Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Rapid Response RetainerService Overview

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2

Why Verizon Rapid Response Retainer?

• Computer security incidents continue to rise– Sensitive data breaches, corporate espionage, malware, hacktivism

– Internal and external threats

– No company or industry is immune to being attacked

• Not a matter of “if” but “when” you will have a computer security incident

– How prepared are you?

• Benefits of the Rapid Response Retainer:– Trusted relationship established upfront – prior to an incident

– Quick to engage: Contract already in place when you need us in an emergency

– Guaranteed response SLAs, worldwide

– Discounted hourly rates (vs. non-Retainer customers)

– Ability to leverage Network-based Intelligence from the global Internet backbone

• No other forensic vendor offers this capability!

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3

• Forensic Investigations

• Malware Analysis

• PCI Investigations (PFI)

• Mobile Forensics

• Electronic Data Recovery and Destruction

• eDiscovery and Litigation Support

• Network Intelligence

RISK Team Services

Reactive Services

Verizon RISK team has investigated 8 of the world’s 10 largest data breaches!*

• Incident Response Plan Development

• First Responder’s Training

• Mock Incident Exercises

• Industrial Control Systems Cybersecurity Assessments

• IDS 2.0 and Netflow Analysis

• Watchlist Matching

• Incident Analytics

Proactive Services

*Source: http://www.idtheftcenter.com/

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4

RISK Team – Global Reach

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5

Rapid Response Retainer

• 24 or 48-hour investigator “in-transit” response• North / South America, Europe/Middle East, Asia-PacificRapid Response SLA

• Multiple escalation channels• Dedicated Investigative Liaisons• Phone support until investigator arrives onsite

Phone Response SLA

• IR Policy Review and “Gap” Analysis• IR First Responder’s Training• E-Discovery Policy Review and Training

Upfront Discovery

• Access to Verizon’s Risk Intelligence Portal• Weekly Intelligence Summaries, monthly Risk Briefings,

whitepapers, Hot-or-Hype analysis, etc.Security Intelligence

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6

Triggering the Retainer

Phone / remote support provided until investigator arrives onsite

Incident Occurs

Customer Calls Retainer Hotline

Engagement Letter / Scope Objectives

Investigator(s) In-Transit

On-Site Delivery Commences

Forensic Investigation and Documentation of

Findings

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7

Retainer Engagement Letter

Engagement Letter:

- Defines scope and objectives

- Obtains customer’s authorization

- Ensures accountability

- Filled out by a member of the Verizon RISK team after initial escalation call

- Customer signs and returns to Verizon

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8

Retainer Onboarding Process

Escalation Channels

Engagement Process

Investigative Liaisons

Authorized Customer POC’s

RRR Email Distro

Risk Intel Portal

Incident Reviews / Trigger Points

Netflow / CIP Schedule

Upfront Discovery

o IR Plan Gap Analysis

o First Responder’s Training

Current IR Capabilities

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9

First Responder’s Training Topics

Current State of Security

Incident Response

Fundamentals

Evidence Handling / Chain of Custody

Volatile Data Collection /

Analysis

Forensic Imaging

Techniques

Basic Forensic Analysis

Malware Analysis for

First Responders

IR Mock Incident / Table-

Top Exercise

E-Discovery Training

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10

Rapid Response RetainerAnnual SLA Pricing

Response SLA DescriptionAnnual Fee (per region)

24-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 24 hours.

£18K

48-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 48 hours.

£15K

The SLA program components are designed to help Customer enhance their ability to respond to incidents through: 1) quick response from Verizon’s Investigative Response team; 2) built in IR policy review and IR training through Upfront Discovery; and 3) access to Verizon’s Risk Intelligence.

Additional Option

Description Annual Fee

NetFlow Option Verizon collects NetFlow data – from Verizon’s backbone – associated with Customer’s external IP address space, and maintains it for 30 days on a rolling basis. To be used as additional evidence source in investigations.

£7K

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11

Rapid Response RetainerIR Hours Pricing

T&M

(pay-as-you-go)

Flat rate @ £200/hour

Upfront

Flat rate @ £175/hour

OPTION #1: Hours may be purchased on a T&M basis, whereby hours will be invoiced on a monthly basis, for services delivered in the month preceding. If Customer does not trigger the Retainer, hours are not billed.

OPTION #2: Hours are purchased in a block, invoiced upfront. Unused hours will roll over if the SLA is renewed.

Flexible Use: IR hours may be used for any RISK team services

IR hours are used during engagements for which Customer triggers the Retainer service.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Questions?