Vericept CVSA Training

About This Presentation

Title:

Vericept CVSA Training

Description:

... Peer ( i.e. KaZaA and Limewire) Chat rooms. Attachments. Web. hacking tools ... Safe work or school environments (free from violence, hostility and harassment) ... – PowerPoint PPT presentation

Number of Views:194

Avg rating:3.0/5.0

Slides: 114

Provided by: kento

Category:

more less

Transcript and Presenter's Notes

Title: Vericept CVSA Training

1
Certified Vericept Solutions Architect CVSA
Sales Certification Training
Ken Totura Vericept Corporation
4Q 2004
www.vericept.com
2
Why We Are Here Today

Incredibly Unique Product Means You -
Differentiate Yourself From Your Competitors
Build Trusted Relationships at the CxO Level
Earn Huge Margins
Solve Real Business Problems

3
What Keeps a CxO Up At Night?

Board of Directors
Chief Executive Officer
President Chief Operating Officer
Chief Financial Officer
Chief Information Security Officer (Compliance
Officer)
Chief Information Officer
VP of Sales
VP of Marketing
VP of Legal
VP of Human Resources

4
Agenda

The Problem and Solution
Business Risk Drivers
Introducing Vericept Corporation
Vericept Products are Called Solutions
The Science of Selling Vericept
Action Plan for Mutual Success
Certified Vericept Solution Architect
Congratulations!

5
Vericept Protecting your Information and
Reputation
Section I THE PROBLEM and now there is a
SOLUTION

6
Would You Immediately Know If

A trusted employee pasted confidential
acquisition information into a webmail message
and sent it to your competitor?
An employee downloaded hacker tools to their work
computer with the intention of stealing your
customers private data?
An employee posted your confidential executive
communications or financial data on
www.internalmemos.com or some other internet
posting site like Yahoo Finance?
An employee is using a P2P client and is
inadvertently exposing your proprietary
information to millions of other P2P users?

7
The Problem

Lack of EFFECTIVE VISIBILITY to confidential and
inappropriate content flowing across the network.
The risk and results can be significant

Information Loss
Company Intellectual Property, RD, Customer
Lists, source codeCorp. Espionage
Customer Information SSN, credit card number,
mothers maiden nameID Theft
Non-Compliance
GLBA, HIPAA, CA 1386 protecting customer
privacy
Sarbanes-Oxley protecting investors, corporate
ethical responsibility
Abuse of Internet Usage
Productivity employees and contractors surfing
the web for hours and hours
Legal Liability sexual harassment, workplace
violence, wrongful termination
Insider IT System Mischief/Hacking
Sabotage and Hacking viruses, worms, exploits
(leading to) Theft keyloggers, unauthorized
access
System Downtime troubleshooting and fixing
problems

8
Where is the Exposure and Risk?

Email and Web-based mail
Instant Messaging
Internet Postings
FTP
Peer-to-Peer ( i.e. KaZaA and Limewire)
Chat rooms
Attachments
Web

hacking tools
SOURCE CODE
9
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
10
Vericept Solutions Composition by Category
11
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category
2. RCM HIPAA Structured Data Protected Health
Information Social Security Number
3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
12
Enterprise Risk Management Through Intelligent
Content Monitoring
13
The Advantage Contextual Linguistics Analysis

Goes far beyond keyword searches by reading
content and understanding the context of the
communication
Can catch the more subtle risky communication
that other technologies miss
Almost 60 predefined categories leverage the
intelligence platform, flag and classify various
types of content traveling into, out of and
across a network
Works immediately out of the box, requiring no
lengthy data definition exercises or expensive
development efforts
How it works
Content looks at the text of the communication,
effectively reading it
Context looks at the communication format to
understand the meaning of the text
Structure looks at the communication type,
whether its email, a web page, chat, etc.

The Advantage Custom Search Parameters

Leverages Vericepts Extended Regular Expressions
which have been optimized by Vericept Labs
Combines power of intelligence with keyword
driven matches to enable more effective
identification of risks to an enterprise

14
Full Content Capture with Identity Match
Delivering unparalleled visibility, proof
positive evidence

Real customer examples, sensitive data has been
anonymized

Email attachment with list of names, SSNs DOBs
Employee web searching for cloaking / log
wiping program
15
Vericepts Unique Approach is the
SolutionIntelligent Content Monitoring, Analysis
and Reporting

Passively monitors the content of ALL internet
traffic
Includes web, web-mail, email, chat, instant
messaging, peer-to-peer file sharing, telnet,
ftp, postings and more...
Intelligently analyzes and identifies ONLY the
pertinent content at risk
Provides detailed content capture,
proof-positive evidence
Identity Match ties inappropriate activity and
content to the user
Provides detailed information delivery and
reporting
Ability to perform same intelligent analysis on
stored data

16
Vericept Value and Benefits

Prevents Information Loss, Identity Theft and
Corporate Espionage
Enables regulatory compliance
- Sarbanes Oxley
- GLBA
Reduces liability associated with inappropriate
use
Identifies rogue protocol usage
Stops unproductive and unethical internet use
Provides never before seen visibility to
enterprise risk
Compelling ROI and low TCO
Protects Brand, Reputation and Information

- CA SB 1386 - HIPAA
17
Vericept Protecting Your Information and
Reputation
Section II BUSINESS RISK DRIVERS
18
Externally Driven Policies Compliance
Regulation
Enterprise Risk Management
Report
Moni tor
Capture
Analyze
Internally Driven Policies Acceptable Use
Internally Driven Policies Information Controls
M a n a g e
19
Vericept Drivers
Internally Driven Policies Information Controls

Executive communications
Marketing plans
Merger and Acquisition activity
Research and development
Patents and trade secrets
Customer lists
Employee information (SSN, compensation)
and the list goes on

20
Vericept Drivers
Internally Driven Policies Acceptable Use

Internet use
Corporate email use
Instant Messaging use
Peer-to-Peer use
Appropriate content (or inappropriate)
Safe work or school environments (free from
violence, hostility and harassment)

21
Vericept Drivers
Externally Driven Policies Compliance

Healthcare Security HIPAA Security Rule
Gramm-Leach-Bliley
Sarbanes-Oxley
California Senate Bill 1386
USA Patriot Act
Childrens Internet Protection Act
Over 300 pieces of pending Privacy legislation

22
Vericept Protecting Your Information and
Reputation

Health Insurance Portability Accountability
ActHIPAA

23
Health Insurance Portability Accountability Act
of 1996

SEC. 261. PURPOSE.
It is the purpose of this subtitle to improve
the Medicare program under title XVIII of the
Social Security Act, the medicaid program under
title XIX of such Act, and the efficiency and
effectiveness of the health care system, by
encouraging the development of a health
information system through the establishment of
standards and requirements for the electronic
transmission of certain health information.

24
HIPAA The Five Basic Principles

Consumer Control The regulation provides
consumers with critical new rights to control the
release of their medical information.
Boundaries With few exceptions, an individual's
health care information should be used for health
purposes only, including treatment and payment.
Accountability Under HIPAA, for the first time,
there will be specific federal penalties if a
patient's right to privacy is violated.
Public Responsibility The new standards reflect
the need to balance privacy protections with the
public responsibility to support such national
priorities as protecting public health,
conducting medical research, improving the
quality of care, and fighting health care fraud
and abuse.
Security It is the responsibility of
organizations that are entrusted with health
information to protect it against deliberate or
inadvertent misuse or disclosure.

25
Customer Feedback
Vericepts Health Information Protection behaves
much like a linguistic firewall, identifying
unauthorized communication of PHI. It is helpful
to be able to alert our staff to actions that
could be deemed in violation of the new privacy
rules and our Appropriate Use Policy. Our
patients deserve the best care we can provide,
including respect for their privacy. - Dave
McClain Information Systems Security
Manager Community Health Network
Vericept has consistently met my expectations
and in many cases exceeded them. The install was
effortless and generally just sits there and does
its job. I would highly recommend it to anyone
who has a need for protecting both network assets
and confidential information. -Jason
HerrenNetwork Security Administrator Source
Medical
26
Leadership Validation
Vericept's Information Protection Solution
focuses on inappropriate content and prevents it
from being communicated through the vast array of
Internet communication vehicles available to most
employees. The significant risks associated
with webmail, IM and P2P applications, combined
with the mounting pressure to secure the privacy
of patient information, can make Vericepts
solution a robust fit for Healthcare
organizations.
- Brian Burke
27
Vericept Protecting Your Information and
Reputation

Sarbanes Oxley

28
Sarbanes-Oxley Requirements

Antifraud programs and controls
Fraud risk assessment (Section 103)
Actions to identify, prevent and mitigate
fraudulent financial reporting or misuse of
company assets
Revenue recognition, pricing discussions
CEO and CFO certification
Disclosure of controls and procedures (Section
302)
Ensure material information is made known to them
Evaluated effectiveness of disclosure controls
and procedures
Disclosed to audit committee and independent
auditors any significant control deficiencies,
material weaknesses and actos of fraud involving
management or other employees

29
Sarbanes-Oxley Requirements

Managements Annual Assessment Report
Assessment of Internal Controls over Financial
Reporting (Section 404)
Statement Management is responsible for
establishing and maintaining controls
Disclosure of any material weakness in system of
internal controls
Independent Auditors attestation report on
managements assessment of internal controls
Code of Conduct and Ethics
Ensuring adherence to Code (Section 406)
Existence does not address effectiveness
Should address conflicts of interest,
confidentiality of information, proper use of
assets, RPT, illegal acts and compliance with
laws and regulations
E-mail is a common communication method

30
Vericept Enabling Sarbanes-Oxley Compliance

Managing and Strengthening Internal Controls
Provides a continuous monitoring mechanism to
satisfy and enforce Internal Control requirements
Information financial and proprietary
Ethical and Conduct Codes
Communication paths
Data-in-Motion and Data-at-Rest
Specifically addresses 103, 302, 404 and 406

31
Actual Examples

Case No. 1. Potential Insider Tipping
Just prior to a Companys earnings announcement
(but luckily after the close of trading), a Sales
Employee contacts a third party by email and
indicates that the Company will have a great
quarter and that the third party should buy
stock. The Companys policy as well as federal
law prohibits such activity. The email is
retrieved using Vericept along with other emails
and the employee is dismissed. Employee does not
bring a wrongful termination lawsuit.
Case No. 2. Posting of Confidential Company
Information on the Internet
Highly confidential Product roadmap information
is posted on a message board on the internet.
Given the information, the Company believes that
someone in an Engineering lab may be posting the
information or providing a third party with the
information. The Company conducts an
investigation and immediately communicates to all
employees a new email policy noting that any
email communications are not subject to privacy.
Management describes to the employees Vericept as
a tool being utilized. No similar internet
postings have occurred since the communication of
the policy and the use of Vericept.
Case No. 3. Revenue Recognition Reviews
A non-material software sales transaction is
identified early in the quarter close procedures
as potentially not meeting the revenue
recognition rules. Vericept is utilized to find
the email trail that cleared the transaction.

32
How a prominent customer is using Vericept for
SOX
I am complying with 50 of my Ethical Code of
Conduct by using Vericept as an internal
monitoring control -Sr. Corporate Governance
Officer, Global Conglomerate
33
Vericept Protecting Your Information and
Reputation

Gramm-Leach-Bliley Act
(GLBA)

34
Gramm-Leach-Bliley 3 Primary Objectives

Ensure the security and confidentiality of
customer records and information
Protect against any anticipated threats or
hazards to the security or integrity of such
records
Protect against unauthorized access to or use of
such records or information which could result in
substantial harm or inconvenience to any customer

35
New Guidance Issued January, 2003

New guidance expanded GLBA
Federal Financial Institutions Examination
Council (i.e. the Bank Examiners)
Requires banks to take specific action to
Identify and manage risks
Test risk management practices
Monitor environment to control risk continuously
Five part framework to Information Security
Management

36
Five Part Framework Includes

Information Security Risk Assessment
Information Security Strategy
Security Controls Implemented
Security Tested
Continuous Monitoring and Updating

37
GLBA Examination and Enforcement

Examinations
Tier I
Assess process for identifying and monitoring
Eight Objectives
Tier II
Only when warranted after Tier I exam
Generally take much longer
Enforcement
Corrective action to enforcement action with
penalty fines

38
How Vericept Enables GLBA Compliance

FFIEC Handbook Safeguards
Risk Assessment
Continuous, formal process
Security Controls Implementation
Controls to protect against malicious code
Personnel security / authorized use
Logging and data collection
Monitoring and Updating
Continuously analyze threats
Monitor for technical vulnerabilities

Note Vericept developed the GLBA solution with
co-author Paul Reymann to specifically enable
compliance
39
GLBA Co-Author Validation
"Vericept's Information Privacy and Compliance
Manager solution identifies and manages risks,
tests risk management practices and monitors to
control risks. Vericept's comprehensive
monitoring approach enables financial
institutions to comply with regulations and to
protect against internal information
leakage. Paul Reymann CEO, ReymannGroup
Inc. Co-author of Section 501 of the
Gramm-Leach-Bliley Act Data Protection Regulation
40
Vericept Protecting Your Information and
Reputation

California
Senate Bill 1386

41
CA SB 1386 Requirements

What it is
As of July 1, 2003, state mandate requiring
public disclosure of computer-security breaches
in which confidential information of ANY
California resident MAY have been compromised
Who is affected
The law covers every enterprise, public or
private, doing business with California
residents.
"Personal Information" means an individual's
first name or first initial and last name in
combination with any one or more of the following
non-encrypted data elements
Social Security Number
California Driver's License Number or California
Identification Card Number
Account number, credit or debit card number, in
combo with security code, access code, or
password that would permit access to an
individual's financial account

42
CA SB 1386 Requirements

Mandated Action
Companies must warn California customers of
security holes in their corporate computer
networks
When a business discovers that confidentiality
has or may have been breached it must notify the
customers
If the business is unsure which customers have
been affected, it must notify ALL customers of
the breach. Obviously this is both an expensive
and embarrassing event.

Impact
Burden is on to notify any, and all possible,
effected consumers. If you cant identify which
ones, you must go public
Significant CMPs (civil money penalties) are at
risk

43
Applicable CA SB 1386 Categories across all
protocols

Personal Information
Detects communications of unencrypted personal
information such as home addresses, mothers
maiden name, date of birth, account numbers,
phone numbers, wiring information, security
codes, access code or password that would allow
access to an individual's financial account, etc
Social Security Number
Detects communications containing social
security numbers
Credit Card Number
This category will capture transmission of
credit or debit card numbers, in combination with
any required expiry date, security code, access
code, or password that would permit access to an
individual's financial account.
CA Drivers Licenses
This category will capture transmission of
California driver's license number or California
Identification Card.

44
Vericept Protecting Your Information and
Reputation

Fraud and Identity Theft

45
Fraud and Identity Theft Real, Growing Problems

Identity theft is one of the most damaging and
fastest growing crimes in the country. Almost 10
million Americans were victims of some form of ID
Theft within the last year
4.6 of Americans 9.91 million people
experienced some form of identity theft
3.23 million people whose personal information
was used without their knowledge had new accounts
opened (new credit card or loans)
6.68 million people whose personal information
was used without their knowledge had their
existing accounts misused (siphon off money, buy
stuff on eBay...
Average loss from misuse 4,800 per victim

46
Resulting Business Damage

Businesses, including but not limited to
financial institutions, lost 47.6 billion due to
identity theft in the year ending Sept 2003!
32.9 billion attributable to information
security breaches leading to new account opened
by unauthorized users
14 billion attributable to information security
breaches leading to existing account misuse by
unauthorized users
Example loss the cost to a credit card company
of canceling and issuing a new card is estimated
at 25 per card
In February 2003, one hacker breached the
security system of Data Processors International
and got access to as many as 8 million card
accounts
When victims lost 5,000 or more, 81 told
someone else this behavior places the companys
reputation at risk!!

47
The Insider Risk

Now, we have concrete data that employees are
stealing data

Some 60 of companies reported being victimized
by employee fraud

- KPMG Forensics Practice
Survey 2003

The top cause of identity fraud is now the theft
of records from employers or other business that
have records on many individuals"

-Trans Union
Report

More than one-third of the targeted financial or
data loss incidents involve insiders

- IDC Security
Survey, 2003

48
FTC Statistics Indicting the Insider

In a substantial portion of the identity theft
cases, the victims knew the perpetrators. They
were able to positively identify the thief as
working at a bank or company where they are a
patron i.e. the teller at bank, a cashier at the
point of purchase, etc.
Of all victims who knew the identity of the
thief, in 23 of the cases, the victim was able
to identify the person responsible was someone
who worked at a company or financial institution
that had access to the victim's personal
information
34 of victims that experienced perpetration of
personal information leading to misuse of
existing accounts identified an employee of a
company or financial institution with whom they
did business
13 of those who experienced perpetration of
personal information leading to the opening of
new accounts identified an employee of a company
of financial institution with whom they did
business

49
Attacking Fraud and Identity Theft

Intelligent Content Monitoring enables you to
Understand the areas of electronic exposure
pinpoint the areas most vulnerable to identity
theft, electronic fraud, and system attacks
Identify and assess new risks and take action
which areas demonstrate a high risk for leaks of
private information what is the cost associated
with a potential leak?
Measure the effectiveness of current measures
are they strong enough to stop leaks both from
external and internal attacks
Enforce your policies give the policies some
teeth!

50
Industry Analyst Validation
Increasingly, Fraud and Identity Theft are
becoming significant problems for business. IDC
estimates that over one third of the financial or
data loss incidents involve insiders. Vericept's
innovative approach ties the insider problem with
the leaking of sensitive information. IDC
believes organizations that are trying to combat
fraud and identity theft should consider
integrating Vericepts solution into their
overall exposure management and security
infrastructure. Brian Burke Research
Manager IDCs Security Products Program
51
Vericept Protecting Your Information and
Reputation

Security Market Landscape

52
Key Deloitte Findings

Perception of security and its importance to the
business was consistent across organizations of
all sizes most saw it as a risk management
exercise that is key to the business.
most financial institutions are attempting to
demonstrate how the controls they have
implemented to achieve security align with
relevant regulations and the demands of their
customers. Respondents answers reflected the
importance to their of company brand, data
protection and customer loyalty.
a well-devised privacy strategy can be a major
asset in attempts to stay ahead
An effective process requires the ability to
generate reports that detail vulnerability for
compliance and auditing activities.

Global Security Survey 2004
53
Key Deloitte Findings

Executives rank security as a high priority and
security initiatives are seen as a good
investment
Security is a business issue driven by
shareholder value, customers perception, brand
and reputation protection, legal and regulatory
compliance, vulnerability sustainability
Value more money is being spent to win back
customer trust.
83 of respondents acknowledged that their
systems had been compromised in some way in the
last year
Top 3 areas of concern for privacy compliance
unauthorized access to personal information,
managing 3rd party info sharing, managing
customer privacy preferences

Global Security Survey 2004
54
CSOs Top Concerns IP Loss and Compliance

The theft of intellectual property or other
proprietary information is also a top concern of
CSOs, with 91 saying that managing access to
critical information and documents is either
"extremely important" or "very important.
15 of the respondents said their employer has
lost or had critical documents or corporate
information copied without authorization in the
past year. Almost 25 said they could not be
sure whether such losses had occurred at their
company.
49 cited "issues related to regulatory
compliance" as the prime reason behind their
security purchases.

CSO Magazine Survey of 476 CSOs May, 2004
55
Gartners Hype Cycle
Vericept
56
Gartners Hype Cycle
57
Industry Trends
Corporate spending on security and business
continuity has been held back by two
factorsuncertainty about the severity of risk
posed by security threats and ongoing budget
austerity. However, any skepticism about the
potential consequences of a security breach is
fading fast as enterprises seek to improve their
ability to manage organizational risk. -John F.
Gantz Chief Research Officer SVP
International Data Corporation (IDC) September
29, 2003

IDC Predicts
Worldwide spending on security business
continuity will grow twice as fast as overall IT
spending.
40 of 1,000 IT managers surveyed saw security
as their top IT budget priority.
Spending will be driven both by immediate
security needs but also by the need to comply
with recent regulations that impact information
security such as HIPAA, Gramm-Leach-Bliley,
Californias Security Breach Notice Law, and
Sarbanes-Oxley Act.
September, 2003

58
Industry Trends
Based on the results of the survey, we predict
2004 to be the year companies begin to look at
security as a strategic enabler. Survey results
show 42 of companies surveyed will be looking at
security from a more strategic perspective -Joe
Duffy Partner Global Leader Security
Privacy Practice PricewaterhouseCoopers Septembe
r, 2003
Organizations around the globe are concerned
with Information Security Not surprisingly,
Europeans are more focused on ensuring customer
privacy while in North America, we are fixated on
potential liability issues. Cyber-terrorism is
a theoretical threat, but cyber-crime is a
reality happening everyday. Scott
Berinato Senior Editor of CIO CSO
Magazines September, 2003
59
Industry Trends
By 2005, the market for security and business
continuity products should hit a 15 growth rate
which should translate into more than 118
billion being spent on the technologies by 2007.
IDC sees content filtering as a potential growth
area as companies face legal risks posed by their
employees downloads. International Data
Corporation (IDC) September 29, 2003
I would argue good security is good
business. -Joe Duffy Partner Global Leader
Security Privacy Practice PricewaterhouseCooper
s September, 2003
60
Security Market Landscape Our Piece of the Pie
Messaging Security/ Employee Internet
Management Market
1.973 Billion (2007) Secure Messaging - 1.08M /
EIM - 893M
Secure Content Management Market
6.38 Billion (2007)
Internet Security/Privacy Market
118 Billion (2007)
IDC Estimates (October, 2003)
61
Market Landscape

Direct competitors
Trying to eat our lunch

TIER 1 Content Monitoring
TIER 2 Employee Internet Management / Messaging

Not directly competitive
Potential partners

Compliance
TIER 3 Network Security / Forensics

Not competitive
Sometimes asked about

62
Structured vs. Unstructured Data
More than 75 percent of enterprise data is
unstructured and document-related, rather than
being neatly sorted numbers in a database

More assets and intellectual capital are captured
in unstructured formats and documents
These mechanisms are more conducive for sharing
Unstructured data poses more risk

63
Financial Damages from Information Leakage

When a breach leaks confidential private
information (such as credit-card and bank-account
numbers or sensitive medical information)the
breach has a marked negative impact on the market
value of the company.
Cybercrimes where confidentiality is violated are
crimes that cause measurable negative impact in
the stock-market value of companies. In our
study, we found that companies lost an average of
slightly more than 5 of their market valuation.
- University of Maryland's Smith School of
Business
Impact of cybersecurity breaches on the
stock-market value, 2004

64
Market Validation Risk Management is a Driver
Intelligent Risk Management can enable
organizations to face an uncertain future
optimisticallyPreparation requires a focus on
risk management, intelligence-driven prevention
and response.
65
Vericept Protecting Your Information and
Reputation
Section III VERICEPT CORPORATION

66
Vericept Background

Founded in 1999 Denver, Colorado
Award-winning, patent-pending (5) technology
Seasoned Management Team Approximately 65
Outstanding Personnel
Financial backers Sigma Venture Partners,
William Blair Venture Capital, Sequel Venture
Partners, Visa International
Industries financial services, healthcare,
retail, manufacturing, government, education,
pharma, telecommunications, energy
Approximately 600 customers trust Vericept over
1.5M workstations being monitored

67
Vericept Mission Statement
To Be The Leading Global Provider of
Information Protection and Misuse Prevention
Solutions
68
Elevator Pitch (79 words)

Vericept Corporation is the leading provider of
enterprise risk management solutions enabling
corporations, government agencies and education
institutions to manage and dramatically reduce
insider risk. Vericept provides immediate
visibility to multiple forms of business risk
including regulation compliance violations,
corporate governance concerns, internal policy
infractions, information leaks, and unacceptable
internet use. Based on the patented advanced
linguistics engine, the Vericept Solutions
analyze all content of inbound and outbound
internet traffic using pre-defined categories,
enabling companies to instantly identify and
terminate any activity falling outside of an
organizations predefined acceptable use policy.
Vericepts innovative solutions prevent losses to
valuable information assets and protect the
organization Brand and reputation.

69
Vericept Sales Strategy
70
Vericept Solutions Partner Program VSPs

VISIONTo be the standard in which our partners
measure their other vendors.
MISSIONCreate a global ecosystem of solution
partners who leverage the unique capabilities of
Vericept solutions to create new customers and
organically grow existing customers in a
profitable and mutually beneficial manner.
VERICEPT CHANNEL SALES MANAGER OBJECTIVEMaximize
revenue in each region.

71
Vericept Solution Partner Program VSPs

Certified Vericept Solution Partner Requirements
Certified Vericept Solutions Architect
Certified Vericept Sales Engineer
Self-Sufficient Through Entire Sales Process
(conduct EAs)
Relentlessly pursue customers defined in the VSP
Accessible Markets
Generate at Least 500k in Vericept revenue to
CVSP
VSP Accessible Market (as defined by Hoovers
Online)
SMEs annual revenue
Education (K-12 and higher-ed)
State Local Government
Standalone Hospitals Hospital Groups in annual revenue
CSMs have the named account list

72
Lead Referral Program

For Customers Outside of the Scope of the VSP
Accessible Markets
Principles of Engagement
Submit a completed VSP Lead Qualification Form
One VSP Lead Qualification Form per Customer
transaction.
Vericept controls the sales process from the
moment the VSP Lead Referral Qualification Form
is approved in writing.
Vericept, as a best practice, will incorporate
the CVSPs service delivery team to the extent it
has the certification, experience, and desire.
Referral fee is only applicable to the Vericept
software portion of the transaction.
One referral payment per VSP Lead Qualification
Form.

73
(No Transcript)
74
Headquarters 750 W. Hampden Ave. Suite
550 Englewood, CO 80110-2163 www.vericept.com
Michael Reagan VP Worldwide Channel Sales Office
303.268.0512 Cell 303.478.3706 mike.reagan_at_veri
cept.com
Central Region
Northeast Region
Sara Avery Channel Sales Manager Northeast
Region Office 303.268.0532 Cell
303.898.2487 sara.avery_at_vericept.com Kevin
Homer Channel Sales Manager Southeast
Region Office 303.268.0533 Cell
303.570.6699 kevin.homer_at_vericept.com Damon
Morriss Channel Sales Manager Western
Region Office 310.545.7699 Cell
310.947.2594 damon.morriss_at_vericept.com
Technical Support 800.262.0274 x7500 support_at_veric
ept.com

Western Region
Ken Totura Director of Partner Development Office
303.268.0537 Cell 303.506.1568 ken.totura_at_veri
cept.com
Southeast Region
Updated 1/8/04
75
Vericept Protecting your Information and
Reputation
Section IV VERICEPTS PRODUCTS
ARE CALLED SOLUTIONS
76
Vericepts Intelligence Platform
Information Privacy and Compliance Manager
Acceptable Use Manager
Preventive Security Manager
Regulation Compliance Manager HIPAA GLBA CA 1386
Custom Search Parameters
Blocking Solutions
Intelligent Content Analysis Data-in-Motion
Data-at-Rest Monitoring Engine
Filter
Intelligent Traffic Controller prototype
77
Vericept Solutions Composition by Category
78
Vericept Solutions Composition by Category
Regulation Compliance Manager (RCM)

Acceptable Use Manager - Education (AUMe)

Custom Solution
(this is available though not a standard offering)
Unstructured Data Adult Conflict Gambling Games Ga
ngs Plagiarism Racism Shopping Sports Substance
Abuse Trading Violent Acts Weapons Peer-to-Peer
File Research Hacker Research Capture All
Instances IM Chat Mailing Lists Peer-to-peer
File Share Postings Webmail
1. RCM CA 1386 Structured Data CA Drivers
License Credit Card Number Personal
Information Social Security Number
8 Categories Total 7 Vericept Categories 1
Premium Vericept Category

RCM HIPAA
Protected Health Information
Social Security Number

3. RCM GLBA Structured Data Credit Card
Number Personal Information Social Security Number
These contain only the minimum categories
necessary to comply
79
Vericept Pricing Strategy

3 year term - paid up front (software
maintenance included)
Perpetual License (software maintenance 20)
Pricing volume discount based on number of
workstations
Minimum deal size of 250 workstations
VSP or Vericept can source hardware
Work passionately to maintain the List Price!
Price List updated quarterly

80
Training Exercise

CASE STUDY You have called on the Chief
Information Security Officer of a major hospital
group. Youve learned that she is very concerned
about protecting protected health information and
HIPAA is a constant board-level topic. In
addition, her VP of Human Resources asked her if
she was aware of any technology to track
employees who visit unauthorized websites. Their
network is comprised of 1,100 workstations.
What Vericept Solutions would you recommend?
Which solutions would address which problems?
What is the price of the proposed solutions?
What else beside software should be factored into
your proposal?

81
Vericept Deployment
Vericept Protecting your Information and
Reputation
82
Vericept Solutions System Requirements

Dedicated Appliance
Intel-compatible processor
3 GHz minimum processing speed
2 GB RAM
120 GB Hard drive or larger
2 network interface cards (NICs)
CD-ROM drive
Floppy disk drive
Operating System
Red Hat Enterprise Linux (RHEL) version 3.0 WS

83
Vericept Standalone Deployment
Installing and configuring the Vericept solution
was almost easier than taking it out of the
box. - Sean Doherty Technology Editor Network
Computing Magazine
84
Vericept Distributed Deployment
85
Vericept Distributed Deployment cont.
86
Vericept Protecting your Information and
Reputation
Section V SELLING VERICEPT
87
Vericept Sales Cycle
Create Interest
Qualification
Close
Conviction
VERICEPTSALESCYCLE

Call Scripts
Referrals

Online Demo
Initial
Exposure
Assessment

Secondary
EA Present.
SLA Review
Proposal
SOW

VERICEPTSALES TOOLS
88
Vericept Sales Cycle

CREATE INTEREST
Research your prospect
Identify corporate mission, company positioning,
key players, financials, recent news, Code of
Conduct, etc.
Contact Prospect at Business Decision-Maker Level
- (e.g., CIO, Compliance, HR, Finance, Internal
Audit, etc.)
Understand what they are responsible for and then
link Vericept benefit to them
Business Decision Makers

Chief Financial Officer
CSO / CISO
Chief Information Officer
Chief Ethics Officer
Corporate Compliance Officer

Chief Risk Officer
VP of HR
Corporate Governance Officer
Legal / Corporate Counsel
Chief Privacy Officer

Director of Security
Head of Marketing
CEO
Internal Audit

89
Vericept Sales Cycle

QUALIFICATION The Initial Hook
Flesh out their current security infrastructure
Flesh out their acceptable use policies
Would You Know If Questions
Share customer anecdotes
Present Vericept Corporate Overview and Online
Demo
Commit to next step (meet with other
stakeholders, Exposure Assessment, etc)
QUALIFICATION Understand the Procurement
Process
Learn typical procurement process
Determine availability of funds
Determine appropriation of funds (especially for
out-of-budget purchases)
Identify the titles and names of those affecting
the purchasing process
If youre pressured to deliver pricing prior to
the EA or proposal give them budget and
planning numbers of 20 to 30 per workstation
annually.

90
Vericept Sales Cycle

QUALIFICATION Reference Trial Close
The Demo you have just seen reflects the manner
in which the solution would be used and the types
of information that would be captured if the
solution were installed on your network. Based
upon your feedback, it sounds like this has a
clear and valuable fit in your environment. We
have the ability to deliver the solution in a
manner that can be recognized either as an
Operating Expense or Capital Expense. Which
would better fit with your budget and financial
structure?
Contact your Vericept Channel Sales Manager (CSM)
Share Customer Anecdotes, Case Studies and
Analyst Quotes
References Online
Broker a concall between the two parties

91
Vericept Sales Cycle

QUALIFICATION Exposure Assessment Trial Close
We have a program we refer to as the Exposure
Assessment. This Program provides a 7 day snap
shot of activity on your network and the various
points of business risk tied to inappropriate
network use and abuse. We install a Vericept
device on your network, let it run for 7 days
then present the results of our findings in the
form of an Executive Presentation. Typically the
Exposure Assessment is priced at 20,000.
However, as the program has evolved, at times
waive that fee provided your organization is
committed to gaining the executive level buy-in
on the program. This is done by confirming the
key stake-holders attend the Executive
Presentation. The reason for this request comes
from our desire to ensure were not wasting your
time or ours. Frankly, in the past we have had
some organizations that have learned, only after
performing an EA that they are not prepared to
address the issues and risks that were discovered
during the assessment. Usually, the key stake
holders are the executives responsible for
Compliance, HR, IT and Legal. Do you have
separate individuals responsible for these
functional areas? Would those individuals be of
a mindset to address these issues?
If yes, send the EA Agreement and require them to
get it signed by the individual that would
ultimately have purchasing authority should they
decide to purchase the Vericept solution.

92
Vericept Sales Cycle

QUALIFICATION Exposure Assessment Trial Close
Pull Exposure Assessment Agreement from
www.vericept.com and get it signed by customer
(decision-maker)
Set Exposure Assessment best practices
expectations
Provide Network Configuration Diagram Worksheet
Proactively secure the EA installation
presentation dates key contacts
Present a quick, but compelling, EA presentation.
Follow the proven Vericept format discuss the
deployment process (not as overwhelming as they
assume).

93
Vericept Sales Cycle

CONVICTION Secondary EA Presentation
If all stake holders are not present for the
Initial EA Presentation, the customer usually
conducts a secondary EA presentation to
additional decision-makers, stakeholders and
budget committees.
Offer to present to the secondary decision-makers
(not unusual to be declined because generally
additional action items are discussed during
those meetings that dont involve Vericept).
Do insist on helping the champion develop
his/hers Vericept presentation
Provide EA Presentation or shorter version
Provide role-play assistance
Provide additional documents, white-papers, or
references to solidify the decision and budget.
Help them find the budget dollars to buy now.
Express a willingness and capability to get
creative with the financing of the solution if
you think there may be budget issues.
Secure a date and time you will follow up with
the champion (typically the day after their
internal meeting)

94
Vericept Sales Cycle

CONVICTION Deliver Proposal
Deliver a Quote, Proposal or Statement of Work
put something in front of the customer for them
to say yes to.
Include the full complement of Vericept Solutions
Info Privacy protects your valuable information
Acceptable Use addresses employee productivity
and reputation risk management
Preventative Security capture the internal
hackers
Stored Data data at rest
Custom Search Parameters the tool to customize
Vericept
Never line item the pricing include all modules
with one aggregate investment price.
Be sure to include the points of pain
identified early on and the cost associated with
them
Follow up, follow up, follow up

95
Vericept Sales Cycle

CONVICTION Software License Agreement
Deliver the SLA as early as possible for the
Customer to expedite the legal review process
Make the SLA review a non-event. It is just
standard software licensing language
Pull the latest version from www.vericept.com
Engage your Channel Sales Manager to field 100
of the questions and proposed red-line. Under no
circumstance should our CVSP negotiate verbiage
changes to the SLA!
Get signature on the SLA or online approval for
the electronic version

96
Vericept Sales Cycle

CLOSE The Win
The deal is booked when two things happen
Vericept receives a valid Purchase Order from the
CVSP or Distributor and
Vericept receives the signed Software License
Agreement (either hardcopy or electronic)
CONGRATULATIONS youve now delivered a true
solution that will positively impact the senior
members of your Customer. You will now be
elevated to a trusted advisor level in their eyes
(if you werent there already).
Implementation is just as critical as the sales
process. Your Channel Sales Manager will deeply
assist you with the best practices, tools and
technical project management needed for a
positive customer experience.

97
Vericept Protecting your Information and
Reputation
SELLING VERICEPT

Tools, Deliverables and Support

98
Partner Resource Center www.vericept.com
99
Vericept Solutions Online Demos
100
Vericept delivers Summarized violations
This Vericept screen shows an organizational view
of the inappropriate activity on the network, it
is color-coded by category
101
Inappropriate use of the organizations assets
This real example shows an event that was
captured in the Adult category. In this case,
an employee is looking for free sex pics on the
internet
102
an employee conducting Hacker Research
Here Vericept captured a web-mail conversation in
which an inside hacker is proclaiming
victory Note the data has been anonymized
103
and Confidential info being sent in an
attachment via webmail
This is an actual example of Vericept catching a
Sales and Purchase Agreement in the form of an
attachment Note the data has been anonymized
104
References Online
105
Sample Policy Concerns and Solution Mapping
106
Sample Policy Concerns and Solutions Mapping
(cont.)
107
Some Helpful Resources
108
Vericept Protecting your Information and
Reputation
Action Plan for Mutual Success

Critical Success Factors

109
Critical Success Factors

Target the industry verticals
Healthcare, Education, Finance
Any one with information and a reputation to
protect
This is a strategic business decision not an
IT decision
But remember IT is a critical stakeholder
The economic decision-maker is usually a CIO,
CFO, and or CEO
Critical coaches include Compliance Officer,
Director of Security, VP of Human Resources,
Internal Audit, etc.
Sales Math (per month) 12 leads (3/wk) 3
EAs 1 Win

110
Critical Success Factors

Selling with Vericept Requires
Focus, focus, focus persistence, persistence,
persistence
But know when to fish or cut bait
Consultative Selling because this is a solution
not a product sale
Leverage the proven best practices, resources,
and your Channel Sales Manager
Forecasting (yes forecasting and heres why)
Helps Channel Sales Manager to proactively engage
additional resources such as themselves, Vericept
Executives, key Customer References, etc.
Eliminates channel conflict because your Channel
Sales Manager will only go on account calls with
one CVSP. Race goes to the swiftist.
Vericept leads get distributed to those who focus
on Vericept the most and forecast diligently.
Because your Channel Sales Manager has to
forecast to Vericept each and every week!!

111
The Most Critical Success Factor

STRIKE WHEN THE IRON IS HOT
Especially after the initial Exposure Assessment
presentation
If the sales process is not moving forward then
it is moving backwards.
Our most successful Partners have learned that
lesson well

Every Day Matters Jen Cantwell Sr. Sales
Executive Vericept Corporation EMC, Tyco Intl,
United Technologies Corp., Massachusetts
Financial Svs.
112
Youre Not the Only One Who Believes in Vericept!

Partnering to combat Fraud and Identity Theft
Vericept is the only Content Monitoring Partner
within Visas exclusive Strategic Alliances
Program
Strategic discussions and planning underway to
develop initiatives for managing information risk
www.visa.com/sai