Docstoc

Vericept CVSA Training

Document Sample
Vericept CVSA Training Powered By Docstoc
					                   Certified Vericept Sales Architect

                             “CVSA” Sales
                    Certification Training



                                                Ken Totura
                                      Vericept Corporation


www.vericept.com                                  4Q 2004
Why We Are Here Today
  Internet Security / Privacy Market is Hot! (IDC)
     •   15% growth rate by 2005 which translates into more than $118b by 2007
     •   Worldwide spending will grow twice as fast as IT overall
     •   40% of IT managers saw security as their top IT budget priority

  Risk Management is Even Hotter
     •   FTC – 10 million victims of Identity Theft in 2003 costing $47b
     •   KPMG -60% of companies being victimized by employee fraud
     •   IDC – Over one-third of the financial or data loss incidents involved insiders
     •   PWC – Companies view Security as a “strategic enabler”

  Vericept is a Wildly Unique Solution
     •   Differentiate yourself from your competitors
     •   Customer escalation – CxO
     •   Customer acquisition – Beachhead
     •   Tremendous margins



                                                                   Vericept Proprietary and Confidential
Agenda
Section I:     The “Problem” and “Solution”

Section II:    Business Risk Drivers

Section III:   Vericept Sales Cycle

Section IV:    Vericept Products are Called Solutions

Section V:     Partner Resource Center

Section VI:    Vericept Corporation

Section VII:   Best Practices

 Certified Vericept Sales Architect – Congratulations!

                                                 Vericept Proprietary and Confidential
Section I: THE PROBLEM and
    now there is a SOLUTION



                    Vericept
  Protecting your Information and Reputation




                                    Vericept Proprietary and Confidential
What Keeps These Folks Up At Night?

• Board of Directors           • Chief Information Officer

• Chief Executive Officer      • VP of Sales

• President – Chief            • VP of Marketing
  Operating Officer
                               • VP of Legal
• Chief Financial Officer
                               • VP of Human Resources
• Chief Information Security
  Officer
  (Compliance Officer)


                                           Vericept Proprietary and Confidential
Would You Immediately Know If…

   A trusted employee pasted confidential acquisition information
    into a webmail message and sent it to your competitor?

   An employee downloaded hacker tools to their work computer
    with the intention of stealing your customer’s private data?

   An employee posted your confidential executive
    communications or financial data on www.internalmemos.com
    or some other internet posting site like Yahoo Finance?

   An employee is using a P2P client and is inadvertently
    exposing your proprietary information to millions of other P2P
    users?




                                                    Vericept Proprietary and Confidential
The Problem
Lack of EFFECTIVE VISIBILITY to confidential and inappropriate content
flowing across the network. The risk and results can be significant:
     Information Loss
       • Company: Intellectual Property, R&D, Customer Lists, source code…Corp. Espionage
       • Customer Information: SSN, credit card number, mother’s maiden name…ID Theft

     Non-Compliance
       • GLBA, HIPAA, CA 1386: protecting customer privacy
       • Sarbanes-Oxley: protecting investors, corporate ethical responsibility

     Abuse of Internet Usage
       • Productivity: employees and contractors surfing the web for hours and hours
       • Legal Liability: sexual harassment, workplace violence, wrongful termination

     Insider IT System Mischief/Hacking
       • Sabotage and Hacking: viruses, worms, exploits
       • (leading to) Theft: keyloggers, unauthorized access
       • System Downtime: troubleshooting and fixing problems


                                                                       Vericept Proprietary and Confidential
Where is the Exposure and Risk?
 Email and Web-based mail

 Instant Messaging

 Internet Postings
                                            hacking tools
                                                                  SOURCE CODE
 •FTP

 •Peer-to-Peer ( i.e. KaZaA and Limewire)

 •Chat rooms

 •Attachments

 •Web


                                                            Vericept Proprietary and Confidential
                  Vericept’s Intelligence Platform


Information                                          Regulation
                   Acceptable      Preventive        Compliance                 Custom
Privacy and                                           Manager
                      Use           Security                                    Search
Compliance                                               HIPAA
                                                                              Parameters
                    Manager         Manager
  Manager                                                GLBA
                                                        CA 1386




       Filter                   Intelligent Content Analysis
                                  Data-in-Motion | Data-at-Rest
                                                Monitoring Engine
    Blocking Solution



                                                                    Vericept Proprietary and Confidential
Vericept Solutions – Composition by Solution
         Information                          Acceptable                    Preventive
         Privacy and                             Use                         Security
         Compliance                            Manager                       Manager
           Manager
         Structured and                      Unstructured Data              Structured and
        Unstructured Data              Adult                              Unstructured Data
 CA Driver’s License                   Conflict                     Hacker Research
 Credit Card Number                    Gambling                     Impending Threats
 Protected Health Information (ePHI)   Games                        Preparation for Attack
 Personal Information (eNPI)           Racism                       Suspicious Activity
 Social Security Number                Shopping                     Unauthorized Access Attempts
 Confidential                          Sports
 Disgruntled                           Substance Abuse
 Information Hiding Research           Trading
 Mergers & Acquisitions                Violent Acts
 Resignation                           Weapons
                                       Peer-to-Peer File Research
       Capture All Instances
 IM & Chat                                 Capture All Instances
 Mailing Lists                         IM & Chat
 Peer-to-peer File Share               Mailing Lists
 Postings                              Peer-to-peer File Share
 Webmail                               Postings
                                       Webmail

                                                                            Vericept Proprietary and Confidential
Vericept Solutions – Composition by Category
           Regulation                                                      Custom
                                            Acceptable
           Compliance                                                      Search
                                        Use Manager - EDU
            Manager*                                                     Parameters
                                             (AUMe)
             (RCM)
                                            Unstructured Data      CSP’s are used to identify
          1. RCM CA 1386              Adult                        company-specific information
           Structured Data            Conflict
   CA Driver’s License                                             Examples:
                                      Gambling
   Credit Card Number                                              Proprietary information
                                      Games
   Personal Information (eNPI)                                     Trade secrets
                                      Gangs
   Social Security Number                                          Intellectual property
                                      Plagiarism
                                      Racism                       Communication with
                                                                   competitors
         2. RCM HIPAA                 Shopping                     Company-specific jargon
          Structured Data             Sports                       Project acronyms
Protected Health Information (ePHI)   Substance Abuse              Customer account numbers
Social Security Number                Trading
                                      Violent Acts
                                      Weapons
          3. RCM GLBA                 Peer-to-Peer File Research          Stored
          Structured Data             Hacker Research                  Data Analyzer
  Credit Card Number
  Personal Information                     Capture All Instances
  Social Security Number              IM & Chat
                                      Mailing Lists
    *These contain only the minimum
    categories necessary to comply
                                      Peer-to-peer File Share             Data At Rest
                                      Postings
                                      Webmail
                                                                   Vericept Proprietary and Confidential
Enterprise Risk Management
     Through Intelligent Content Monitoring




                                       Vericept Proprietary and Confidential
The Advantage: Contextual Linguistics Analysis
•   Goes far beyond keyword searches by “reading” content and understanding
    the context of the communication
     – Can catch the more “subtle” risky communication that other technologies miss
•   Almost 60 predefined categories leverage the intelligence platform, flag and
    classify various types of content traveling into, out of and across a network
     – Works immediately out of the box, requiring no lengthy data definition exercises or
       expensive development efforts
•   How it works:
     – Content – looks at the text of the communication, effectively “reading it”
     – Context – looks at the communication format to “understand” the meaning of the text
     – Structure – looks at the communication type, whether it’s email, a web page, chat, etc.

The Advantage: Custom Search Parameters
•   Leverages Vericept’s Extended Regular Expressions which have been
    optimized by Vericept Labs
•   Combines power of intelligence with keyword driven matches to enable more
    effective identification of risks to an enterprise
                                                                     Vericept Proprietary and Confidential
Vericept’s Unique Approach is the Solution
Intelligent Content Monitoring, Analysis and Reporting

• Passively monitors the content of ALL internet traffic
    - Includes web, web-mail, email, chat, instant messaging, peer-to-peer file
      sharing, telnet, ftp, postings and more...
• Intelligently analyzes and identifies ONLY the pertinent content at risk
• Provides detailed content capture, “proof-positive evidence”
• Identity Match: ties inappropriate activity and content to the user
• Provides detailed information delivery and reporting
• Ability to perform same intelligent analysis on stored data



                                                           Vericept Proprietary and Confidential
Vericept Value and Benefits

   Prevents Information Loss, Identity Theft and Corporate Espionage
   Enables regulatory compliance
         - Sarbanes Oxley              - CA SB 1386
         - GLBA                        - HIPAA
   Reduces liability associated with inappropriate use
   Identifies rogue protocol usage
   Stops unproductive and unethical internet use
   Provides never before seen visibility to enterprise risk
   Compelling ROI and low TCO
   Protects Brand, Reputation and Information


                                                          Vericept Proprietary and Confidential
 Approximately 600 customers trust Vericept…
 ….over 1,200,000 workstations being monitored!
      Healthcare and Pharma             Utilities                  Financial




Comm. Svcs              Entertainment               Retail and Manufacturing


                 Government and Education




                                                       Vericept Proprietary and Confidential
 Award-Winning Technology

Honors leading-edge technology that provides
measurable business value to end-user organizations.



                                Reflects technical excellence, professional
                                achievement and the important role that
                                information security professionals play in helping
                                to shape the industry.



“Vericept earned our Editor's Choice Award by
providing a path of least resistance to monitoring
network use and for its superiority in identifying
abuse.”


                                                               Vericept Proprietary and Confidential
Section II: BUSINESS RISK DRIVERS
 Information Privacy, Compliance, Productivity, & Reputation




                    Vericept
  Protecting Your Information and Reputation




                                              Vericept Proprietary and Confidential
                            Externally
Enterprise Risk          Driven Policies:
                         Compliance &
 Management               Regulation

                     M   A          C       R
                     o   n          a       e
                     n   a          p       p
                     i   l          t       o
                         y          u       r
                     t
                         z          r       t
                     o
                         e          e
                     r
     Internally                                   Internally
  Driven Policies:       Manage                 Driven Policies:
  Acceptable Use                                   Information
                                                     Controls
                                                Vericept Proprietary and Confidential
Vericept Drivers
Internally Driven Policies: Information Controls

•   Executive communications
•   Marketing plans
•   Merger and Acquisition activity
•   Research and development
•   Patents and trade secrets
•   Customer lists
•   Employee information (SSN,
    compensation…)
•   …and the list goes on…
                                      Vericept Proprietary and Confidential
Vericept Drivers
Internally Driven Policies: Acceptable Use
•   Internet use
•   Corporate email use
•   Instant Messaging use
•   Peer-to-Peer use
•   Appropriate content (or inappropriate)
•   Safe work or school environments (free
    from violence, hostility and
    harassment)


                                             Vericept Proprietary and Confidential
Vericept Drivers
Externally Driven Policies: Compliance

•   HIPAA Security Rule
•   Gramm-Leach-Bliley
•   Sarbanes-Oxley
•   California Senate Bill 1386
•   USA Patriot Act
•   Children’s Internet Protection Act

 Over 300 pieces of pending Privacy
  legislation

                                         Vericept Proprietary and Confidential
   Health Insurance Portability &
          Accountability Act
               HIPAA

                  Vericept
Protecting Your Information and Reputation




                                  Vericept Proprietary and Confidential
Health Insurance Portability & Accountability Act of 1996

   • SEC. 261. PURPOSE.
     It is the purpose of this subtitle to improve the Medicare
     program under title XVIII of the Social Security Act, the
     medicaid program under title XIX of such Act, and the
     efficiency and effectiveness of the health care system,
     by encouraging the development of a health
     information system through the establishment of
     standards and requirements for the electronic
     transmission of certain health information.



                                                Vericept Proprietary and Confidential
    HIPAA – The Five Basic Principles
•   Consumer Control: The regulation provides consumers with critical new
    rights to control the release of their medical information.

•   Boundaries: With few exceptions, an individual's health care information
    should be used for health purposes only, including treatment and payment.

•   Accountability: Under HIPAA, for the first time, there will be specific federal
    penalties if a patient's right to privacy is violated.

•   Public Responsibility: The new standards reflect the need to balance
    privacy protections with the public responsibility to support such national
    priorities as protecting public health, conducting medical research, improving
    the quality of care, and fighting health care fraud and abuse.

•   Security: It is the responsibility of organizations that are entrusted with
    health information to protect it against deliberate or inadvertent misuse or
    disclosure.


                                                                 Vericept Proprietary and Confidential
            Sarbanes Oxley


                  Vericept
Protecting Your Information and Reputation




                                  Vericept Proprietary and Confidential
Sarbanes-Oxley Requirements

Antifraud Programs and Controls
  • Fraud risk assessment (Section 103)

CEO and CFO Certification
  • Disclosure of controls and procedures (Section 302)

Management’s Annual Assessment Report
  • Assessment of Internal Controls over Financial Reporting (Section 404)

Code of Conduct and Ethics
  • Ensuring adherence to Code (Section 406)


Managing and Strengthening Internal Controls
  • Provides a continuous monitoring mechanism to satisfy and enforce Internal
    Control requirements
                                                          Vericept Proprietary and Confidential
How a prominent customer is using Vericept for SOX…
      Guide to Ethical Conduct                           Vericept Category
Equal Employment                              Racism

Harassment – Free Workplace                   Adult, Conflict, Violent Acts, Racism

Substance – Free Workplace                    Substance Abuse                                       “I am complying
Health, Safety and the Environment            Weapons, Conflict                                     with 50% of my
Political Activities                          Custom Search Parameters                              Ethical Code of
Conflicts of Interest                         Custom Search Parameters
                                                                                                    Conduct by using
Fraud                                         Custom Search Parameters
                                                                                                    Vericept as an
Antitrust                                     Custom Search Parameters

Proprietary and Confidential Information      Confidential, Mailing Lists, Disgruntled Employees,
                                                                                                    internal
                                              M&A, Personal Information, Social Security
                                              Numbers, Extended Regular Expressions, Non-
                                                                                                    monitoring
                                              public Personal Information, Personal Health
                                              Information, Custom Search Parameters
                                                                                                    control”
                                                                                                              -Sr. Corporate
Inside Information and Trading Company
Securities
                                              Confidential, M&A, Custom Search Parameters               Governance Officer,
                                                                                                       Global Conglomerate
The Media and Financial Community             M&A, Postings, IM & Chat, Web-mail, Custom
                                              Search Parameters

E-mail, the Internet and the Use of Company   IM & Chat, Sports, Shopping, Trading, Games,
Property                                      Confidential, Extended Regular Expressions,
                                              Racism, Web-mail, Postings, P2P Research, P2P
                                              File Sharing, Adult


                                                                                                    Vericept Proprietary and Confidential
          Gramm-Leach-Bliley
  Financial Modernization Act of 1999
                 (GLBA)

                  Vericept
Protecting Your Information and Reputation




                                  Vericept Proprietary and Confidential
GBLA Data Protection Requirements -

     Mandate that financial institutions protect the security and
      confidentiality of customers' non-public personal information
      and institute appropriate administrative, technical, and physical
      safeguards to accomplish this requirement.
      •   Requires covered institutions to protect against any anticipated
          threats or hazards to the security or integrity of customer records
      •   and to protect against unauthorized access to or use of records or
          information which could result in substantial harm or inconvenience
          to any customer.




                                                           Vericept Proprietary and Confidential
How Vericept Enables GLBA Compliance
FFIEC Handbook Safeguards
Risk Assessment:
 Continuous, formal process


Security Controls Implementation:
 Controls to protect against malicious code
 Personnel security / authorized use
 Logging and data collection


Monitoring and Updating:
 Continuously analyze threats
 Monitor for technical vulnerabilities

*Note: Vericept developed the GLBA solution with co-author
 Paul Reymann to specifically enable compliance


                                                             Vericept Proprietary and Confidential
GLBA Co-Author Validation
    "Vericept's Information Privacy and Compliance Manager
    solution identifies and manages risks, tests risk management
    practices and monitors to control risks. Vericept's
    comprehensive monitoring approach enables financial
    institutions to comply with regulations and to protect against
    internal information leakage.“

                                                               Paul Reymann
                                                   CEO, ReymannGroup Inc.
                     Co-author of Section 501 of the Gramm-Leach-Bliley Act
                                                  Data Protection Regulation




                                                           Vericept Proprietary and Confidential
               California
            Senate Bill 1386
                July 1, 2003

                  Vericept
Protecting Your Information and Reputation




                                  Vericept Proprietary and Confidential
SB 1386 Requirements
 What it is?
 •   Mandate requiring public disclosure of computer-security breaches in
     which confidential information of ANY California resident MAY have
     been compromised

 Who is affected?
 •   The law covers every enterprise, public or private, doing business with
     California residents.

 •   "Personal Information" means an individual's first name or first
     initial and last name in combination with any one or more of the
     following non-encrypted data elements
      - Social Security Number
      - California Driver's License Number or California Identification Card Number
      - Account number, credit or debit card number, in combo with security code,
        access code, or password that would permit access to an individual's
        financial account

                                                                Vericept Proprietary and Confidential
CA SB 1386 Requirements

 Mandated Action
 •   Companies must warn California customers of security holes in their
     corporate computer networks
 •   When a business discovers that confidentiality has or may have been
     breached it must notify the customers
 •   If the business is unsure which customers have been affected, it must
     notify ALL customers of the breach. Obviously this is both an expensive
     and embarrassing event.

  Impact
  • Burden is on to notify any, and all possible, effected consumers. If
    you can’t identify which ones, you must go public
  • Significant CMP’s (civil money penalties) are at risk


                                                            Vericept Proprietary and Confidential
       Fraud and Identity Theft



                  Vericept
Protecting Your Information and Reputation




                                  Vericept Proprietary and Confidential
Fraud and Identity Theft

   Over 9.9 million Americans Were Victims
        • That’s 4.6% of the population
        • One third from new accounts, two thirds from existing accounts
        • Average loss - $4,800 per victim


   Businesses Lost $47.6 Billion
        • $32.9 billion attributable to new accounts opened by unauthorized
          users
        • $14 billion attributable to existing account misuse by unauthorized
          users
        • $25 per card – the cost of canceling and issuing a new credit card
        • When victims lost $5,000 or more, 81% told someone else – this
          behavior places the company’s reputation at risk!!


   Source: 2003 FTC Identity Theft Study




                                                                  Vericept Proprietary and Confidential
Market Validation – Risk Management is a Driver


    “Intelligent Risk Management can enable organizations to
    face an uncertain future optimistically…Preparation requires
    a focus on risk management, intelligence-driven prevention
    and response.”

                                                     -David Bauer
              Vice President, Chief Information and Privacy Officer




                                                         Vericept Proprietary and Confidential
Section III: VERICEPT SALES CYCLE



                    Vericept
  Protecting your Information and Reputation




                                    Vericept Proprietary and Confidential
Vericept Sales Cycle


VERICEPT
             Create
 SALES                     Qualification   Conviction                    Close
            Interest
 CYCLE



                                           • Secondary
                           •Online Demo
                                            EA Present.                 •PO
VERICEPT                       •Initial
                                           •SLA Review
           •Call Scripts      Exposure                                 •SLA
 SALES                                       •Proposal
            •Referrals      Assessment
                                               •SOW                  •Move to
 TOOLS                      •Implement.                             Implement.
                                           •Implement.
                           Expectations
                                                Plan




                                                     Vericept Proprietary and Confidential
 Create
Interest        Vericept Sales Cycle

  I. CREATE INTEREST
       •    Research your prospect
       •    Identify corporate mission, company positioning, key players,
            financials, recent news, Code of Conduct, etc.
       •    Contact Prospect at Business Decision-Maker Level - (e.g., CIO,
            Compliance, HR, Finance, Internal Audit, etc.)
       •    Understand what they are responsible for and then link Vericept benefit
            to them

      Business Decision Makers
      • Chief Risk Officer             • Chief Financial Officer           • Director of Security
      • VP of HR                       • CSO / CISO                        • Head of Marketing
      • Corporate Governance Officer   • Chief Information Officer         • CEO
      • Legal / Corporate Counsel      • Chief Ethics Officer              • Internal Audit
      • Chief Privacy Officer          • Corporate Compliance Officer

                                                                        Vericept Proprietary and Confidential
Elevator Pitch

   Vericept Corporation is the leading provider of enterprise risk
   management solutions enabling corporations, government agencies and
   education institutions to manage and dramatically reduce insider risk.

   Vericept provides immediate visibility to multiple forms of business
   risk including regulation compliance violations, corporate governance
   concerns, internal policy infractions, information leaks, and unacceptable
   internet use. Based on the patented advanced linguistics engine, the
   Vericept Solutions analyze all content of inbound and outbound internet
   traffic using pre-defined categories, enabling companies to instantly identify
   and terminate any activity falling outside of an organizations predefined
   acceptable use policy.

   Vericept’s innovative solutions prevent losses to valuable information
   assets and protect the organization Brand and reputation.


                                                               Vericept Proprietary and Confidential
Qualification   Vericept Sales Cycle
   II. QUALIFICATION – The Initial Hook
       •    Flesh out their current security infrastructure
       •    Flesh out their acceptable use policies
       •    “Would You Know If” Questions
       •    Share customer anecdotes
       •    Present Vericept Corporate Overview and Online Demo
       •    Commit to next step (meet with other stakeholders, Exposure Assessment, etc)

       QUALIFICATION – Understand the Procurement Process
       •    Learn typical procurement process
       •    Determine availability of funds
       •    Determine appropriation of funds (especially for out-of-budget purchases)
       •    Identify the titles and names of those affecting the purchasing process
       •    If you’re pressured to deliver pricing prior to the EA or proposal – give them
            budget and planning numbers of $20 to $30 per workstation annually.


                                                                        Vericept Proprietary and Confidential
Qualification
                  The Online Demo
                Actual Logs - just anonymized



                         Vericept
       Protecting Your Information and Reputation




                                                Vericept Proprietary and Confidential
Qualification   Vericept Sales Cycle
       QUALIFICATION – “Reference” Trial Close
       “The Demo you have just seen reflects the manner in which the
       solution would be used and the types of information that would
       be captured if the solution were installed on your network. Based
       upon your feedback, it sounds like this has a clear and valuable fit
       in your environment. We have the ability to deliver the solution
       in a manner that can be recognized either as an Operating
       Expense or Capital Expense. Which would better fit with your
       budget and financial structure?”
        Contact your Vericept Channel Sales Manager (CSM)
       •   Share Customer Anecdotes, Case Studies and Analyst Quotes
       •   References Online
       •   Broker a concall between the two parties


                                                         Vericept Proprietary and Confidential
Qualification   Vericept Sales Cycle
       QUALIFICATION – “Exposure Assessment” Trial Close
        “We have a program we refer to as the Exposure Assessment. This Program
        provides a 7 day snap shot of activity on your network and the various points of
        business risk tied to inappropriate network use and abuse. We install a Vericept
        device on your network, let it run for 7 days then present the results of our findings
        in the form of an Executive Presentation. Typically the Exposure Assessment is
        priced at $20,000. However, as the program has evolved, at times waive that
        fee provided your organization is committed to gaining the executive level buy-in on
        the program. This is done by confirming the key stake-holders attend the
        Executive Presentation. The reason for this request comes from our desire to
        ensure we’re not wasting your time or ours. Frankly, in the past we have had some
        organizations that have learned, only after performing an EA that they are not
        prepared to address the issues and risks that were discovered during the
        assessment. Usually, the “key stake holders” are the executives
        responsible for Compliance, HR, IT and Legal. Do you have separate
        individuals responsible for these functional areas? Would those individuals be of a
        mindset to address these issues?”

       If yes, send the EA Agreement and require them to get it signed by the
        individual that would ultimately have purchasing authority should they
        decide to purchase the Vericept solution.
                                                                        Vericept Proprietary and Confidential
Qualification   Vericept Sales Cycle
       QUALIFICATION – “Exposure Assessment” Trial Close
       •    Pull Exposure Assessment Agreement from www.vericept.com and get it signed
            by customer (decision-maker)
       •    Set Exposure Assessment “best practices” expectations
       •    Provide Network Configuration Diagram Worksheet
       •    Proactively secure the EA installation & presentation dates & key contacts

           Present a quick, but compelling, EA presentation. Follow the proven
            Vericept format & discuss the deployment process (not as
            overwhelming as they assume).

       IMPLEMENTATION METHODOLOGY
       •    Set Implementation Expectations
       •    Scope to be fully defined in the final proposal to your customer


                                                                       Vericept Proprietary and Confidential
Qualification   Implementation Methodology




            Phase I                Phase II                      Phase III
     Initial Assessment            Discovery           Build, Install
           and Sale                                     and Test




                       Phase IV                 Phase V
                  Implementation          Post Implementation
                    and Support                  Review
                                                    Vericept Proprietary and Confidential
Conviction       Vericept Sales Cycle
  III.       CONVICTION – Secondary EA Presentation
            If all stake holders are not present for the “Initial EA Presentation”,
             the customer usually conducts a secondary EA presentation to
             additional decision-makers, stakeholders and budget committees.
         •   Offer to present to the secondary decision-makers (not unusual to be declined because
             generally additional action items are discussed during those meetings that don’t involve
             Vericept).
         •   Do insist on helping the “champion” develop his/hers Vericept presentation
             •    Provide EA Presentation – or shorter version
             •    Provide role-play assistance
             •    Provide additional documents, white-papers, or references to solidify the decision and
                  budget.
             •    Help them find the budget dollars to buy now.
             •    Express a willingness and capability to get creative with the financing of the solution if
                  you think there may be budget issues.
         •   Secure a date and time you will follow up with the champion (typically the day after their
             internal meeting)

                                                                                  Vericept Proprietary and Confidential
Conviction       Vericept Sales Cycle
      CONVICTION – Deliver Proposal
            Deliver a Quote, Proposal or Statement of Work – put
             something in front of the customer for them to say “yes” to.
      •      Include the full complement of Vericept Solutions
             •    Info Privacy – protects your valuable information
             •    Acceptable Use – addresses employee productivity and reputation risk
                  management
             •    Preventative Security – capture the internal hackers
             •    Stored Data – data-at-rest
             •    Custom Search Parameters – the tool to customize Vericept
      •      Never line item the pricing – include all modules with one aggregate investment
             price.
      •      Be sure to include the “points of pain” identified early on and the cost
             associated with them
      •      Include detailed solution implementation plan (Statement of Work)
      •      Follow up, follow up, follow up

                                                                       Vericept Proprietary and Confidential
Conviction      Vericept Sales Cycle
      CONVICTION – Software License Agreement
            Deliver the SLA as early as possible for the Customer to
             expedite the legal review process
      •      Make the SLA review a non-event. It is just standard software licensing
             language
      •      Pull the latest version from www.vericept.com
      •      Engage your Channel Sales Manager to field 100% of the questions and
             proposed red-line. Under no circumstance should our CVSP negotiate verbiage
             changes to the SLA!
      •      Get signature on the SLA or online approval for the electronic version




                                                                    Vericept Proprietary and Confidential
Close      Vericept Sales Cycle

IV. CLOSE – The Win
       The deal is booked when two things happen –
   1.   Vericept receives a valid Purchase Order from the CVSP or Distributor and
   2.   Vericept receives the signed Software License Agreement (either hardcopy
        or electronic)


   CONGRATULATIONS – you’ve now delivered a true solution that will
      positively impact the senior members of your Customer. You will now
      be elevated to a trusted advisor level in their eyes (if you weren’t there
      already).

       Move to Implementation



                                                             Vericept Proprietary and Confidential
Section IV: VERICEPT’S PRODUCTS
            ARE CALLED SOLUTIONS



                   Vericept
 Protecting your Information and Reputation




                                   Vericept Proprietary and Confidential
Security Market                       Our Piece of the Pie
 Landscape

                     Vericept
                                      $3.3 Billion (2008)
                                       Messaging Security - $1.7B
                      Market            SCM Appliance - $1.6B
                    Opportunity

                     Secure
                     Content
                    Monitoring                $7.5 Billion (2008)
                      Market


                  Internet Security
                           &
                    Privacy Market                      $16 Billion (2008)

                                                    IDC Estimates (April, 2004)
                                                            Vericept Proprietary and Confidential
Gartner’s
Hype
Cycle



Vericept




            Vericept Proprietary and Confidential
Vericept Solutions System Requirements

•   Dedicated Appliance
      - Intel-compatible processor
      - 3 GHz minimum processing speed
      - 2 GB RAM
      - 120 GB Hard drive or larger
      - 2 network interface cards (NICs)
      - CD-ROM drive
      - Floppy disk drive

•   Operating System
      − Red Hat Enterprise Linux (RHEL) version 3.0
        WS



                                               Vericept Proprietary and Confidential
                                 “Installing and configuring the
Vericept Standalone Deployment   Vericept solution was almost
                                 easier than taking it out of the
                                 box.”
                                                            - Sean Doherty
                                                          Technology Editor
                                             Network Computing Magazine




                                     Vericept Proprietary and Confidential
Vericept Distributed Deployment




                                  Vericept Proprietary and Confidential
Vericept Distributed Deployment cont.




                                        Vericept Proprietary and Confidential
                  Vericept’s Intelligence Platform


Information                                          Regulation
                   Acceptable      Preventive        Compliance                 Custom
Privacy and                                           Manager
                      Use           Security                                    Search
Compliance                                               HIPAA
                                                                              Parameters
                    Manager         Manager
  Manager                                                GLBA
                                                        CA 1386




       Filter                   Intelligent Content Analysis
                                  Data-in-Motion | Data-at-Rest
                                                Monitoring Engine
    Blocking Solution



                                                                    Vericept Proprietary and Confidential
Vericept Solutions – Composition by Solution
         Information                          Acceptable                    Preventive
         Privacy and                             Use                         Security
         Compliance                            Manager                       Manager
           Manager
         Structured and                      Unstructured Data              Structured and
        Unstructured Data              Adult                              Unstructured Data
 CA Driver’s License                   Conflict                     Hacker Research
 Credit Card Number                    Gambling                     Impending Threats
 Protected Health Information (ePHI)   Games                        Preparation for Attack
 Personal Information (eNPI)           Racism                       Suspicious Activity
 Social Security Number                Shopping                     Unauthorized Access Attempts
 Confidential                          Sports
 Disgruntled                           Substance Abuse
 Information Hiding Research           Trading
 Mergers & Acquisitions                Violent Acts
 Resignation                           Weapons
                                       Peer-to-Peer File Research
       Capture All Instances
 IM & Chat                                 Capture All Instances
 Mailing Lists                         IM & Chat
 Peer-to-peer File Share               Mailing Lists
 Postings                              Peer-to-peer File Share
 Webmail                               Postings
                                       Webmail

                                                                            Vericept Proprietary and Confidential
Vericept Solutions – Composition by Category
           Regulation                                                      Custom
                                            Acceptable
           Compliance                                                      Search
                                        Use Manager - EDU
            Manager*                                                     Parameters
                                             (AUMe)
             (RCM)
                                            Unstructured Data      CSP’s are used to identify
          1. RCM CA 1386              Adult                        company-specific information
           Structured Data            Conflict
   CA Driver’s License                                             Examples:
                                      Gambling
   Credit Card Number                                              Proprietary information
                                      Games
   Personal Information (eNPI)                                     Trade secrets
                                      Gangs
   Social Security Number                                          Intellectual property
                                      Plagiarism
                                      Racism                       Communication with
                                                                   competitors
         2. RCM HIPAA                 Shopping                     Company-specific jargon
          Structured Data             Sports                       Project acronyms
Protected Health Information (ePHI)   Substance Abuse              Customer account numbers
Social Security Number                Trading
                                      Violent Acts
                                      Weapons
          3. RCM GLBA                 Peer-to-Peer File Research          Stored
          Structured Data             Hacker Research                  Data Analyzer
  Credit Card Number
  Personal Information                     Capture All Instances
  Social Security Number              IM & Chat
                                      Mailing Lists
    *These contain only the minimum
    categories necessary to comply
                                      Peer-to-peer File Share             Data At Rest
                                      Postings
                                      Webmail
                                                                   Vericept Proprietary and Confidential
Vericept Pricing Strategy
•   3 year term - paid up front (software maintenance included)
•   Perpetual License (software maintenance 20%)
•   Pricing & volume discount based on number of workstations
•   Minimum deal size of 250 workstations
•   VSP or Vericept can source hardware
•   Work passionately to maintain the List Price!

 Price List updated quarterly




                                                     Vericept Proprietary and Confidential
Training Exercise

CASE STUDY:
   You have called on the Chief Information Security Officer of a major
   hospital group. You’ve learned that she is very concerned about protecting
   protected health information and HIPAA is a constant board-level topic. In
   addition, her VP of Human Resources asked her if she was aware of any
   technology to track employees who visit unauthorized websites. Their
   network is comprised of 1,100 workstations but 1,900 users.

1.   What Vericept Solutions would you recommend? Which solutions would
     address which problems?
2.   What is the price of the proposed solutions?
3.   What else beside software should be factored into your proposal?




                                                          Vericept Proprietary and Confidential
Section V: PARTNER RESOURCE
           CENTER



                   Vericept
 Protecting your Information and Reputation




                                   Vericept Proprietary and Confidential
Partner Resource Center – www.vericept.com




                                    Vericept Proprietary and Confidential
Vericept Solutions Online Demos

         Solution               Demo            Username              Password

Acceptable Use        demo1.vericept.com    Administrator        woulduknow
Manager               demo2.vericept.com


Information Privacy   demo3.vericept.com    Administrator        woulduknow
and Compliance        demo4.vericept.com
Manager
Preventive Security   demo5.vericept.com    Administrator        woulduknow
Manager               demo6.vericept.com


Acceptable Use        demo7.vericept.com    Administrator        woulduknow
Manager - Education

All Solutions         demo13.vericept.com   Administrator        woulduknow


Filter                demo14.vericept.com   Administrator        woulduknow
                      demo15.vericept.com


                                                            Vericept Proprietary and Confidential
References Online




                    Vericept Proprietary and Confidential
Sample Policy Concerns and Solution Mapping
             External or Internal          Vericept Monitoring Category
               Policy Concern
 Equal Employment                     Racism


 Harassment – Free Workplace          Adult, Conflict, Violent Acts, Racism


 Substance – Free Workplace           Substance Abuse


 Health, Safety and the Environment   Weapons, Conflict


 Political Activities                 Custom Search Parameters


 Conflicts of Interest                Custom Search Parameters


 Fraud                                Custom Search Parameters




                                                                  Vericept Proprietary and Confidential
Sample Policy Concerns and Solutions Mapping                                                  (cont.)

              External or Internal                Vericept Monitoring Category
                Policy Concern
  Antitrust                                  Custom Search Parameters

  Proprietary and Confidential Information   Confidential, Mailing Lists, Disgruntled
                                             Employees, M&A, Personal File Information,
                                             Social Security Numbers, Custom Search
                                             Parameters, Non-public Personal Information,
                                             Personal Health Information



  Inside Information and Trading Company     Confidential, M&A, Custom Search Parameters
  Securities

  The Media and Financial Community          M&A, Postings, IM & Chat, Web-mail, Custom
                                             Search Parameters


  E-mail, the Internet and the Use of        IM & Chat, Sports, Shopping, Trading, Games,
  Company Property                           Confidential, Custom Search Parameters
                                             , Racism, Web-mail, Postings, P2P Research, P2P
                                             File Sharing, Adult



                                                                     Vericept Proprietary and Confidential
ORGANIZATION                                                          URL
Certified Information Systems Security Professional                   http://www.cissps.com/
CompTIA                                                               http://www.comptia.org/certification/security/default.aspx

US Department of Homeland Security                                    http://www.infragard.net/
International Information Systems Security Certification Consortium   https://www.isc2.org/cgi-bin/index.cgi
Information Systems Security Association                              http://www.cisecurity.org/
Information Systems Security Association                              http://www.issa.org/
Infragard                                                             http://www.nipc.gov/infragard/infragard.htm
Security Focus Website                                                http://www.securityfocus.com
The Center for Internet Security                                      http://www.sans.org/index.php
The SANS Institute                                                    http://www.jhita.org/electric.htm
US. Department of Justice                                             http://www.cybercrime.gov/
American Medical Association                                          http://www.cms.hhs.gov/hipaa/hipaa2/
Centers for Medicare and Medicaid Services                            http://www.hhs.gov/ocr/hipaa/
Health Privacy Project                                                http://www.ama-assn.org/ama/pub/category/4234.html
United States Department of Health and Human Services                 http://hipaa.wpc-edi.com/HIPAA_40.asp
Joint Commission on Accreditation of Healthcare Organizations         http://www.jcaho.org/
Joint Healthcare Information Technology Alliance (JHITA)              http://www.healthprivacy.org/
Gramm-Leach Bliley                                                    http://www.ftc.gov/privacy/glbact/
Sarbanes Oxley                                                        http://www.sarbanes-oxley.com/
Children's Internet Protection Act                                    http://www.ala.org/ala/washoff/WOissues/civilliberties/cipaweb/cipa.htm
Family Educational Privacy Rights Act                                 http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html


                                                                                                               Vericept Proprietary and Confidential
Section V: VERICEPT CORPORATION



                    Vericept
  Protecting Your Information and Reputation




                                    Vericept Proprietary and Confidential
Vericept Background

• Founded in 1999 – Denver, Colorado
• Award-winning, patent-pending (5) technology
• Seasoned Management Team & Approximately 65
  Outstanding Personnel:
• Financial backers: Sigma Venture Partners, William Blair
  Venture Capital, Sequel Venture Partners, Visa International
• Industries: financial services, healthcare, retail,
  manufacturing, government, education, pharma,
  telecommunications, energy…
• Approximately 600 customers trust Vericept – over 1.5M
  workstations being monitored



                                                 Vericept Proprietary and Confidential
Vericept Mission Statement


      To Be The Leading Global

 Provider of Information Protection

  and Misuse Prevention Solutions


                             Vericept Proprietary and Confidential
                       Vericept Sales Strategy

Direct Accessible Markets
• Enterprise > $500m
• Hospitals > $4b
• Federal Government                             VSP Accessible Markets
                                Direct           •   SME < $500.01m
                                Sales            •   Hospitals < $4.01b
                                                 •   State & Local Government
                                                 •   Education
                               Solutions
                               Partners




                              Distributors




                                                      Vericept Proprietary and Confidential
Vericept Solutions Partner Program – VSP’s

 VISION
  To be the standard in which our partners measure their other
  vendors.

 MISSION
  Create a global ecosystem of solution partners who leverage the
  unique capabilities of Vericept solutions to create new customers and
  organically grow existing customers in a profitable and mutually
  beneficial manner.

 VERICEPT CHANNEL SALES MANAGER OBJECTIVE
  Maximize revenue in each region.



                                                      Vericept Proprietary and Confidential
Vericept Solution Partner Program – VSP’s

  Certified Vericept Solution Partner Requirements
    •   Certified Vericept Solutions Architect
    •   Certified Vericept Sales Engineer
    •   Self-Sufficient Through Entire Sales Process (conduct EA’s)
    •   Relentlessly pursue customers defined in the VSP Accessible Markets
    •   Generate at Least $500k in Vericept revenue to CVSP
    •   VSP Accessible Market (as defined by Hoovers Online)
         -   SME’s: annual revenue < $501m
         -   Education (K-12 and higher-ed)
         -   State & Local Government
         -   Standalone Hospitals & Hospital Groups < $4.01b in annual revenue
               - CSMs have the named account list




                                                                   Vericept Proprietary and Confidential
Lead Referral Program
 For Customers Outside of the Scope of the VSP Accessible Markets

 Principles of Engagement
   • Submit a completed VSP Lead Qualification Form
   • One VSP Lead Qualification Form per Customer transaction.
   • Vericept controls the sales process from the moment the VSP Lead
     Referral Qualification Form is approved in writing.
   • Vericept, as a best practice, will incorporate the CVSP’s service delivery
     team to the extent it has the certification, experience, and desire.
   • Referral fee is only applicable to the Vericept software portion of the
     transaction.
   • One referral payment per VSP Lead Qualification Form.




                                                              Vericept Proprietary and Confidential
Vericept Proprietary and Confidential
     Michael Reagan
                                                                                   Dan Gannon
 VP Worldwide Channel Sales
                                                                              SVP of World Wide Sales
     Office: 303.268.0512
                                    Central                                    Office: 303.268.0516
      Cell: 303.478.3706
                                                                                Cell: 303.588-1975
  mike.reagan@vericept.com          Region                Northeast          dan.gannon@vericept.com
                                                           Region
        Sara Avery
  CSM - Northeast Region
    Office: 303.268.0532                                                            Ken Totura
     Cell: 303.898.2487                                                   Director of Partner Development
  sara.avery@vericept.com                                                       Office: 303.268.0537
                                                                                 Cell: 303.506.1568
                                                                              ken.totura@vericept.com
      Kevin Homer
   CSM - Southeast Region
     Office: 303.268.0533
                                                                                  Headquarters
      Cell: 303.570.6699
                                                                              750 W. Hampden Ave.
  kevin.homer@vericept.com
                                                                                    Suite 550
                                                                            Englewood, CO 80110-2163
     Erick Waggoner                                                              www.vericept.com
    CSM – Central Region
      Office: 303.268.0539
       Cell: 719.331.9594
                              Western                                          Technical Support
erick.waggoner@vericept.com
                              Region                          i                 800.262.0274 x7500
                                                                               support@vericept.com
     Damon Morriss
   CSM - Western Region                       Southeast
    Office: 310.545.7699                       Region
    Cell: 310.947.2594
 damon.morriss@vericept.com




Updated 1/8/04                                                        Vericept Proprietary and Confidential
               Market Landscape

TIER 1
Content
                                                     • Direct
Monitoring
                                                       competitors



TIER 2
                                                   • Not directly
Employee                                             competitive
Internet                 Compliance
                                                   • Potential
Management /
                                                     partners
Messaging


TIER 3                                             • Not
Network                                              competitive
Security /                                         • Sometimes
Forensics                                            asked about

                                      Vericept Proprietary and Confidential
                     Vericept Differentiators: Why Vericept?

Differentiator #1:      It’s all about what you DON’T know

Differentiator #2:      Vericept identifies sensitive content in unstructured formats

Differentiator #3:      Linguistic Analysis Engine

Differentiator #4:      Vericept monitors all TCP/IP traffic

Differentiator #5:      Vericept monitors both incoming and outgoing traffic

Differentiator #6:      Low Total Cost of Ownership

Differentiator #7:      Preventive Security

Differentiator #8:      Stored Data Analyzer

Differentiator #9:      Partners, Customers, Customer Quotes & 3rd party validation

Differentiator #10:     We will work just as hard to keep you as a customer as we will to
                        make you a customer

                                                                         Vericept Proprietary and Confidential
Section VII: BEST PRACTICES



                    Vericept
  Protecting Your Information and Reputation




                                    Vericept Proprietary and Confidential
Best Practices
 Target the industry verticals
    •   Healthcare, Education, Finance
    •   Any one with information and a reputation to protect

 This is a strategic business decision; not an IT decision
    •   But remember IT is a critical stakeholder

 The economic decision-maker is usually a CIO, CFO, and or CEO
    •   Critical coaches include: Compliance Officer, Director of Security, VP of
        Human Resources, Internal Audit, etc.

 Sales Math (per month) – 12 leads (3/wk) = 3 EA’s = 1 Win

                                                               Vericept Proprietary and Confidential
Best Practices
 Selling Vericept Requires:
    •   Focus, focus, focus – persistence, persistence, persistence
         • But know when to fish or cut bait
    •   Consultative Selling because this is a solution – not a product sale
    •   Leverage the proven “best practices”, resources, and your Channel Sales
        Manager

 Forecasting (yes – forecasting and here’s why)
    •   Your Channel Sales Manager can proactively engage resources to expedite the
        sales process (themselves, Vericept Executives, key Customer References, etc.)
    •   Reduces channel conflict because your Channel Sales Manager will only go on
        account calls with one CVSP. Race goes to the swiftest.
    •   Vericept leads get distributed to those who focus on Vericept the most and
        forecast diligently.
    •   Because your Channel Sales Manager has to forecast to Vericept each and every
        week!!


                                                                      Vericept Proprietary and Confidential
The Best Best Practice
 STRIKE WHEN THE IRON IS HOT

  •   Especially after the initial Exposure Assessment presentation
  •   If the sales process is not moving forward – then it is moving
      backwards.
  •   Our most successful Partners have learned that lesson well


                                      “Every Day Matters”

                                                                      Jen Cantwell
                                                               Sr. Sales Executive
                                                             Vericept Corporation
                                       EMC, Tyco Intl, United Technologies Corp.,
                                                   Massachusetts Financial Svs.



                                                             Vericept Proprietary and Confidential
You’re Not the Only One Who Believes in Vericept!




     Partnering to combat Fraud and Identity Theft
  •   Vericept is the only Content Monitoring Partner within Visa’s
      exclusive Strategic Alliances Program
  •   Strategic discussions and planning underway to develop
      initiatives for managing information risk

  •   www.visa.com/sai
                                                      Vericept Proprietary and Confidential
 Award-Winning Technology

Honors leading-edge technology that provides
measurable business value to end-user organizations.



                                Reflects technical excellence, professional
                                achievement and the important role that
                                information security professionals play in helping
                                to shape the industry.



“Vericept earned our Editor's Choice Award by
providing a path of least resistance to monitoring
network use and for its superiority in identifying
abuse.”


                                                               Vericept Proprietary and Confidential
       THANK YOU VERY MUCH

    CONGRATULATIONS – You’re a CVSA!


                  Vericept
Protecting your Information and Reputation




                                  Vericept Proprietary and Confidential

				
DOCUMENT INFO