Private & Confidential

NETMONASTERY

Company Profile [2014]

Cloud & Network (In)security is dominating the Headlines

“Top engineering has been failed repeatedly, reasons for this

sustained failure is beyond the engineering itself.”

2

The Enterprise TodayMountains of data, many stakeholders

Switch logs

Web server

activity logsContent management logs

Web cache & proxy logs

Unauthorized

Service DetectionIP Leakage

Configuration ControlLockdown enforcement

False Positive

Reduction

Access Control EnforcementPrivileged User Management

Malicious Code DetectionSpyware detection

Real-Time MonitoringTroubleshooting

User

Monitoring

SLA Monitoring

How do you collect & protect all the data necessary to secure your network and comply with critical regulations?

Router logs

IDS/IDP logs

VPN logs

Firewall logs

Switch logs

Windows logs

Client & file server

logs

Wireless

access logs

Windows

domain logins

Oracle Financial Logs

San File

Access Logs

VLAN Access &

Control logs

DHCP logs

Linux, Unix,

Windows OS logs

Mainframe logs

Database Logs

VA Scan logs

3

Introducing NETMONASTERY

…where Security & Big Data converge

NETMONASTERY’s product CNAM, is a Real-Time Threat Management Platform that

detects real attacks in real-timeCNAM delivers detection, correlation, intelligence and application monitoring in the easy

subscription model.

4

CNAM(Comprehensive

Network Attack

Monitoring)

COMPREHENSIVE NETWORK ATTACK MONITORING (CNAM)Your active threat management program

THREAT

DETECTION

APPLICATION

MONITORING

THREAT

INTELLIGENCE

SIEM

ENGINE

THREAT

ANALYTICS

…thwarts real attackers in real-time

• Detection Included

Focus on business

while the chores of

threat detection are

• Profile Recorder

Automatically detect

usage patterns and

build enforcement

• Curated Intelligence

Integration of curated

3rd party feeds from

multiple partners

• Managed Correlation

Be relieved from the

complexity of

correlation models andthreat detection are

managed

• Proprietary

Components

Identify threats using

custom developed

detection systems

• Collaboration Built-IN

Threat collaboration

identifies trends and

learns automatically

• Intelligence Connectors

Integrate with

intelligence providers for

early warning signs

build enforcement

profiles

• Integration Libraries

Security integration

libraries for commonly

used platforms

• Training & Support

Continuous help and

support for integrated

applications

• Custom Correlation

Building custom

correlation modules to

trap threat scenarios

multiple partners

• Local Ranking

Module

Heuristic Models are

used to locate

actionable intelligence

• Decoy Database

Live and deliberate bots

bring in mission critical

information about

threats

• Local Intelligence

Benefit from Local

intelligence using real

time collaboration

correlation models and

rules

• Real-Time triggered

rules

Built ground up for

complex threat

computation in real

time

• Unique Weighted

Engine

Accurate detection

systems customs built for

threat management

• Multi- Layer Mixer

Contextual correlation

layers to deliver accurate

results in real time 5

• The threat detection

stack exists but has a high

false positive ratios

• Servers, devices and

apps need to be

integrated to extract

• Monitoring the external

threat landscape needs

dedicated attention

• Evaluating the

environment and

understanding the needs

• Detection and

orchestration

technologies available

are extremely complex

• Correlation stack consist

of products that are

• CNAM brings along the

entire stack (detection,

correlation and

intelligence)

• Deploys on commodity

hardware or virtual

NEED EXPERTISE CHALLENGES NETMONASTERY

Why NETMONASTERY?Detecting threats from the unknown in the cyber world is a critical challenge that

needs special skill and engineering

integrated to extract

symptoms of attack

• Threat intelligence is

available from third party

sources need to be

integrated

• Recognizing threats

from the Internet in real-

time

• Detection must be

accurate and timely (real-

time)

understanding the needs

of the enterprise

• Building models for

defense using available

tools requires experience

• Deployments are

extensive and resource

hungry

• Skilled resources are

rare and expensive

of products that are

expensive

• Multi-tenant solutions

have data privacy issues

• Accountability resides

on the customers back

• Focus on the threat

detection use case

requires continuous

improvement

• Mid market has no

solution that is

substantial

hardware or virtual

systems

• Subscription model

ensures accountability

and accuracy

• Completely eliminates

need for skilled resources

• Pay-as-you-Grow start

small and grow in scope

and price

• Hosted model retains

data privacy in enterprise

sites

6

CNAM Features:NETMONASTERY attacks the core and delivers solutions rather than products that

are demanding

• Deep packet detection

technologies like

signature based, anomaly

based, flow based and

intelligence is deployed

on the clients infra

• Named Gartner Cool

Vendor in Security for

Technology and Service

Providers, 2014

• Showcased at the

Gartner Security Summit

KEY FEATURES ACHIEVEMENTS

1. CNAM is a pre-integrated platform that

brings detection, correlation, threat

intelligence and application monitoring as a

part of the product

2. CNAM is delivered in the subscription model,

THE CNAM PLATFORM

on the clients infra

• Unique SIX layer

correlation and

aggregation engine

• Application integration

into security

infrastructure

• Global and local threat

intelligence feed

integration

• Automated risk analysis

and response system

Gartner Security Summit

as a top 3 security

startups worldwide

• Service operational for

the last six years, without

an incident, and without

losing a customer

• Customer list includes

the largest telecoms,

banks, financial

institutions, exchanges,

datacenters and

ecommerce

2. CNAM is delivered in the subscription model,

customers pay based on their monthly data

usage

3. Accountability of management, accuracy and

real-time delivery remains with vendor

4. Average deployment time is 42 hours

7

About NETMONASTERYAbout NETMONASTERY

Overview NETMONASTERY NSPL

� Network security company , founded in 2002

� Goal :

� assisting enterprises in securing their network

� and applications by detecting threats in real time.

� Dedicated core group of security industry experts

Leader in detecting and nullifying threats,

Company Profile9

� Leader in detecting and nullifying threats,

� thereby keeping enterprises free from security hassles and

dangerous intrusions.

� Mission:

� To ensure that enterprises can stay secure and be relieved from

worrying about security of their infrastructure, thereby allowing

them to concentrate on their core business aspect.

An indicative timeline with the key milestones &

phases of growth by NETMONASTERYT

HE

TIM

ELI

NE

NETMONASTERY builds SiteVaxin

(Intrusion Prevention System) and

ZoneVaxin (Traffic Anomaly Engine).

Product re-engineered three times to

match demands, incorporating multi-

layer correlation, SaaS models, app

monitoring and data privacyCustomers

Understanding market need and

identifying growth potential

Initial product engineering

and beta roll-out

Re-engineering and

strategic alignment

Growth and roll-out in

global markets

10

CNAM is launched

with the first paying

customer

NM migrates from

consulting to services

Delivers Incident Handling services

Security Consulting Consulting (Intrusion Analysis)

Pioneering Powering the SaaS delivered SIEM

Retaining all customers since launch Customers: Multiple

Presence: India

Revenue: USD -

Profitability: 30%

Customers: 3000+

Presence: IN, US

Revenue: USD 5Million

Profitability: 50+%

$$$ Capital Influx

SUSTAINANCEGROWTH CAPITAL

Named

Gartner Cool

Vendor

NETMONASTERY Team

BINEETBINEETBINEETBINEETHEAD, OPERATIONSHEAD, OPERATIONSHEAD, OPERATIONSHEAD, OPERATIONS HARSHAOPERATIONS VIKRANTOPERATIONS SEANMARKETINGSHOMIRONSHOMIRONSHOMIRONSHOMIRONFounder, CEOFounder, CEOFounder, CEOFounder, CEOSHOMIRON is an intrusion analyst,

brings vision and strategy into

engineering and product

development

BINEET handles delivery and solution

design, brings core team

India

team

11

SANJAYSANJAYSANJAYSANJAYHEAD, ALLIANCESHEAD, ALLIANCESHEAD, ALLIANCESHEAD, ALLIANCESMEGHNATHANMEGHNATHANMEGHNATHANMEGHNATHANHEAD, ENGINEERINGHEAD, ENGINEERINGHEAD, ENGINEERINGHEAD, ENGINEERING

DEVENALLIANCES MERVINALLIANCESJAGDISHENGINEERING AKASHENGINEERING GAURAVENGINEERING

FAZALDESIGNdesign, brings core team

management. Been in the system for

the last 6Yrs

SANJAY builds partners and

alliances, brings strategy and growth

insight. Largely experienced with

27Yrs in various roles in IT / Risk

MEGHNATHAN builds solutions,

drives integration and intelligence

platforms. Been in the system for

6Yrs

US

team

TBKTBKTBKTBKUS CEOUS CEOUS CEOUS CEO ProfileProfileProfileProfile

TBKTBKTBKTBKVP, AlliancesVP, AlliancesVP, AlliancesVP, Alliances ProfileProfileProfileProfile

TBKTBKTBKTBKVP, ProductsVP, ProductsVP, ProductsVP, Products

Clientele

12

Market Traction: Clientele

� NETMONASTERY’s CNAM solution had been subscribed by more than 30

enterprises including :-

� One of the world's leading telecommunications groups, with a significant presence in

Europe, the Middle East, Africa and Asia Pacific

� One of the world’s leading media and entertainment companies broadcasting more

than 40 channels in 7 languages, reaching more than 600 million viewers every week

across India and 100 other countries

� Leading financial services powerhouse in India servicing over 2 million customers

13

� Leading financial services powerhouse in India servicing over 2 million customers

� Second largest Commodity & Derivative exchange of India

� Largest Pizza Delivery chain in India

� India’s largest auto media platform

� India’s third largest Public Sector Bank

� India’s fastest growing private sector bank with a network of 180 branches across 13

states

� India’s premier lender to SMEs and MSMEs

� India’s leading online travel portal having more than 40 million customers

� India’s leading Credit Information Company

Awards

14

NETMONASTERY Named Gartner Cool Vendor in Security for

Technology and Service Providers, 2014

Business Model

� NETMONASTERY employs the ‘SaaS’ based monthly subscription model as

it provides the following advantages

� PAY-AS-YOU-GROW – Enables the smallest customers to subscribe and grow securely

� NO CAPITAL EXPENSE – Bring down the most critical entry barrier, increase accessibility

� SUBSTANTIALLY CHEAPER – The delivery model makes expensive tech share cost

advantages.

� SLA DRIVEN PROGRAM – Zero risk on failed starts, the onus of delivery on the vendor

The subscription rates have been structured in a three tier format as per

15

� The subscription rates have been structured in a three tier format as per

the client size

� Tier I Client – USD 10,000 per month

� Tier II Client – USD 6,667 per month

� Tier III Client – USD 3,333 per month

Go to Market StrategyGo to Market Strategy

• Direct marketing

strategies will help get

direct face time with

customers and partners

• Strong online content

marketing strategies, is

• Press programs is

critical to widespread

success

• Engage with the press

directly and through

agencies to float pegs

• Hosting providers are a

natural fit to use CNAM

for the security delivery

platform

• Independent Software

Vendors are key to

• Need generation – it is

key for the customer to

understand the value

prop.

• Engagement – demos,

benefits and uniqueness

MARKETING PR STRATEGYALLIANCE

PROGRAMSSALES CYCLE

Unique strategies and messaging used for marketing

CNAM to the enterprise market

marketing strategies, is

building direct connects

• Participate actively in

partner marketing

programs

• Wait and watch for high

investment event

programs

• Social forums to be used

to establish thought

leadership and build a

strong a outreach

framework

agencies to float pegs

• Focus on GEO political

stories from threat data

analysis

• Build data partnership

to share security

intelligence with

publishers

• Seed stories with

journalists and allow

them to break

intelligence information

Vendors are key to

include monitoring to

their portfolio

• System integrators can

setup managed security

offering using CNAM

• Application developers

can integrate with CNAM

to deliver secure

software

benefits and uniqueness

• Proposal – scoping,

solution and submitting

the proposal

• Evaluation – defining

evaluation criteria,

evaluation

• Closure – negotiation,

closure and booking

• Average sales cycle

between 30 – 40 days

17

• HP, Intel, EMC, IBM,

Splunk, are SIEM

products that deliver

several use cases.

• Threat management

needs special detection

• Verizon, Damballa, Dell

SecureWorks, Paladion,

HCL are security service

providers

• Use off the shelf

products or the

• AlertLogic, SumoLogic,

SplunkStorm, Loggly are

SIEM / threat

management providers in

the cloud

• Primary focus on log

• CNAM is deployed in

the pay-per-use model

substantially cheaper

than the product

approach

• Deployed product, data

PRODUCT

APPROACHMSP OPERATORS CLOUD PROVIDERS NETMONASTERY

Different models pose different challenges and competition

for NETMONASTERY, presenting a map of the space

needs special detection

stack apart from the SIEM

• Special expertise is

required to deploy and

maintain the detection

engineering

• Extremely expensive

product, deployment and

maintenance.

• Long deployment time

but results not

guaranteed

products or the

customers infra to deliver

threat management

• Focus largely on system

management revenue

• In shared systems data

privacy is a roadblock

• Expensive for ownership

solutions, results not

guaranteed

• Primary focus on log

aggregation and

monitoring and not

threat management

• Pay-per-Use offers

substantial advantages

• Data privacy is breached

• Comprehensive solution

to threat management

does not exist

• Deployed product, data

remains with customer

data privacy intact

• Focuses on the threat

management use case

• Deploys quickly, average

of 42 hours per setup

• Accountability on the

vendor

• Expertise comes with

the solution platform

18

Industry OverviewIndustry Overview

SIEM Market Overview

� The security information and event management (SIEM) market is defined by the

customer's need to analyze security event data in real time for internal and external

threat management, and to collect, store, analyze and report on log data for

incident response, forensics and regulatory compliance

� SIEM is a $1.5 billion market that grew 16% during 2013; with an expected growth

rate of 12.4% during 2014

� The SIEM market is now dominated by relatively few large vendors — HP, IBM,

McAfee, EMC (RSA) and Splunk — that command about 60% of market revenue

20

McAfee, EMC (RSA) and Splunk — that command about 60% of market revenue

� Growth Drivers

� Breach detection is the primary driver

� Compliance remains a secondary driver

� In North America, there continues to be many new deployments by smaller

companies that need to improve monitoring and breach detection

� Demand for SIEM technology in Europe and the Asia/Pacific region remains strong,

driven by a combination of threat management and compliance requirements

Source: Gartner

Why CNAM is the best SIEM option

COST – High cost of acquisition INEXPENSIVE – Easy Pay-as-you-Go

COMPLEX – Correlation is challenging EFFORTLESS – Needs no configuration

SIEM CNAM

COMPLEX – Correlation is challenging EFFORTLESS – Needs no configuration

PRODUCT – Provides only correlation SOLUTION – Delivers a focused need

UPFRONT – Failure results in huge loss SUBSCRIPTION – No lock-in, risk-free

WIDE FOCUS – Multiple use cases FOCUSSED – Real-time threat mgmt.

21

Private & Confidential

Thank You

22