnerability sustainability
  • Value more money is being spent to win back
    customer trust.
  • 83 of respondents acknowledged that their
    systems had been compromised in some way in the
    last year
  • Top 3 areas of concern for privacy compliance
    unauthorized access to personal information,
    managing 3rd party info sharing, managing
    customer privacy preferences

Global Security Survey 2004
54
CSOs Top Concerns IP Loss and Compliance
  • The theft of intellectual property or other
    proprietary information is also a top concern of
    CSOs, with 91 saying that managing access to
    critical information and documents is either
    "extremely important" or "very important.
  • 15 of the respondents said their employer has
    lost or had critical documents or corporate
    information copied without authorization in the
    past year. Almost 25 said they could not be
    sure whether such losses had occurred at their
    company.
  • 49 cited "issues related to regulatory
    compliance" as the prime reason behind their
    security purchases.

CSO Magazine Survey of 476 CSOs May, 2004
55
Gartners Hype Cycle
Vericept
56
Gartners Hype Cycle
57
Industry Trends
Corporate spending on security and business
continuity has been held back by two
factorsuncertainty about the severity of risk
posed by security threats and ongoing budget
austerity. However, any skepticism about the
potential consequences of a security breach is
fading fast as enterprises seek to improve their
ability to manage organizational risk. -John F.
Gantz Chief Research Officer SVP
International Data Corporation (IDC) September
29, 2003
  • IDC Predicts
  • Worldwide spending on security business
    continuity will grow twice as fast as overall IT
    spending.
  • 40 of 1,000 IT managers surveyed saw security
    as their top IT budget priority.
  • Spending will be driven both by immediate
    security needs but also by the need to comply
    with recent regulations that impact information
    security such as HIPAA, Gramm-Leach-Bliley,
    Californias Security Breach Notice Law, and
    Sarbanes-Oxley Act.
  • September, 2003

58
Industry Trends
Based on the results of the survey, we predict
2004 to be the year companies begin to look at
security as a strategic enabler. Survey results
show 42 of companies surveyed will be looking at
security from a more strategic perspective -Joe
Duffy Partner Global Leader Security
Privacy Practice PricewaterhouseCoopers Septembe
r, 2003
Organizations around the globe are concerned
with Information Security Not surprisingly,
Europeans are more focused on ensuring customer
privacy while in North America, we are fixated on
potential liability issues. Cyber-terrorism is
a theoretical threat, but cyber-crime is a
reality happening everyday. Scott
Berinato Senior Editor of CIO CSO
Magazines September, 2003
59
Industry Trends
By 2005, the market for security and business
continuity products should hit a 15 growth rate
which should translate into more than 118
billion being spent on the technologies by 2007.
IDC sees content filtering as a potential growth
area as companies face legal risks posed by their
employees downloads. International Data
Corporation (IDC) September 29, 2003
I would argue good security is good
business. -Joe Duffy Partner Global Leader
Security Privacy Practice PricewaterhouseCooper
s September, 2003
60
Security Market Landscape Our Piece of the Pie
Messaging Security/ Employee Internet
Management Market
1.973 Billion (2007) Secure Messaging - 1.08M /
EIM - 893M
Secure Content Management Market
6.38 Billion (2007)
Internet Security/Privacy Market
118 Billion (2007)
IDC Estimates (October, 2003)
61
Market Landscape
  • Direct competitors
  • Trying to eat our lunch

TIER 1 Content Monitoring
TIER 2 Employee Internet Management / Messaging
  • Not directly competitive
  • Potential partners

Compliance
TIER 3 Network Security / Forensics
  • Not competitive
  • Sometimes asked about

62
Structured vs. Unstructured Data
More than 75 percent of enterprise data is
unstructured and document-related, rather than
being neatly sorted numbers in a database
  • More assets and intellectual capital are captured
    in unstructured formats and documents
  • These mechanisms are more conducive for sharing
  • Unstructured data poses more risk

63
Financial Damages from Information Leakage
  • When a breach leaks confidential private
    information (such as credit-card and bank-account
    numbers or sensitive medical information)the
    breach has a marked negative impact on the market
    value of the company.
  • Cybercrimes where confidentiality is violated are
    crimes that cause measurable negative impact in
    the stock-market value of companies. In our
    study, we found that companies lost an average of
    slightly more than 5 of their market valuation.
  • - University of Maryland's Smith School of
    Business
  • Impact of cybersecurity breaches on the
    stock-market value, 2004

64
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
65
Vericept Protecting Your Information and
Reputation
Section III VERICEPT CORPORATION

66
Vericept Background
  • Founded in 1999 Denver, Colorado
  • Award-winning, patent-pending (5) technology
  • Seasoned Management Team Approximately 65
    Outstanding Personnel
  • Financial backers Sigma Venture Partners,
    William Blair Venture Capital, Sequel Venture
    Partners, Visa International
  • Industries financial services, healthcare,
    retail, manufacturing, government, education,
    pharma, telecommunications, energy
  • Approximately 600 customers trust Vericept over
    1.5M workstations being monitored

67
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
68
Elevator Pitch (79 words)
  • Vericept Corporation is the leading provider of
    enterprise risk management solutions enabling
    corporations, government agencies and education
    institutions to manage and dramatically reduce
    insider risk. Vericept provides immediate
    visibility to multiple forms of business risk
    including regulation compliance violations,
    corporate governance concerns, internal policy
    infractions, information leaks, and unacceptable
    internet use. Based on the patented advanced
    linguistics engine, the Vericept Solutions
    analyze all content of inbound and outbound
    internet traffic using pre-defined categories,
    enabling companies to instantly identify and
    terminate any activity falling outside of an
    organizations predefined acceptable use policy.
    Vericepts innovative solutions prevent losses to
    valuable information assets and protect the
    organization Brand and reputation.

69
Vericept Sales Strategy
70
Vericept Solutions Partner Program VSPs
  • VISIONTo be the standard in which our partners
    measure their other vendors.
  • MISSIONCreate a global ecosystem of solution
    partners who leverage the unique capabilities of
    Vericept solutions to create new customers and
    organically grow existing customers in a
    profitable and mutually beneficial manner.
  • VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
    revenue in each region.

71
Vericept Solution Partner Program VSPs
  • Certified Vericept Solution Partner Requirements
  • Certified Vericept Solutions Architect
  • Certified Vericept Sales Engineer
  • Self-Sufficient Through Entire Sales Process
    (conduct EAs)
  • Relentlessly pursue customers defined in the VSP
    Accessible Markets
  • Generate at Least 500k in Vericept revenue to
    CVSP
  • VSP Accessible Market (as defined by Hoovers
    Online)
  • SMEs annual revenue
  • Education (K-12 and higher-ed)
  • State Local Government
  • Standalone Hospitals Hospital Groups in annual revenue
  • CSMs have the named account list

72
Lead Referral Program
  • For Customers Outside of the Scope of the VSP
    Accessible Markets
  • Principles of Engagement
  • Submit a completed VSP Lead Qualification Form
  • One VSP Lead Qualification Form per Customer
    transaction.
  • Vericept controls the sales process from the
    moment the VSP Lead Referral Qualification Form
    is approved in writing.
  • Vericept, as a best practice, will incorporate
    the CVSPs service delivery team to the extent it
    has the certification, experience, and desire.
  • Referral fee is only applicable to the Vericept
    software portion of the transaction.
  • One referral payment per VSP Lead Qualification
    Form.

73
(No Transcript)
74
Headquarters 750 W. Hampden Ave. Suite
550 Englewood, CO 80110-2163 www.vericept.com
Michael Reagan VP Worldwide Channel Sales Office
303.268.0512 Cell 303.478.3706 mike.reagan_at_veri
cept.com
Central Region
Northeast Region
Sara Avery Channel Sales Manager Northeast
Region Office 303.268.0532 Cell
303.898.2487 sara.avery_at_vericept.com Kevin
Homer Channel Sales Manager Southeast
Region Office 303.268.0533 Cell
303.570.6699 kevin.homer_at_vericept.com Damon
Morriss Channel Sales Manager Western
Region Office 310.545.7699 Cell
310.947.2594 damon.morriss_at_vericept.com
Technical Support 800.262.0274 x7500 support_at_veric
ept.com

Western Region
Ken Totura Director of Partner Development Office
303.268.0537 Cell 303.506.1568 ken.totura_at_veri
cept.com
Southeast Region
Updated 1/8/04
75
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
76
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
77
Vericept Solutions Composition by Category
78
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category
  • RCM HIPAA
  • Protected Health Information
  • Social Security Number

3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
79
Vericept Pricing Strategy
  • 3 year term - paid up front (software
    maintenance included)
  • Perpetual License (software maintenance 20)
  • Pricing volume discount based on number of
    workstations
  • Minimum deal size of 250 workstations
  • VSP or Vericept can source hardware
  • Work passionately to maintain the List Price!
  • Price List updated quarterly

80
Training Exercise
  • CASE STUDY You have called on the Chief
    Information Security Officer of a major hospital
    group. Youve learned that she is very concerned
    about protecting protected health information and
    HIPAA is a constant board-level topic. In
    addition, her VP of Human Resources asked her if
    she was aware of any technology to track
    employees who visit unauthorized websites. Their
    network is comprised of 1,100 workstations.
  • What Vericept Solutions would you recommend?
    Which solutions would address which problems?
  • What is the price of the proposed solutions?
  • What else beside software should be factored into
    your proposal?

81
Vericept Deployment
Vericept Protecting your Information and
Reputation
82
Vericept Solutions System Requirements
  • Dedicated Appliance
  • Intel-compatible processor
  • 3 GHz minimum processing speed
  • 2 GB RAM
  • 120 GB Hard drive or larger
  • 2 network interface cards (NICs)
  • CD-ROM drive
  • Floppy disk drive
  • Operating System
  • Red Hat Enterprise Linux (RHEL) version 3.0 WS

83
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
84
Vericept Distributed Deployment
85
Vericept Distributed Deployment cont.
86
Vericept Protecting your Information and
Reputation
Section V SELLING VERICEPT
87
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE
  • Call Scripts
  • Referrals
  • Online Demo
  • Initial
  • Exposure
  • Assessment
  • PO
  • SLA
  • Secondary
  • EA Present.
  • SLA Review
  • Proposal
  • SOW

VERICEPTSALES TOOLS
88
Vericept Sales Cycle
  • CREATE INTEREST
  • Research your prospect
  • Identify corporate mission, company positioning,
    key players, financials, recent news, Code of
    Conduct, etc.
  • Contact Prospect at Business Decision-Maker Level
    - (e.g., CIO, Compliance, HR, Finance, Internal
    Audit, etc.)
  • Understand what they are responsible for and then
    link Vericept benefit to them
  • Business Decision Makers
  • Chief Financial Officer
  • CSO / CISO
  • Chief Information Officer
  • Chief Ethics Officer
  • Corporate Compliance Officer
  • Chief Risk Officer
  • VP of HR
  • Corporate Governance Officer
  • Legal / Corporate Counsel
  • Chief Privacy Officer
  • Director of Security
  • Head of Marketing
  • CEO
  • Internal Audit

89
Vericept Sales Cycle
  • QUALIFICATION The Initial Hook
  • Flesh out their current security infrastructure
  • Flesh out their acceptable use policies
  • Would You Know If Questions
  • Share customer anecdotes
  • Present Vericept Corporate Overview and Online
    Demo
  • Commit to next step (meet with other
    stakeholders, Exposure Assessment, etc)
  • QUALIFICATION Understand the Procurement
    Process
  • Learn typical procurement process
  • Determine availability of funds
  • Determine appropriation of funds (especially for
    out-of-budget purchases)
  • Identify the titles and names of those affecting
    the purchasing process
  • If youre pressured to deliver pricing prior to
    the EA or proposal give them budget and
    planning numbers of 20 to 30 per workstation
    annually.

90
Vericept Sales Cycle
  • QUALIFICATION Reference Trial Close
  • The Demo you have just seen reflects the manner
    in which the solution would be used and the types
    of information that would be captured if the
    solution were installed on your network. Based
    upon your feedback, it sounds like this has a
    clear and valuable fit in your environment. We
    have the ability to deliver the solution in a
    manner that can be recognized either as an
    Operating Expense or Capital Expense. Which
    would better fit with your budget and financial
    structure?
  • Contact your Vericept Channel Sales Manager (CSM)
  • Share Customer Anecdotes, Case Studies and
    Analyst Quotes
  • References Online
  • Broker a concall between the two parties

91
Vericept Sales Cycle
  • QUALIFICATION Exposure Assessment Trial Close
  • We have a program we refer to as the Exposure
    Assessment. This Program provides a 7 day snap
    shot of activity on your network and the various
    points of business risk tied to inappropriate
    network use and abuse. We install a Vericept
    device on your network, let it run for 7 days
    then present the results of our findings in the
    form of an Executive Presentation. Typically the
    Exposure Assessment is priced at 20,000.
    However, as the program has evolved, at times
    waive that fee provided your organization is
    committed to gaining the executive level buy-in
    on the program. This is done by confirming the
    key stake-holders attend the Executive
    Presentation. The reason for this request comes
    from our desire to ensure were not wasting your
    time or ours. Frankly, in the past we have had
    some organizations that have learned, only after
    performing an EA that they are not prepared to
    address the issues and risks that were discovered
    during the assessment. Usually, the key stake
    holders are the executives responsible for
    Compliance, HR, IT and Legal. Do you have
    separate individuals responsible for these
    functional areas? Would those individuals be of
    a mindset to address these issues?
  • If yes, send the EA Agreement and require them to
    get it signed by the individual that would
    ultimately have purchasing authority should they
    decide to purchase the Vericept solution.

92
Vericept Sales Cycle
  • QUALIFICATION Exposure Assessment Trial Close
  • Pull Exposure Assessment Agreement from
    www.vericept.com and get it signed by customer
    (decision-maker)
  • Set Exposure Assessment best practices
    expectations
  • Provide Network Configuration Diagram Worksheet
  • Proactively secure the EA installation
    presentation dates key contacts
  • Present a quick, but compelling, EA presentation.
    Follow the proven Vericept format discuss the
    deployment process (not as overwhelming as they
    assume).

93
Vericept Sales Cycle
  • CONVICTION Secondary EA Presentation
  • If all stake holders are not present for the
    Initial EA Presentation, the customer usually
    conducts a secondary EA presentation to
    additional decision-makers, stakeholders and
    budget committees.
  • Offer to present to the secondary decision-makers
    (not unusual to be declined because generally
    additional action items are discussed during
    those meetings that dont involve Vericept).
  • Do insist on helping the champion develop
    his/hers Vericept presentation
  • Provide EA Presentation or shorter version
  • Provide role-play assistance
  • Provide additional documents, white-papers, or
    references to solidify the decision and budget.
  • Help them find the budget dollars to buy now.
  • Express a willingness and capability to get
    creative with the financing of the solution if
    you think there may be budget issues.
  • Secure a date and time you will follow up with
    the champion (typically the day after their
    internal meeting)

94
Vericept Sales Cycle
  • CONVICTION Deliver Proposal
  • Deliver a Quote, Proposal or Statement of Work
    put something in front of the customer for them
    to say yes to.
  • Include the full complement of Vericept Solutions
  • Info Privacy protects your valuable information
  • Acceptable Use addresses employee productivity
    and reputation risk management
  • Preventative Security capture the internal
    hackers
  • Stored Data data at rest
  • Custom Search Parameters the tool to customize
    Vericept
  • Never line item the pricing include all modules
    with one aggregate investment price.
  • Be sure to include the points of pain
    identified early on and the cost associated with
    them
  • Follow up, follow up, follow up

95
Vericept Sales Cycle
  • CONVICTION Software License Agreement
  • Deliver the SLA as early as possible for the
    Customer to expedite the legal review process
  • Make the SLA review a non-event. It is just
    standard software licensing language
  • Pull the latest version from www.vericept.com
  • Engage your Channel Sales Manager to field 100
    of the questions and proposed red-line. Under no
    circumstance should our CVSP negotiate verbiage
    changes to the SLA!
  • Get signature on the SLA or online approval for
    the electronic version

96
Vericept Sales Cycle
  • CLOSE The Win
  • The deal is booked when two things happen
  • Vericept receives a valid Purchase Order from the
    CVSP or Distributor and
  • Vericept receives the signed Software License
    Agreement (either hardcopy or electronic)
  • CONGRATULATIONS youve now delivered a true
    solution that will positively impact the senior
    members of your Customer. You will now be
    elevated to a trusted advisor level in their eyes
    (if you werent there already).
  • Implementation is just as critical as the sales
    process. Your Channel Sales Manager will deeply
    assist you with the best practices, tools and
    technical project management needed for a
    positive customer experience.

97
Vericept Protecting your Information and
Reputation
SELLING VERICEPT
  • Tools, Deliverables and Support

98
Partner Resource Center www.vericept.com
99
Vericept Solutions Online Demos
100
Vericept delivers Summarized violations
This Vericept screen shows an organizational view
of the inappropriate activity on the network, it
is color-coded by category
101
Inappropriate use of the organizations assets
This real example shows an event that was
captured in the Adult category. In this case,
an employee is looking for free sex pics on the
internet
102
an employee conducting Hacker Research
Here Vericept captured a web-mail conversation in
which an inside hacker is proclaiming
victory Note the data has been anonymized
103
and Confidential info being sent in an
attachment via webmail
This is an actual example of Vericept catching a
Sales and Purchase Agreement in the form of an
attachment Note the data has been anonymized
104
References Online
105
Sample Policy Concerns and Solution Mapping
106
Sample Policy Concerns and Solutions Mapping
(cont.)
107
Some Helpful Resources
108
Vericept Protecting your Information and
Reputation
Action Plan for Mutual Success
  • Critical Success Factors

109
Critical Success Factors
  • Target the industry verticals
  • Healthcare, Education, Finance
  • Any one with information and a reputation to
    protect
  • This is a strategic business decision not an
    IT decision
  • But remember IT is a critical stakeholder
  • The economic decision-maker is usually a CIO,
    CFO, and or CEO
  • Critical coaches include Compliance Officer,
    Director of Security, VP of Human Resources,
    Internal Audit, etc.
  • Sales Math (per month) 12 leads (3/wk) 3
    EAs 1 Win

110
Critical Success Factors
  • Selling with Vericept Requires
  • Focus, focus, focus persistence, persistence,
    persistence
  • But know when to fish or cut bait
  • Consultative Selling because this is a solution
    not a product sale
  • Leverage the proven best practices, resources,
    and your Channel Sales Manager
  • Forecasting (yes forecasting and heres why)
  • Helps Channel Sales Manager to proactively engage
    additional resources such as themselves, Vericept
    Executives, key Customer References, etc.
  • Eliminates channel conflict because your Channel
    Sales Manager will only go on account calls with
    one CVSP. Race goes to the swiftist.
  • Vericept leads get distributed to those who focus
    on Vericept the most and forecast diligently.
  • Because your Channel Sales Manager has to
    forecast to Vericept each and every week!!

111
The Most Critical Success Factor
  • STRIKE WHEN THE IRON IS HOT
  • Especially after the initial Exposure Assessment
    presentation
  • If the sales process is not moving forward then
    it is moving backwards.
  • Our most successful Partners have learned that
    lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
112
Youre Not the Only One Who Believes in Vericept!
  • Partnering to combat Fraud and Identity Theft
  • Vericept is the only Content Monitoring Partner
    within Visas exclusive Strategic Alliances
    Program
  • Strategic discussions and planning underway to
    develop initiatives for managing information risk
  • www.visa.com/sai

113
Vericept Protecting your Information and
Reputation
THANK YOU VERY MUCH
  • Good Luck and Good Selling!
About PowerShow.com