Get documents about "Vericept CVSA Training
Document Sample
Certified Vericept Sales Architect
“CVSA” Sales
Certification Training
Ken Totura
Vericept Corporation
www.vericept.com 4Q 2004
Why We Are Here Today
Internet Security / Privacy Market is Hot! (IDC)
• 15% growth rate by 2005 which translates into more than $118b by 2007
• Worldwide spending will grow twice as fast as IT overall
• 40% of IT managers saw security as their top IT budget priority
Risk Management is Even Hotter
• FTC – 10 million victims of Identity Theft in 2003 costing $47b
• KPMG -60% of companies being victimized by employee fraud
• IDC – Over one-third of the financial or data loss incidents involved insiders
• PWC – Companies view Security as a “strategic enabler”
Vericept is a Wildly Unique Solution
• Differentiate yourself from your competitors
• Customer escalation – CxO
• Customer acquisition – Beachhead
• Tremendous margins
Vericept Proprietary and Confidential
Agenda
Section I: The “Problem” and “Solution”
Section II: Business Risk Drivers
Section III: Vericept Sales Cycle
Section IV: Vericept Products are Called Solutions
Section V: Partner Resource Center
Section VI: Vericept Corporation
Section VII: Best Practices
Certified Vericept Sales Architect – Congratulations!
Vericept Proprietary and Confidential
Section I: THE PROBLEM and
now there is a SOLUTION
Vericept
Protecting your Information and Reputation
Vericept Proprietary and Confidential
What Keeps These Folks Up At Night?
• Board of Directors • Chief Information Officer
• Chief Executive Officer • VP of Sales
• President – Chief • VP of Marketing
Operating Officer
• VP of Legal
• Chief Financial Officer
• VP of Human Resources
• Chief Information Security
Officer
(Compliance Officer)
Vericept Proprietary and Confidential
Would You Immediately Know If…
A trusted employee pasted confidential acquisition information
into a webmail message and sent it to your competitor?
An employee downloaded hacker tools to their work computer
with the intention of stealing your customer’s private data?
An employee posted your confidential executive
communications or financial data on www.internalmemos.com
or some other internet posting site like Yahoo Finance?
An employee is using a P2P client and is inadvertently
exposing your proprietary information to millions of other P2P
users?
Vericept Proprietary and Confidential
The Problem
Lack of EFFECTIVE VISIBILITY to confidential and inappropriate content
flowing across the network. The risk and results can be significant:
Information Loss
• Company: Intellectual Property, R&D, Customer Lists, source code…Corp. Espionage
• Customer Information: SSN, credit card number, mother’s maiden name…ID Theft
Non-Compliance
• GLBA, HIPAA, CA 1386: protecting customer privacy
• Sarbanes-Oxley: protecting investors, corporate ethical responsibility
Abuse of Internet Usage
• Productivity: employees and contractors surfing the web for hours and hours
• Legal Liability: sexual harassment, workplace violence, wrongful termination
Insider IT System Mischief/Hacking
• Sabotage and Hacking: viruses, worms, exploits
• (leading to) Theft: keyloggers, unauthorized access
• System Downtime: troubleshooting and fixing problems
Vericept Proprietary and Confidential
Where is the Exposure and Risk?
Email and Web-based mail
Instant Messaging
Internet Postings
hacking tools
SOURCE CODE
•FTP
•Peer-to-Peer ( i.e. KaZaA and Limewire)
•Chat rooms
•Attachments
•Web
Vericept Proprietary and Confidential
Vericept’s Intelligence Platform
Information Regulation
Acceptable Preventive Compliance Custom
Privacy and Manager
Use Security Search
Compliance HIPAA
Parameters
Manager Manager
Manager GLBA
CA 1386
Filter Intelligent Content Analysis
Data-in-Motion | Data-at-Rest
Monitoring Engine
Blocking Solution
Vericept Proprietary and Confidential
Vericept Solutions – Composition by Solution
Information Acceptable Preventive
Privacy and Use Security
Compliance Manager Manager
Manager
Structured and Unstructured Data Structured and
Unstructured Data Adult Unstructured Data
CA Driver’s License Conflict Hacker Research
Credit Card Number Gambling Impending Threats
Protected Health Information (ePHI) Games Preparation for Attack
Personal Information (eNPI) Racism Suspicious Activity
Social Security Number Shopping Unauthorized Access Attempts
Confidential Sports
Disgruntled Substance Abuse
Information Hiding Research Trading
Mergers & Acquisitions Violent Acts
Resignation Weapons
Peer-to-Peer File Research
Capture All Instances
IM & Chat Capture All Instances
Mailing Lists IM & Chat
Peer-to-peer File Share Mailing Lists
Postings Peer-to-peer File Share
Webmail Postings
Webmail
Vericept Proprietary and Confidential
Vericept Solutions – Composition by Category
Regulation Custom
Acceptable
Compliance Search
Use Manager - EDU
Manager* Parameters
(AUMe)
(RCM)
Unstructured Data CSP’s are used to identify
1. RCM CA 1386 Adult company-specific information
Structured Data Conflict
CA Driver’s License Examples:
Gambling
Credit Card Number Proprietary information
Games
Personal Information (eNPI) Trade secrets
Gangs
Social Security Number Intellectual property
Plagiarism
Racism Communication with
competitors
2. RCM HIPAA Shopping Company-specific jargon
Structured Data Sports Project acronyms
Protected Health Information (ePHI) Substance Abuse Customer account numbers
Social Security Number Trading
Violent Acts
Weapons
3. RCM GLBA Peer-to-Peer File Research Stored
Structured Data Hacker Research Data Analyzer
Credit Card Number
Personal Information Capture All Instances
Social Security Number IM & Chat
Mailing Lists
*These contain only the minimum
categories necessary to comply
Peer-to-peer File Share Data At Rest
Postings
Webmail
Vericept Proprietary and Confidential
Enterprise Risk Management
Through Intelligent Content Monitoring
Vericept Proprietary and Confidential
The Advantage: Contextual Linguistics Analysis
• Goes far beyond keyword searches by “reading” content and understanding
the context of the communication
– Can catch the more “subtle” risky communication that other technologies miss
• Almost 60 predefined categories leverage the intelligence platform, flag and
classify various types of content traveling into, out of and across a network
– Works immediately out of the box, requiring no lengthy data definition exercises or
expensive development efforts
• How it works:
– Content – looks at the text of the communication, effectively “reading it”
– Context – looks at the communication format to “understand” the meaning of the text
– Structure – looks at the communication type, whether it’s email, a web page, chat, etc.
The Advantage: Custom Search Parameters
• Leverages Vericept’s Extended Regular Expressions which have been
optimized by Vericept Labs
• Combines power of intelligence with keyword driven matches to enable more
effective identification of risks to an enterprise
Vericept Proprietary and Confidential
Vericept’s Unique Approach is the Solution
Intelligent Content Monitoring, Analysis and Reporting
• Passively monitors the content of ALL internet traffic
- Includes web, web-mail, email, chat, instant messaging, peer-to-peer file
sharing, telnet, ftp, postings and more...
• Intelligently analyzes and identifies ONLY the pertinent content at risk
• Provides detailed content capture, “proof-positive evidence”
• Identity Match: ties inappropriate activity and content to the user
• Provides detailed information delivery and reporting
• Ability to perform same intelligent analysis on stored data
Vericept Proprietary and Confidential
Vericept Value and Benefits
Prevents Information Loss, Identity Theft and Corporate Espionage
Enables regulatory compliance
- Sarbanes Oxley - CA SB 1386
- GLBA - HIPAA
Reduces liability associated with inappropriate use
Identifies rogue protocol usage
Stops unproductive and unethical internet use
Provides never before seen visibility to enterprise risk
Compelling ROI and low TCO
Protects Brand, Reputation and Information
Vericept Proprietary and Confidential
Approximately 600 customers trust Vericept…
….over 1,200,000 workstations being monitored!
Healthcare and Pharma Utilities Financial
Comm. Svcs Entertainment Retail and Manufacturing
Government and Education
Vericept Proprietary and Confidential
Award-Winning Technology
Honors leading-edge technology that provides
measurable business value to end-user organizations.
Reflects technical excellence, professional
achievement and the important role that
information security professionals play in helping
to shape the industry.
“Vericept earned our Editor's Choice Award by
providing a path of least resistance to monitoring
network use and for its superiority in identifying
abuse.”
Vericept Proprietary and Confidential
Section II: BUSINESS RISK DRIVERS
Information Privacy, Compliance, Productivity, & Reputation
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Externally
Enterprise Risk Driven Policies:
Compliance &
Management Regulation
M A C R
o n a e
n a p p
i l t o
y u r
t
z r t
o
e e
r
Internally Internally
Driven Policies: Manage Driven Policies:
Acceptable Use Information
Controls
Vericept Proprietary and Confidential
Vericept Drivers
Internally Driven Policies: Information Controls
• Executive communications
• Marketing plans
• Merger and Acquisition activity
• Research and development
• Patents and trade secrets
• Customer lists
• Employee information (SSN,
compensation…)
• …and the list goes on…
Vericept Proprietary and Confidential
Vericept Drivers
Internally Driven Policies: Acceptable Use
• Internet use
• Corporate email use
• Instant Messaging use
• Peer-to-Peer use
• Appropriate content (or inappropriate)
• Safe work or school environments (free
from violence, hostility and
harassment)
Vericept Proprietary and Confidential
Vericept Drivers
Externally Driven Policies: Compliance
• HIPAA Security Rule
• Gramm-Leach-Bliley
• Sarbanes-Oxley
• California Senate Bill 1386
• USA Patriot Act
• Children’s Internet Protection Act
Over 300 pieces of pending Privacy
legislation
Vericept Proprietary and Confidential
Health Insurance Portability &
Accountability Act
HIPAA
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Health Insurance Portability & Accountability Act of 1996
• SEC. 261. PURPOSE.
It is the purpose of this subtitle to improve the Medicare
program under title XVIII of the Social Security Act, the
medicaid program under title XIX of such Act, and the
efficiency and effectiveness of the health care system,
by encouraging the development of a health
information system through the establishment of
standards and requirements for the electronic
transmission of certain health information.
Vericept Proprietary and Confidential
HIPAA – The Five Basic Principles
• Consumer Control: The regulation provides consumers with critical new
rights to control the release of their medical information.
• Boundaries: With few exceptions, an individual's health care information
should be used for health purposes only, including treatment and payment.
• Accountability: Under HIPAA, for the first time, there will be specific federal
penalties if a patient's right to privacy is violated.
• Public Responsibility: The new standards reflect the need to balance
privacy protections with the public responsibility to support such national
priorities as protecting public health, conducting medical research, improving
the quality of care, and fighting health care fraud and abuse.
• Security: It is the responsibility of organizations that are entrusted with
health information to protect it against deliberate or inadvertent misuse or
disclosure.
Vericept Proprietary and Confidential
Sarbanes Oxley
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Sarbanes-Oxley Requirements
Antifraud Programs and Controls
• Fraud risk assessment (Section 103)
CEO and CFO Certification
• Disclosure of controls and procedures (Section 302)
Management’s Annual Assessment Report
• Assessment of Internal Controls over Financial Reporting (Section 404)
Code of Conduct and Ethics
• Ensuring adherence to Code (Section 406)
Managing and Strengthening Internal Controls
• Provides a continuous monitoring mechanism to satisfy and enforce Internal
Control requirements
Vericept Proprietary and Confidential
How a prominent customer is using Vericept for SOX…
Guide to Ethical Conduct Vericept Category
Equal Employment Racism
Harassment – Free Workplace Adult, Conflict, Violent Acts, Racism
Substance – Free Workplace Substance Abuse “I am complying
Health, Safety and the Environment Weapons, Conflict with 50% of my
Political Activities Custom Search Parameters Ethical Code of
Conflicts of Interest Custom Search Parameters
Conduct by using
Fraud Custom Search Parameters
Vericept as an
Antitrust Custom Search Parameters
Proprietary and Confidential Information Confidential, Mailing Lists, Disgruntled Employees,
internal
M&A, Personal Information, Social Security
Numbers, Extended Regular Expressions, Non-
monitoring
public Personal Information, Personal Health
Information, Custom Search Parameters
control”
-Sr. Corporate
Inside Information and Trading Company
Securities
Confidential, M&A, Custom Search Parameters Governance Officer,
Global Conglomerate
The Media and Financial Community M&A, Postings, IM & Chat, Web-mail, Custom
Search Parameters
E-mail, the Internet and the Use of Company IM & Chat, Sports, Shopping, Trading, Games,
Property Confidential, Extended Regular Expressions,
Racism, Web-mail, Postings, P2P Research, P2P
File Sharing, Adult
Vericept Proprietary and Confidential
Gramm-Leach-Bliley
Financial Modernization Act of 1999
(GLBA)
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
GBLA Data Protection Requirements -
Mandate that financial institutions protect the security and
confidentiality of customers' non-public personal information
and institute appropriate administrative, technical, and physical
safeguards to accomplish this requirement.
• Requires covered institutions to protect against any anticipated
threats or hazards to the security or integrity of customer records
• and to protect against unauthorized access to or use of records or
information which could result in substantial harm or inconvenience
to any customer.
Vericept Proprietary and Confidential
How Vericept Enables GLBA Compliance
FFIEC Handbook Safeguards
Risk Assessment:
Continuous, formal process
Security Controls Implementation:
Controls to protect against malicious code
Personnel security / authorized use
Logging and data collection
Monitoring and Updating:
Continuously analyze threats
Monitor for technical vulnerabilities
*Note: Vericept developed the GLBA solution with co-author
Paul Reymann to specifically enable compliance
Vericept Proprietary and Confidential
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance Manager
solution identifies and manages risks, tests risk management
practices and monitors to control risks. Vericept's
comprehensive monitoring approach enables financial
institutions to comply with regulations and to protect against
internal information leakage.“
Paul Reymann
CEO, ReymannGroup Inc.
Co-author of Section 501 of the Gramm-Leach-Bliley Act
Data Protection Regulation
Vericept Proprietary and Confidential
California
Senate Bill 1386
July 1, 2003
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
SB 1386 Requirements
What it is?
• Mandate requiring public disclosure of computer-security breaches in
which confidential information of ANY California resident MAY have
been compromised
Who is affected?
• The law covers every enterprise, public or private, doing business with
California residents.
• "Personal Information" means an individual's first name or first
initial and last name in combination with any one or more of the
following non-encrypted data elements
- Social Security Number
- California Driver's License Number or California Identification Card Number
- Account number, credit or debit card number, in combo with security code,
access code, or password that would permit access to an individual's
financial account
Vericept Proprietary and Confidential
CA SB 1386 Requirements
Mandated Action
• Companies must warn California customers of security holes in their
corporate computer networks
• When a business discovers that confidentiality has or may have been
breached it must notify the customers
• If the business is unsure which customers have been affected, it must
notify ALL customers of the breach. Obviously this is both an expensive
and embarrassing event.
Impact
• Burden is on to notify any, and all possible, effected consumers. If
you can’t identify which ones, you must go public
• Significant CMP’s (civil money penalties) are at risk
Vericept Proprietary and Confidential
Fraud and Identity Theft
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Fraud and Identity Theft
Over 9.9 million Americans Were Victims
• That’s 4.6% of the population
• One third from new accounts, two thirds from existing accounts
• Average loss - $4,800 per victim
Businesses Lost $47.6 Billion
• $32.9 billion attributable to new accounts opened by unauthorized
users
• $14 billion attributable to existing account misuse by unauthorized
users
• $25 per card – the cost of canceling and issuing a new credit card
• When victims lost $5,000 or more, 81% told someone else – this
behavior places the company’s reputation at risk!!
Source: 2003 FTC Identity Theft Study
Vericept Proprietary and Confidential
Market Validation – Risk Management is a Driver
“Intelligent Risk Management can enable organizations to
face an uncertain future optimistically…Preparation requires
a focus on risk management, intelligence-driven prevention
and response.”
-David Bauer
Vice President, Chief Information and Privacy Officer
Vericept Proprietary and Confidential
Section III: VERICEPT SALES CYCLE
Vericept
Protecting your Information and Reputation
Vericept Proprietary and Confidential
Vericept Sales Cycle
VERICEPT
Create
SALES Qualification Conviction Close
Interest
CYCLE
• Secondary
•Online Demo
EA Present. •PO
VERICEPT •Initial
•SLA Review
•Call Scripts Exposure •SLA
SALES •Proposal
•Referrals Assessment
•SOW •Move to
TOOLS •Implement. Implement.
•Implement.
Expectations
Plan
Vericept Proprietary and Confidential
Create
Interest Vericept Sales Cycle
I. CREATE INTEREST
• Research your prospect
• Identify corporate mission, company positioning, key players,
financials, recent news, Code of Conduct, etc.
• Contact Prospect at Business Decision-Maker Level - (e.g., CIO,
Compliance, HR, Finance, Internal Audit, etc.)
• Understand what they are responsible for and then link Vericept benefit
to them
Business Decision Makers
• Chief Risk Officer • Chief Financial Officer • Director of Security
• VP of HR • CSO / CISO • Head of Marketing
• Corporate Governance Officer • Chief Information Officer • CEO
• Legal / Corporate Counsel • Chief Ethics Officer • Internal Audit
• Chief Privacy Officer • Corporate Compliance Officer
Vericept Proprietary and Confidential
Elevator Pitch
Vericept Corporation is the leading provider of enterprise risk
management solutions enabling corporations, government agencies and
education institutions to manage and dramatically reduce insider risk.
Vericept provides immediate visibility to multiple forms of business
risk including regulation compliance violations, corporate governance
concerns, internal policy infractions, information leaks, and unacceptable
internet use. Based on the patented advanced linguistics engine, the
Vericept Solutions analyze all content of inbound and outbound internet
traffic using pre-defined categories, enabling companies to instantly identify
and terminate any activity falling outside of an organizations predefined
acceptable use policy.
Vericept’s innovative solutions prevent losses to valuable information
assets and protect the organization Brand and reputation.
Vericept Proprietary and Confidential
Qualification Vericept Sales Cycle
II. QUALIFICATION – The Initial Hook
• Flesh out their current security infrastructure
• Flesh out their acceptable use policies
• “Would You Know If” Questions
• Share customer anecdotes
• Present Vericept Corporate Overview and Online Demo
• Commit to next step (meet with other stakeholders, Exposure Assessment, etc)
QUALIFICATION – Understand the Procurement Process
• Learn typical procurement process
• Determine availability of funds
• Determine appropriation of funds (especially for out-of-budget purchases)
• Identify the titles and names of those affecting the purchasing process
• If you’re pressured to deliver pricing prior to the EA or proposal – give them
budget and planning numbers of $20 to $30 per workstation annually.
Vericept Proprietary and Confidential
Qualification
The Online Demo
Actual Logs - just anonymized
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Qualification Vericept Sales Cycle
QUALIFICATION – “Reference” Trial Close
“The Demo you have just seen reflects the manner in which the
solution would be used and the types of information that would
be captured if the solution were installed on your network. Based
upon your feedback, it sounds like this has a clear and valuable fit
in your environment. We have the ability to deliver the solution
in a manner that can be recognized either as an Operating
Expense or Capital Expense. Which would better fit with your
budget and financial structure?”
Contact your Vericept Channel Sales Manager (CSM)
• Share Customer Anecdotes, Case Studies and Analyst Quotes
• References Online
• Broker a concall between the two parties
Vericept Proprietary and Confidential
Qualification Vericept Sales Cycle
QUALIFICATION – “Exposure Assessment” Trial Close
“We have a program we refer to as the Exposure Assessment. This Program
provides a 7 day snap shot of activity on your network and the various points of
business risk tied to inappropriate network use and abuse. We install a Vericept
device on your network, let it run for 7 days then present the results of our findings
in the form of an Executive Presentation. Typically the Exposure Assessment is
priced at $20,000. However, as the program has evolved, at times waive that
fee provided your organization is committed to gaining the executive level buy-in on
the program. This is done by confirming the key stake-holders attend the
Executive Presentation. The reason for this request comes from our desire to
ensure we’re not wasting your time or ours. Frankly, in the past we have had some
organizations that have learned, only after performing an EA that they are not
prepared to address the issues and risks that were discovered during the
assessment. Usually, the “key stake holders” are the executives
responsible for Compliance, HR, IT and Legal. Do you have separate
individuals responsible for these functional areas? Would those individuals be of a
mindset to address these issues?”
If yes, send the EA Agreement and require them to get it signed by the
individual that would ultimately have purchasing authority should they
decide to purchase the Vericept solution.
Vericept Proprietary and Confidential
Qualification Vericept Sales Cycle
QUALIFICATION – “Exposure Assessment” Trial Close
• Pull Exposure Assessment Agreement from www.vericept.com and get it signed
by customer (decision-maker)
• Set Exposure Assessment “best practices” expectations
• Provide Network Configuration Diagram Worksheet
• Proactively secure the EA installation & presentation dates & key contacts
Present a quick, but compelling, EA presentation. Follow the proven
Vericept format & discuss the deployment process (not as
overwhelming as they assume).
IMPLEMENTATION METHODOLOGY
• Set Implementation Expectations
• Scope to be fully defined in the final proposal to your customer
Vericept Proprietary and Confidential
Qualification Implementation Methodology
Phase I Phase II Phase III
Initial Assessment Discovery Build, Install
and Sale and Test
Phase IV Phase V
Implementation Post Implementation
and Support Review
Vericept Proprietary and Confidential
Conviction Vericept Sales Cycle
III. CONVICTION – Secondary EA Presentation
If all stake holders are not present for the “Initial EA Presentation”,
the customer usually conducts a secondary EA presentation to
additional decision-makers, stakeholders and budget committees.
• Offer to present to the secondary decision-makers (not unusual to be declined because
generally additional action items are discussed during those meetings that don’t involve
Vericept).
• Do insist on helping the “champion” develop his/hers Vericept presentation
• Provide EA Presentation – or shorter version
• Provide role-play assistance
• Provide additional documents, white-papers, or references to solidify the decision and
budget.
• Help them find the budget dollars to buy now.
• Express a willingness and capability to get creative with the financing of the solution if
you think there may be budget issues.
• Secure a date and time you will follow up with the champion (typically the day after their
internal meeting)
Vericept Proprietary and Confidential
Conviction Vericept Sales Cycle
CONVICTION – Deliver Proposal
Deliver a Quote, Proposal or Statement of Work – put
something in front of the customer for them to say “yes” to.
• Include the full complement of Vericept Solutions
• Info Privacy – protects your valuable information
• Acceptable Use – addresses employee productivity and reputation risk
management
• Preventative Security – capture the internal hackers
• Stored Data – data-at-rest
• Custom Search Parameters – the tool to customize Vericept
• Never line item the pricing – include all modules with one aggregate investment
price.
• Be sure to include the “points of pain” identified early on and the cost
associated with them
• Include detailed solution implementation plan (Statement of Work)
• Follow up, follow up, follow up
Vericept Proprietary and Confidential
Conviction Vericept Sales Cycle
CONVICTION – Software License Agreement
Deliver the SLA as early as possible for the Customer to
expedite the legal review process
• Make the SLA review a non-event. It is just standard software licensing
language
• Pull the latest version from www.vericept.com
• Engage your Channel Sales Manager to field 100% of the questions and
proposed red-line. Under no circumstance should our CVSP negotiate verbiage
changes to the SLA!
• Get signature on the SLA or online approval for the electronic version
Vericept Proprietary and Confidential
Close Vericept Sales Cycle
IV. CLOSE – The Win
The deal is booked when two things happen –
1. Vericept receives a valid Purchase Order from the CVSP or Distributor and
2. Vericept receives the signed Software License Agreement (either hardcopy
or electronic)
CONGRATULATIONS – you’ve now delivered a true solution that will
positively impact the senior members of your Customer. You will now
be elevated to a trusted advisor level in their eyes (if you weren’t there
already).
Move to Implementation
Vericept Proprietary and Confidential
Section IV: VERICEPT’S PRODUCTS
ARE CALLED SOLUTIONS
Vericept
Protecting your Information and Reputation
Vericept Proprietary and Confidential
Security Market Our Piece of the Pie
Landscape
Vericept
$3.3 Billion (2008)
Messaging Security - $1.7B
Market SCM Appliance - $1.6B
Opportunity
Secure
Content
Monitoring $7.5 Billion (2008)
Market
Internet Security
&
Privacy Market $16 Billion (2008)
IDC Estimates (April, 2004)
Vericept Proprietary and Confidential
Gartner’s
Hype
Cycle
Vericept
Vericept Proprietary and Confidential
Vericept Solutions System Requirements
• Dedicated Appliance
- Intel-compatible processor
- 3 GHz minimum processing speed
- 2 GB RAM
- 120 GB Hard drive or larger
- 2 network interface cards (NICs)
- CD-ROM drive
- Floppy disk drive
• Operating System
− Red Hat Enterprise Linux (RHEL) version 3.0
WS
Vericept Proprietary and Confidential
“Installing and configuring the
Vericept Standalone Deployment Vericept solution was almost
easier than taking it out of the
box.”
- Sean Doherty
Technology Editor
Network Computing Magazine
Vericept Proprietary and Confidential
Vericept Distributed Deployment
Vericept Proprietary and Confidential
Vericept Distributed Deployment cont.
Vericept Proprietary and Confidential
Vericept’s Intelligence Platform
Information Regulation
Acceptable Preventive Compliance Custom
Privacy and Manager
Use Security Search
Compliance HIPAA
Parameters
Manager Manager
Manager GLBA
CA 1386
Filter Intelligent Content Analysis
Data-in-Motion | Data-at-Rest
Monitoring Engine
Blocking Solution
Vericept Proprietary and Confidential
Vericept Solutions – Composition by Solution
Information Acceptable Preventive
Privacy and Use Security
Compliance Manager Manager
Manager
Structured and Unstructured Data Structured and
Unstructured Data Adult Unstructured Data
CA Driver’s License Conflict Hacker Research
Credit Card Number Gambling Impending Threats
Protected Health Information (ePHI) Games Preparation for Attack
Personal Information (eNPI) Racism Suspicious Activity
Social Security Number Shopping Unauthorized Access Attempts
Confidential Sports
Disgruntled Substance Abuse
Information Hiding Research Trading
Mergers & Acquisitions Violent Acts
Resignation Weapons
Peer-to-Peer File Research
Capture All Instances
IM & Chat Capture All Instances
Mailing Lists IM & Chat
Peer-to-peer File Share Mailing Lists
Postings Peer-to-peer File Share
Webmail Postings
Webmail
Vericept Proprietary and Confidential
Vericept Solutions – Composition by Category
Regulation Custom
Acceptable
Compliance Search
Use Manager - EDU
Manager* Parameters
(AUMe)
(RCM)
Unstructured Data CSP’s are used to identify
1. RCM CA 1386 Adult company-specific information
Structured Data Conflict
CA Driver’s License Examples:
Gambling
Credit Card Number Proprietary information
Games
Personal Information (eNPI) Trade secrets
Gangs
Social Security Number Intellectual property
Plagiarism
Racism Communication with
competitors
2. RCM HIPAA Shopping Company-specific jargon
Structured Data Sports Project acronyms
Protected Health Information (ePHI) Substance Abuse Customer account numbers
Social Security Number Trading
Violent Acts
Weapons
3. RCM GLBA Peer-to-Peer File Research Stored
Structured Data Hacker Research Data Analyzer
Credit Card Number
Personal Information Capture All Instances
Social Security Number IM & Chat
Mailing Lists
*These contain only the minimum
categories necessary to comply
Peer-to-peer File Share Data At Rest
Postings
Webmail
Vericept Proprietary and Confidential
Vericept Pricing Strategy
• 3 year term - paid up front (software maintenance included)
• Perpetual License (software maintenance 20%)
• Pricing & volume discount based on number of workstations
• Minimum deal size of 250 workstations
• VSP or Vericept can source hardware
• Work passionately to maintain the List Price!
Price List updated quarterly
Vericept Proprietary and Confidential
Training Exercise
CASE STUDY:
You have called on the Chief Information Security Officer of a major
hospital group. You’ve learned that she is very concerned about protecting
protected health information and HIPAA is a constant board-level topic. In
addition, her VP of Human Resources asked her if she was aware of any
technology to track employees who visit unauthorized websites. Their
network is comprised of 1,100 workstations but 1,900 users.
1. What Vericept Solutions would you recommend? Which solutions would
address which problems?
2. What is the price of the proposed solutions?
3. What else beside software should be factored into your proposal?
Vericept Proprietary and Confidential
Section V: PARTNER RESOURCE
CENTER
Vericept
Protecting your Information and Reputation
Vericept Proprietary and Confidential
Partner Resource Center – www.vericept.com
Vericept Proprietary and Confidential
Vericept Solutions Online Demos
Solution Demo Username Password
Acceptable Use demo1.vericept.com Administrator woulduknow
Manager demo2.vericept.com
Information Privacy demo3.vericept.com Administrator woulduknow
and Compliance demo4.vericept.com
Manager
Preventive Security demo5.vericept.com Administrator woulduknow
Manager demo6.vericept.com
Acceptable Use demo7.vericept.com Administrator woulduknow
Manager - Education
All Solutions demo13.vericept.com Administrator woulduknow
Filter demo14.vericept.com Administrator woulduknow
demo15.vericept.com
Vericept Proprietary and Confidential
References Online
Vericept Proprietary and Confidential
Sample Policy Concerns and Solution Mapping
External or Internal Vericept Monitoring Category
Policy Concern
Equal Employment Racism
Harassment – Free Workplace Adult, Conflict, Violent Acts, Racism
Substance – Free Workplace Substance Abuse
Health, Safety and the Environment Weapons, Conflict
Political Activities Custom Search Parameters
Conflicts of Interest Custom Search Parameters
Fraud Custom Search Parameters
Vericept Proprietary and Confidential
Sample Policy Concerns and Solutions Mapping (cont.)
External or Internal Vericept Monitoring Category
Policy Concern
Antitrust Custom Search Parameters
Proprietary and Confidential Information Confidential, Mailing Lists, Disgruntled
Employees, M&A, Personal File Information,
Social Security Numbers, Custom Search
Parameters, Non-public Personal Information,
Personal Health Information
Inside Information and Trading Company Confidential, M&A, Custom Search Parameters
Securities
The Media and Financial Community M&A, Postings, IM & Chat, Web-mail, Custom
Search Parameters
E-mail, the Internet and the Use of IM & Chat, Sports, Shopping, Trading, Games,
Company Property Confidential, Custom Search Parameters
, Racism, Web-mail, Postings, P2P Research, P2P
File Sharing, Adult
Vericept Proprietary and Confidential
ORGANIZATION URL
Certified Information Systems Security Professional http://www.cissps.com/
CompTIA http://www.comptia.org/certification/security/default.aspx
US Department of Homeland Security http://www.infragard.net/
International Information Systems Security Certification Consortium https://www.isc2.org/cgi-bin/index.cgi
Information Systems Security Association http://www.cisecurity.org/
Information Systems Security Association http://www.issa.org/
Infragard http://www.nipc.gov/infragard/infragard.htm
Security Focus Website http://www.securityfocus.com
The Center for Internet Security http://www.sans.org/index.php
The SANS Institute http://www.jhita.org/electric.htm
US. Department of Justice http://www.cybercrime.gov/
American Medical Association http://www.cms.hhs.gov/hipaa/hipaa2/
Centers for Medicare and Medicaid Services http://www.hhs.gov/ocr/hipaa/
Health Privacy Project http://www.ama-assn.org/ama/pub/category/4234.html
United States Department of Health and Human Services http://hipaa.wpc-edi.com/HIPAA_40.asp
Joint Commission on Accreditation of Healthcare Organizations http://www.jcaho.org/
Joint Healthcare Information Technology Alliance (JHITA) http://www.healthprivacy.org/
Gramm-Leach Bliley http://www.ftc.gov/privacy/glbact/
Sarbanes Oxley http://www.sarbanes-oxley.com/
Children's Internet Protection Act http://www.ala.org/ala/washoff/WOissues/civilliberties/cipaweb/cipa.htm
Family Educational Privacy Rights Act http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Vericept Proprietary and Confidential
Section V: VERICEPT CORPORATION
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Vericept Background
• Founded in 1999 – Denver, Colorado
• Award-winning, patent-pending (5) technology
• Seasoned Management Team & Approximately 65
Outstanding Personnel:
• Financial backers: Sigma Venture Partners, William Blair
Venture Capital, Sequel Venture Partners, Visa International
• Industries: financial services, healthcare, retail,
manufacturing, government, education, pharma,
telecommunications, energy…
• Approximately 600 customers trust Vericept – over 1.5M
workstations being monitored
Vericept Proprietary and Confidential
Vericept Mission Statement
To Be The Leading Global
Provider of Information Protection
and Misuse Prevention Solutions
Vericept Proprietary and Confidential
Vericept Sales Strategy
Direct Accessible Markets
• Enterprise > $500m
• Hospitals > $4b
• Federal Government VSP Accessible Markets
Direct • SME < $500.01m
Sales • Hospitals < $4.01b
• State & Local Government
• Education
Solutions
Partners
Distributors
Vericept Proprietary and Confidential
Vericept Solutions Partner Program – VSP’s
VISION
To be the standard in which our partners measure their other
vendors.
MISSION
Create a global ecosystem of solution partners who leverage the
unique capabilities of Vericept solutions to create new customers and
organically grow existing customers in a profitable and mutually
beneficial manner.
VERICEPT CHANNEL SALES MANAGER OBJECTIVE
Maximize revenue in each region.
Vericept Proprietary and Confidential
Vericept Solution Partner Program – VSP’s
Certified Vericept Solution Partner Requirements
• Certified Vericept Solutions Architect
• Certified Vericept Sales Engineer
• Self-Sufficient Through Entire Sales Process (conduct EA’s)
• Relentlessly pursue customers defined in the VSP Accessible Markets
• Generate at Least $500k in Vericept revenue to CVSP
• VSP Accessible Market (as defined by Hoovers Online)
- SME’s: annual revenue < $501m
- Education (K-12 and higher-ed)
- State & Local Government
- Standalone Hospitals & Hospital Groups < $4.01b in annual revenue
- CSMs have the named account list
Vericept Proprietary and Confidential
Lead Referral Program
For Customers Outside of the Scope of the VSP Accessible Markets
Principles of Engagement
• Submit a completed VSP Lead Qualification Form
• One VSP Lead Qualification Form per Customer transaction.
• Vericept controls the sales process from the moment the VSP Lead
Referral Qualification Form is approved in writing.
• Vericept, as a best practice, will incorporate the CVSP’s service delivery
team to the extent it has the certification, experience, and desire.
• Referral fee is only applicable to the Vericept software portion of the
transaction.
• One referral payment per VSP Lead Qualification Form.
Vericept Proprietary and Confidential
Vericept Proprietary and Confidential
Michael Reagan
Dan Gannon
VP Worldwide Channel Sales
SVP of World Wide Sales
Office: 303.268.0512
Central Office: 303.268.0516
Cell: 303.478.3706
Cell: 303.588-1975
mike.reagan@vericept.com Region Northeast dan.gannon@vericept.com
Region
Sara Avery
CSM - Northeast Region
Office: 303.268.0532 Ken Totura
Cell: 303.898.2487 Director of Partner Development
sara.avery@vericept.com Office: 303.268.0537
Cell: 303.506.1568
ken.totura@vericept.com
Kevin Homer
CSM - Southeast Region
Office: 303.268.0533
Headquarters
Cell: 303.570.6699
750 W. Hampden Ave.
kevin.homer@vericept.com
Suite 550
Englewood, CO 80110-2163
Erick Waggoner www.vericept.com
CSM – Central Region
Office: 303.268.0539
Cell: 719.331.9594
Western Technical Support
erick.waggoner@vericept.com
Region i 800.262.0274 x7500
support@vericept.com
Damon Morriss
CSM - Western Region Southeast
Office: 310.545.7699 Region
Cell: 310.947.2594
damon.morriss@vericept.com
Updated 1/8/04 Vericept Proprietary and Confidential
Market Landscape
TIER 1
Content
• Direct
Monitoring
competitors
TIER 2
• Not directly
Employee competitive
Internet Compliance
• Potential
Management /
partners
Messaging
TIER 3 • Not
Network competitive
Security / • Sometimes
Forensics asked about
Vericept Proprietary and Confidential
Vericept Differentiators: Why Vericept?
Differentiator #1: It’s all about what you DON’T know
Differentiator #2: Vericept identifies sensitive content in unstructured formats
Differentiator #3: Linguistic Analysis Engine
Differentiator #4: Vericept monitors all TCP/IP traffic
Differentiator #5: Vericept monitors both incoming and outgoing traffic
Differentiator #6: Low Total Cost of Ownership
Differentiator #7: Preventive Security
Differentiator #8: Stored Data Analyzer
Differentiator #9: Partners, Customers, Customer Quotes & 3rd party validation
Differentiator #10: We will work just as hard to keep you as a customer as we will to
make you a customer
Vericept Proprietary and Confidential
Section VII: BEST PRACTICES
Vericept
Protecting Your Information and Reputation
Vericept Proprietary and Confidential
Best Practices
Target the industry verticals
• Healthcare, Education, Finance
• Any one with information and a reputation to protect
This is a strategic business decision; not an IT decision
• But remember IT is a critical stakeholder
The economic decision-maker is usually a CIO, CFO, and or CEO
• Critical coaches include: Compliance Officer, Director of Security, VP of
Human Resources, Internal Audit, etc.
Sales Math (per month) – 12 leads (3/wk) = 3 EA’s = 1 Win
Vericept Proprietary and Confidential
Best Practices
Selling Vericept Requires:
• Focus, focus, focus – persistence, persistence, persistence
• But know when to fish or cut bait
• Consultative Selling because this is a solution – not a product sale
• Leverage the proven “best practices”, resources, and your Channel Sales
Manager
Forecasting (yes – forecasting and here’s why)
• Your Channel Sales Manager can proactively engage resources to expedite the
sales process (themselves, Vericept Executives, key Customer References, etc.)
• Reduces channel conflict because your Channel Sales Manager will only go on
account calls with one CVSP. Race goes to the swiftest.
• Vericept leads get distributed to those who focus on Vericept the most and
forecast diligently.
• Because your Channel Sales Manager has to forecast to Vericept each and every
week!!
Vericept Proprietary and Confidential
The Best Best Practice
STRIKE WHEN THE IRON IS HOT
• Especially after the initial Exposure Assessment presentation
• If the sales process is not moving forward – then it is moving
backwards.
• Our most successful Partners have learned that lesson well
“Every Day Matters”
Jen Cantwell
Sr. Sales Executive
Vericept Corporation
EMC, Tyco Intl, United Technologies Corp.,
Massachusetts Financial Svs.
Vericept Proprietary and Confidential
You’re Not the Only One Who Believes in Vericept!
Partnering to combat Fraud and Identity Theft
• Vericept is the only Content Monitoring Partner within Visa’s
exclusive Strategic Alliances Program
• Strategic discussions and planning underway to develop
initiatives for managing information risk
• www.visa.com/sai
Vericept Proprietary and Confidential
Award-Winning Technology
Honors leading-edge technology that provides
measurable business value to end-user organizations.
Reflects technical excellence, professional
achievement and the important role that
information security professionals play in helping
to shape the industry.
“Vericept earned our Editor's Choice Award by
providing a path of least resistance to monitoring
network use and for its superiority in identifying
abuse.”
Vericept Proprietary and Confidential
THANK YOU VERY MUCH
CONGRATULATIONS – You’re a CVSA!
Vericept
Protecting your Information and Reputation
Vericept Proprietary and Confidential
