SENTRY METRICS the right solution at the right time. 1 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. PROBLEM: IN-SOURCE, OUT-SOURCE – EITHER WAY, YOU LOSE Customers have 2 choices today - Self Service for those who can: manage Security Operations themselves via on-premise or SaaS - Managed Service for those who can’t: outsource to MSSP Most Customers are in the middle - Lack of mature procedures and best practice knowledgebase; dissatisfaction with existing service providers - Capable of some operations; varied across disciplines; desire to manage in-house; inefficient performance Attackers take advantage of the disconnects - Managed Services were designed to be low-cost; attackers have evolved beyond these boundaries - Poor visibility, meets-minimum service, and expertise atrophy with outsourced operations Outsourcing can improve posture, performance, and productivity … but at what cost? - Sacrificing in-house expertise and capabilities are now expensive trade-off’s for cost savings - Losing competency means losing to attackers. There has to be a better way… 2 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. SOLUTION: TIME TO TURN LOSE-LOSE INTO WIN-WIN Customer-centric solution required - Deliver managed services to continuously improve posture, performance, and productivity - Mature operations and develop client capabilities in parallel; transition back in-house = success Design and Operate services with Planned In-Source Service Transition - Build mature procedures and best practices into ITSM platform, including knowledgebase augmentation - Support client development with appropriate instruction, demonstration, support, and planned transition Close critical gaps that attackers prey upon - Restore technology performance, institute proactive measures, and improve response procedures - Raise visibility, continuous service improvement, and develop client *operations service* expertise Outsource-to-Insource is an investment in continuous service and capability improvement - Develop in-house expertise and capabilities in parallel with immediate and long-term cost savings - ITSM is the right tool for this kind of effort, and theSentry brings ITSM to Security 3 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. SOLUTION: HOW TO START WINNING Unified Technology and Services are key - theSentry – Award-winning ITSM Security and Compliance Management platform Full-service MSSP with 24/7/365 SOC Operations and Advisory Services support Extensive Knowledgebase and eLearning modules to support the right development at the right time Focus on Operations competencies as much as product-specific technical expertise theSentry Platform - 4 The industry’s only true ITSM Security and Compliance Management solution Supports best-in-class technologies, integrated solutions, automation, and client-specific flexibility SaaS-Based platform that our SOC uses to continuously improve posture, performance & productivity Extensive Knowledgebase and template library from years of managing Operations for our clients Core shared-services for CMDB, workflow, knowledgebase, integrations, dashboards, and reporting Discrete modules for Security Monitoring & Management (SIEM, IDP, Firewalls, Wireless, Web Security), Vulnerability Management, Distributed Denial of Service (DDoS) Protection, and Compliance Management Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. MARKET OPPORTUNITY: BRIDGING THE GAP FROM MSSP TO SAAS Multiple markets overlap this need - MSSP: $3B/year; $4B expected by 2015 in North America alone - IT-GRC: >$300MM/year; often used to fill security product gaps - Security SaaS: high growth in VA, SIEM, Web Security, etc. Disconnect creates opportunity - Existing MSSP clients do not have realistic transition path to SaaS Self-Managed clients can opt-in to temporary Managed Service ITSM Platform is a better fit that IT-GRC for Security Operations On-premise technologies can be delivered directly via SaaS model Client-Enablement strategy is differentiated - MSSP industry driven by client lock-in and expansion; Sentry disrupts client lock-in and enables transition to SaaS self-service - ITSM Platform is best-fit for continuous service improvement Proven Business Model - ServiceNow (ITSM): transition to SaaS through client enablement - Vigilant (MSSP): insource service transition; acquired by Deloitte 5 Leaders in Information Security, Compliance and Risk Management Solutions | Modest penetration across these markets provides significant short and long term revenue opportunity. Managed Services become a funnel for planned transition to self-service with Sentry SaaS attached. Confidential © 2013 Sentry Metrics Inc. MARKET ATTACK PLAN: - Already in-market; ~$6MM 2012 revenue in Canada - On target for >40% growth in 2013 - Primary growth planned from expanding into U.S. - Key investments in Sales, Marketing, and Engineering - U.S. SOC necessary for scaling U.S. enterprise clients - Time to revenue within 6 months, accounting for sales/Channel ramp-up (already in-market) - Time to profit within the first year - Key beachhead customers key to Segment Attack - Channel ecosystem key throughout phases - Key tech alliance partnerships in place today: - HP: ArcSight (SIEM); Tipping Point (IPS) - Rapid7; Qualys (Vulnerability Management) - Sourcefire (IDS/IPS) - Akamai (DDoS Protection) - We are Akamai’s first MSSP Channel Partner Staggered cycle of MSSP market capture & transition to SaaS 6 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. PRODUCT: INTRODUCING THESENTRY - Full ITIL-based, ITSM Security & Compliance Management - Library of templates & use cases to enable immediate value - Provides exceptional visibility and flexible customization - Process workflows can be mapped, managed and audited - Supports Security Operations and Compliance use cases - Supports best-in-class Security technologies + automation - Used by our SOC team to continuously improve productivity - Includes CMDB/Asset Management, Ticketing/Problem Management, Incident Management, Templates, Workflows, Attestations, Dashboards, and Custom Reporting theSentry establishes the knowledgebase, use cases, and mature procedures needed to transition from MSSP to SaaS 7 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. PATH TO MARKET: UNDERSTANDING OUR BUSINESS - Canadian business consists of direct and indirect sales Sentry Metrics - U.S. expansion leads with a Channel-based strategy - Combination of national and vertical/regional VAR’s - Advisory Services and Auditors are another key Channel Regional VAR Advisory/ Audit Advisory/ Audit National VAR - Vendor supplier draw is key, with product gap and Managed Services requirements fulfilled (as we do today in Canada) Advisory/ VAR - Service contracts signed directly with Sentry Metrics; billing and payment through Channel partners in the near term - Opportunity for White-Label Managed Services (as we do today in Canada) and OEM SaaS with U.S. based Service Providers - Early U.S. Channel Partner relationships in place today: U.S. Private Sector Customers 8 - North American National VAR (30+ offices); Regional VAR; Security Advisory/VAR; Application Advisory/Auditor; Global Security & Compliance Advisory/Auditor Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. IT-GRC COMPETITIVE EDGE • Modulo • RSA Archer • Agiliance - Current client disillusionment with large MSSPs - Substandard service delivery, SLA-only service quality, and lack of in-house expertise as a result • Multiple Start Ups • Alert Logic • Trace Security • Trustwave • Several traditional MSSPs - IT-GRC is often a stop-gap option with unused features - Only Sentry Metrics uses ITSM fundamentals in Security and Compliance offering as a Service Transition lever • Symantec MSS • Solutionary • Verizon Business • Dell SecureWorks • Risk I/O SAAS • Qualys ITSM Security Management - Primary competitors are MSSPs in the U.S. - Sentry Metrics aims to transition clients to self-service - MSSPs want longest outsourcing contracts possible MSSP • ServiceNow - IT-GRC vendors are selling 100% self service and do not have Security Operations as a core competency - ITSM vendors are not focused on Security & Compliance - Opportunity to add Security ERP value to operations • CA • BMC - Program and staff productivity focus for continuous improvement • IBM • HP ITSM 9 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. FINANCIAL FORECAST Addressable market - $3B NA MSSP Market (11% CAGR); $300MM+ IT-GRC Market; Multiple Security direct-to-SaaS opportunities Revenue Model 6 Months Year 1 Year 2 Year 3 Year 4 Year 5 5M 14M 27M 35M 45M 59M 6 Months Year 1 Year 2 Year 3 Year 4 Year 5 Net Profit (100K) .5M 5M 9M 14M 18M EBITDA (50K) .9M 8M 15M 22M 28M FCF (72K) .1M 7M 15M 22M 28M Time to Profitability Amounts in brackets denote negative amounts 10 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. INTRODUCING THE TEAM Management Team Dave Millier: CEO – ca.linkedin.com/pub/dave-millier-crisc/0/2b/5a Recognized leader in security and networking, having operated several successful start-ups over the course of nearly 20 years. theSentry platform was born from Dave’s experience serving customers and seeking continuous productivity improvement. Steven Cohen: President – ca.linkedin.com/pub/steven-cohen/0/72/453 Co-founder of Strongbox Solutions and has provided trusted Security Advisory services to Fortune 1000 customers for 15 years. Steven leads the Sales organization for Sentry Metrics. Sheldon Malm: VP, Business Development - ca.linkedin.com/in/sheldonmalm Led Security Operations at RBC Financial Group and has disrupted traditional Security industry approaches for more than 16 years. Previously head of Strategy & Alliances at Rapid7 and head of Security R&D at nCircle Network Security (acquired by Tripwire) CFO: Bryan Tollman - ca.linkedin.com/pub/bryan-tollman/16/b31/91a Co-founder of Strongbox Solutions and an experienced CFO. Holds a doctorate in Corporate Strategy and an MBA in Corporate Strategy, Finance and Marketing. 11 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. MILESTONES Solid revenue performance with consistent growth in Canada - ~$6MM in 2012 revenue; on pace for >40% growth in 2013. U.S. market offers accelerated revenue growth opportunity Growth achieved with little investment in Sales or Marketing theSentry platform in-market with positive client adoption - Third generation platform in production; Fourth generation in development U.S. expansion strategy beginning to unfold - Early Channel partnerships in motion; interest from U.S. prospects in key verticals: retail; technology; healthcare; entertainment Client Enablement/SaaS Transition strategy resonating with U.S. enterprise prospects – compelling alternative to traditional MSSPs Important technology alliances established - HP ArcSight/Tipping Point (SIEM/IDP); Rapid7/Qualys (Vulnerability Mgmt.); Sourcefire (IDP); Akamai (DDoS) - first MSSP Channel Partner Key investments planned to achieve our goals 12 Marketing: raise visibility, refine messaging/positioning, and drive lead generation from U.S. market Sales/Sales Engineering: expand, support, and manage U.S. Channel Engineering: accelerate platform development and eLearning modules in support of SaaS Transition and direct-to-SaaS activities Security Operations: U.S. SOC location likely necessary to support enterprise customer requirements Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. SENTRY HIGHLIGHTS Sentry Metrics provides the industry’s only viable solution to successfully, sustainably transition clients from Managed Services to SaaS-based self-service for Security and Compliance Strategy is perfectly aligned with market dynamics and customer demand - Customer dissatisfaction with MSSP lock-in has created demand for in-sourcing service options Risk associated with Security Operations requires immediate improvement, coupled with planned transition $3B/year, 11% CAGR North American MSSP market provides opportunity to disrupt from the inside Adjacent IT-GRC, On-Premise Security, and SaaS Security markets provide additional client attraction At-scale Canadian-based business is ripe for expansion to much larger market in the U.S. Key technology partnerships in place and U.S. Channel strategy underway Seasoned Management Team with deep Security expertise and successful market disruption experience Combination of theSentry Platform, Managed Services, and Client Enablement are necessary and unique - ITSM is the right framework for continuous service improvement; theSentry is the industry’s only ITSM Security Management platform - Sentry Metrics’ position as an established MSSP enables disruption from inside the market; creates a funnel for SaaS self-service - Willingness to drive MSS attrition is key to client enablement; incorporate desire for insourcing instead of fighting it 13 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc. SENTRY METRICS the right solution at the right time. 14 Leaders in Information Security, Compliance and Risk Management Solutions | Confidential © 2013 Sentry Metrics Inc.