ALIENVAULTMSSP Program Description & Pricing (for all sizes)F Y 2016

Market RealitiesThe Security Challenges Your Customers Face Lack the in-house capabilities required to keep pace with changing business demands, compliance mandates,and emerging threats for strategic implementation of new IT security solutions. Don’t have the capabilities to effectively monitor and manage the security infrastructure to ensure optimalutilization of current assets. In-house IT staffs spend far too much time on day- to-day operational security issues versus new strategicprojects. Depend on IT security tools and processes that provide a reactive, rather than proactive, approach tomitigating risk and minimizing data loss and downtime. Which has led to organizations moving to MSSPs

There are 2 Types of MSSPs Those who try to buy & build andintegrate it all on their own Those who look for a platform that isalready integrated – or “Unified(Integrated) Security Management”

Why AlienVault For Managed Security?ü Easy centralized management with a federated architectureü Threat intelligence from AlienVault Labs and Open Threat Exchange (OTX)ü Vertical/Horizontal Offerings Easily build security catalog around USM platform’s built-in essential security capabilities Threat detection / Alerting / Prioritization / Responseü Large library of compliance reportingü Flexible deployment options including both hardware or virtual appliancesü "Pay as you Grow" licensing mode

Start/Expand Your Service Catalog: “What can I offer?”Managed security operations and response- Provide first line incident detection and triage- Escalate to customer as needed for remediation responseReporting of vulnerabilities and threats- Identify known malicious entities probing their systems- Detect latest attack payloads- Identify compromised systems- Leverage time-tested security controls with minimal deployment overhead- Identify potentially insecure behaviors- Identify unpatched software, known to vulnerable


ArchitectureBuild it.Sensor AssetDetectionVulnerabilityAssessmentIDSHost IDSUSM Server NetFlowAnalysisServiceMonitoringLogNormalization Event CorrelationEvent Storage / QueryManagement Console LoggerLong-Term SecureLog StorageLog Query

Sample DeploymentsMSSP DeploymentCustomer ’s AlienVault USMAll-in-OneAlarms & RemoteAdministrationSecurity DataAlienVault MSSPFederation ServerAlienVault MSSP Partner ’s EnvironmentCustomer Environment

Sample DeploymentsMSSP DeploymentAlarms & RemoteAdministrationCustomer ’s AlienVaultUSM ServerLoggerSensorsAlienVault MSSPFederation ServerAlienVault MSSP Partner ’s EnvironmentSensorsSecurity DataCustomer Environment

Traditional Multi-Tenancy ChallengesOften overlooked until it’s too lateData Spillage No matter the architecture, data is on the same machine or storage applianceSingle point of failure If your infrastructure goes down, you’re completely blind and so are your customersCapacity / Scaling You must constantly scale to meet the resources of your customers in aggregateMajor Upfront Cost for MSSP You can’t start with 1 customer you have to plan in blocks of 10,20 for resourcesDOS from one Customer One customer flooding events can impact the service of other customersBandwidth All logs need to be sent and processed creating unnecessary overheadDelay in processing/notification Events are emitted, transferred, normalized and then correlatedYou are far from the data Logs can be transmitted, but what about Netflow, IDS Inspection.?

Federation BenefitsFlexibility, Control and ComplianceCustomer’s AlienVault USMAll-in-One (Server, Logger,Sensor)Independent scaling of Customers Customers can vary in size from one server to hundredsFixed Cost Entity for MSSP Federated server can support hundreds of customers without upgrades to hardwareLog Data never leaves Network Compliance – “clear separation of data” Data Privacy Laws – No fear of data spills or shared access, etc.Little bandwidth Used Only alarms are forwarded not every eventNot dependent on central system for alerting Customer server still operates and alerts whether MSSP server is functional or connectedReady for Co-Managed Offerings Customer device can be accessed locally creating opportunities for self serve reporting and more.Ask about ourSolution Brief formore aboutFederation!

Customer Sizing ExamplesLoggerSingle location withless than 1000 EPS 1,000 EPS No remote locationsMultiple locationswith less than 2500EPS 2,500 EPS Remote locations andsensorsEnterpriseDeployment Many locations 2,500 EPS Distributed multilevelarchitecture

Product Sizing – What’s the difference between each product?All USM products are the same in terms of features, functionality, and capability. The only difference is capacity.USM All in One 25A, 75A, 150A – Includes a Sensor, Server, and Logger in one appliance. Has an Asset Based limitation of 25, 75,and 150. Assets Unique IP Addresses.USM All in One Unlimited Asset - Includes a Sensor, Server, and Logger in one appliance. Does not have an Asset Based limitation,instead it has a Performance Guideline of 1,000 EPS. If we disable the onboard Sensor, the EPS will increase to 2,500.USM Standard Server, Logger, Sensor – As USM scales, we separate the 3 components, into their own appliance so they canhandle larger amounts of data and more complex network architecture


MSSP “Getting Started” Package OptionsBooster PackagePublic Training DeploymentAssistance/Remote Consultant 5,000ORStandard PackagePublic Training DeploymentAssistance/Remote ConsultantORPremium PackagePrivate Training DeploymentAssistance/Onsite Consultant 22,000 10,000ü ACSE product training for one (1) personat an AlienVault training center or “LIVE”online training from anywhere in theworld.ü ACSE product training for two (2)people at an AlienVault training centeror “LIVE” online training fromanywhere in the world.ü One (1) day (8 Hours) of RemoteConsultantü Two (2) days (16 Hours) of Remoteconsultingü ACSE product training for up to eight (8)people at your facility or “LIVE” onlinetraining from anywhere in the world.ü Five (5) days (40 Hours) of RemoteConsultantü Two (2) days of Health Check Serviceü One (1) day of Health Check ServiceBecome a Certified AlienVault MSSP Partner

MSSP Program Participation Costs 2,000 / Month1-Year CommitmentOR 1,750 / Month2-Year CommitmentOR 1,500 / Month3-Year CommitmentINCLUDES:ü License to use AlienVault MSSP products as a managed serviceü MSSP Alarm Federation Serverü Support / Maintenanceü Threat IntelligenceTERMS:ü Subscription Licensing Modelü Minimum commitment of one yearü AlienVault Account Managerü Price incentive for multi-year commitü Access to an MSSP Solution Engineerü Virtual appliance form factor available for AWSü Hardware appliance form factor sold at standard hardware list prices

Volume Incentive Subscription PricingSILVER LEVELGOLD LEVELPLATINUM LEVELSilver Partners are organizationscommitted to delivering Security servicesleveraging USM (Unified SecurityManagement) to a small subset ofcustomers. They are interested inenhancing their partnership withAlienVault and taking initial steps towarda successful relationship through trainingand early stage marketing.Gold Partners have achieved provensuccess with their MSSP offeringleveraging AlienVault solutions and arecommitted to the continued adoption ofAlienVault technologies in themarketplace through the services theyprovide. These partners are also workingwith AlienVault marketing through avariety of programs (digital) andengagements.Platinum Partners are experts indelivering AlienVault’s superior, UnifiedSecurity Management solutions to theircustomers and have demonstratedsuccess across all a broad array ofcustomer environments/verticals.0 – 25 Customers25 Customers75 Customers1. Start off as SILVER2. Move to GOLD/PLATINUM based on # of Customers3. Get lower subscription prices as volume of customers increase

Customer Subscription Pricing (Virtual Appliance)Product NameMSSP All In One 25AMSSP All In One 75AMSSP All In One 150AMSSP All In One UAMSSP Remote SensorMSSP Standard LoggerMSSP Standard ServerMSSP Standard SensorMSSP Federation ServerSilverGoldPlatinum 200 425 550 800 100 700 1,400 525 1,500 175 350 475 675 85 600 1,200 450 1,275 150 300 400 575 70 500 1,000 375 1,050Definition KeyA – AssetUA – Unlimited AssetAsset – Unique IP Address

Hardware Appliance PricingProduct NameMSSP AIO 6x1GB - Hardware Deployment OptionMSSP Remote Sensor - Hardware Deployment OptionMSSP Logger 2.2T- Hardware Deployment OptionMSSP Logger 1.8T - Hardware Deployment OptionMSSP Server - Hardware Deployment OptionMSSP Sensor 6x1GB - Hardware Deployment OptionMSSP Sensor 2x10GB - Hardware Deployment OptionMSSP Federation Server - Hardware Deployment OptionPrice 9,6002,25012,0508,9008,2007,8508,5509,600

Hardware Appliance - Light Speed Replacement PricingProduct NamePrice / AnnualMSSP AIO 6x1GB - Light Speed ReplacementMSSP Remote Sensor - Light Speed ReplacementMSSP Logger 2.2T- Light Speed ReplacementMSSP Logger 1.8T - Light Speed ReplacementMSSP Server - Light Speed ReplacementMSSP Sensor 6x1GB - Light Speed ReplacementMSSP Sensor 2x10GB - Light Speed ReplacementMSSP Federation Server - Light Speed Replacement 1,7503003,0001,5001,5001,5001,5001,750Light Speed ReplacementAlienVault provides an (optional) Advanced Replacement program where a new (or refurbished) unitwill be shipped with priority shipping within 48 hours of RMA generation. In many Cases, the units willshipped the same day.

AlienVault:Discover Security That’s Highly Intelligent

The USM PlatformUnified Security ManagementSingle platform that simplifies andaccelerates threat detection, incidentresponse & policy complianceAlienVault Labs Threat IntelligenceActionable information about maliciousactors, their tools, infrastructure andmethodsOpen Threat ExchangeCommunity-powered threat data thatenables collaborative defense

USM PlatformSIEM Log Collection OTX Threat Data SIEM Event Correlation Incident ResponseBEHAVIORAL MONITORING Netflow Analysis Service Availability MonitoringASSET DISCOVERY Active Network Scanning Passive Network Scanning Asset InventoryVULNERABILITY ASSESSMENT ContinuousVulnerability Monitoring Authenticated / UnauthenticatedActive ScanningTHREAT DETECTION Network IDS Host IDS File Integrity MonitoringUnified, Essential Security Controls

Integrated Threat IntelligenceCoordinated Analysis, Actionable Guidance

Open Threat Exchange (OTX)The world’s largest communitypowered source of threatintelligenceThreat research is shared in OTX aspulses: collections of Indicators ofCompromise (IoCs). This includes IPs,domains, file hashes, and moreUSM alerts you whenIoCs are detected in yourenvironment

Open Threat Exchange(OTX) The world’s first truly open threat intelligencecommunity that enables collaborative defense withactionable, community-powered threat data With more than 26,000 participants in 140 countries And more than 1 million threat indicatorscontributed daily Enables security professionals to share threat dataand benefit from data shared by others

About AlienVault Founded in 2007 andheadquartered in San Mateo, CA Over 2,500 commercial customers Only company to be named“Visionary” in the Gartner SIEMMagic Quadrant in 2013, 2014and 2015 Backed by premier investors

Trusted by Thousands of Customers

Why AlienVaultPurpose Built - Founded to support MSSPs in a Federated (multi-tenant) environmentMassive market Opportunity - New security approach for large, under-served marketIntegrated Approach - Unified, Simple, and Affordable solution for complete security visibility as a MSSPThreat Intelligence - World’s largest crowd-sourced open threat exchange. Integrated actionable threat intelligence to supportyour threat team/investmentSimplified, intelligent management and reportingEasy-to-use GUI and exceptional analytical tools simplify security provisioning, operation and maintenance 70 MSSPs aroundthe world some supporting less than 5 customers some supporting 100’s of customersReal-time security updatesComprehensive security subscription updates are automatically pushed out to customers as soon as they become available,providing much faster and better protection than the competition.Better security through integrationOur innovative, integrated solutions protect against blended threats better than individual point products


CONTACT US888.613.6023THANK [email protected]

MSSP Pricing DisclaimerThis document represents the current pricing for the AlienVault Managed Security ServicesProvider (MSSP) subscription-based products. This document does not represent a contract orother obligations to provide these prices. The products, prices and program details are subjectto change by AlienVault at any time.

Major Upfront Cost for MSSP You can’t start with 1 customer you have to plan in blocks of 10,20 for resources DOS from one Customer One customer flooding events can impact the service of other customers Bandwidth All logs need to be sent and processed creat