Security Matrix Technology Solutions Required: Email Security, Endpoint (4/4) (3/4) (3/4) (3/4) (2/4) (2/4) Protection, Incident Response, Penetration Testing Industry-Ranked: Yes (1/1) (1/1) (1/1) (1/1) (1/1) (1/1) link to provider's Provider AT&T Lumen Trustwave eSentire Verizon Akamai Pathnder prole main service the provider Edge Delivery, Security, Primary Line of Business Carrier & MSSP Carrier & MSSP MSSP MSSP Carrier & MSSP offers and Compute Year Company year founded 1983 1930 1995 2001 1983 1998 Established number of in-house # Employees 260,000 45,000 2,000 475 140,000 9,200 employees Whether your customers are looking for tools to revolutionize their AT&T Cybersecurity network, drive workforce makes it safer for your Lumen has one of the Focused on threat Within 35 seconds productivity, or protect business to innovate. Our largest IP backbones in the detection and response, eSentire starts their business from The most innovative cybersecurity consulting world, providing real-time Trustwave is a leading investigating, isolating, security threats, Verizon companies choose Akamai. team has protected visibility into threats. cybersecurity and and containing suspicious and its partners offer They are the market leader organizations for 25 years. We’ve created a global managed security services activity, typically resolved products in Edge Delivery, Security Eight global SOCs are threat sensor and active company offering a in under 17 minutes. Our and services that provide and Compute with p Elevator Pitch provider's value prop monitored 24/7. AT&T defense platform to comprehensive portfolio core belief is it is our duty the building blocks for unparalleled capacity, a Alien Labs provides threat prevent, detect and of managed security to RESPOND and STOP enterprise IT. Verizon’s reach and visibility to intelligence via Open respond to malicious services, security testing, threats without paying decades of network and what's happening on the c Threat Exchange (OTX) - a activity at all levels of consulting and extra. Founded in 2001 we telecom experience and internet helping you community of 145,000 technology, at-scale. This professional services, and started the MDR category partnerships with achieve Defense in Depth. r security professionals who concept is called data protection and protect over $6 trillion enterprises and federal submit 20 million threat Connected Security. technology. in assets. agencies can help solve indicators per day. real-world challenges and drive powerful outcomes. how long the offering has # Years Offered been available to 25 25 25 20 10 20 customers Gartner MQ Managed Security Services 2019 Gartner MQ Managed Gartner MQ Managed (retired) Niche Player Gartner, Forrester, or Security Services 2019 Security Services 2019 Forrester DDoS Mitigation similar industry rankings Forrester Wave MSSP Q3 (retired) Leader IDC MarketScape US MDR (retired) Leader Industry-Ranked Forrester Wave MSSP Q3 F achieved in the 2020 Leader 2021 Leader IDC MarketScape 2020 Strong Performer cybersecurity market Forrester Wave MSSP Q3 IDC MarketScape US MDR Commercial CDN Leader 2020 Leader 2021 Major Player IDC MarketScape US MDR ID 2021 Major Player number of customers the company has that are # Security Customers 7,000 condential 200,000 condential condential condential specically consuming cybersecurity services what is the minimum deal size you will consider for Minimum MRC for an ongoing security - $10,000 - - - - Ongoing Security opportunity (i.e. MRC, managed services)? what is the minimum deal size you will consider for a Minimum NRC for One- one-time security $1,200 $10,000 - - - - Time Security opportunity (i.e. NRC, professional services)? in-house preferred/3rd In-house, 24/7/365, 8 In-house; 24/7/365; 9 In-house; 24/7/365; 2 In-house; 24/7/365; 6 Security Operations attributes of provider's party available; 24/7/365; Locations, # analysts is Locations; 300 SOC Locations; 135 SOC In-house; 24/7/365 locations; 225 SOC G Center (SOC) SOC(s) 9 Locations; 100 SOC condential Analysts Analysts Analysts Analysts M Managed Threat Detection and Response: EDR/MDR and/or SIEM Prolexic (Volumetric Security Testing: pen test, Managed Detection and DDoS) M DDoS network security, Response App & API Protector SOC Services database security (Cloud WAF) name & description of M all options available à la Managed SIEM Proactive Threat Hunting: Digital Forensics and Akamai Segmentation Common Packages provider's most commonly - carte or in combination Compliance Readiness SpiderLabs experts Incident Response (Micro/Segmentation) sold products & services. Assessment Digital Forensics and Enterprise Defender Ransomware Assessment Incident Response: Managed Risk and (Zero Trust Architecture) consulting services Vulnerability Bot Manager + Readiness Incident Response and Response H Retainer: rapid access, bucket of hours W

may include risk assessments and gap SOC, PCI, ISO, HIPAA, etc., In-house NIST, CSF, ISO Risk & Compliance analyses to evaluate In-house CMMC, PCI, ISO, including vertical-specic In-house 27001/27002, CIS, GDPR, In-house n/a Assessments security posture, SOC2, HIPAA, GDPR compliance available SEC, HIPAA assessments to determine compliance In-house external, internal, Internal, external, web, can be offered for In-house external, internal, Wi-Fi, and web app pen app, IoT, etc, including External, Internal, Web Penetration Test infrastructure/network, In-house web app, and social n/a tests with automated or social media, phishing, App, and Wi-Fi apps (web/mobile), devices engineering/phishing analyst driven options dark web scans tool to assess computers, one-time or ongoing, Vulnerability Scanning networks or applications offered standalone one-time or ongoing ongoing n/a n/a Qualys, Rapid7, Tenable.io for known weaknesses one-time engagement with IT/Security staff and primary stakeholders to Security Workshop (NRC) n/a offered standalone offered standalone n/a n/a n/a discuss their cybersecurity strategy and means of improvement Digital Defense (min. one-time or ongoing $1,200/year @ 100 users) cybersecurity awareness End User Training and phishing simulation OnePhish, WorkWise n/a offered standalone n/a n/a training offered directly to (min. $3,200/year @ 100 end users users) Secure Email Gateway or other product meant to Email Security Proofpoint n/a MailMarshal n/a n/a offered standalone detect malicious or fraudulent email content a managed solution that Hosted: Fusion provides holistic view of (proprietary, Microsoft customer’s environment AT&T UTM (formerly on-prem new or manage Sentinel) or On-Prem Microsoft Sentinel, Sumo SIEM & Log Management Splunk n/a and correlates various AlienVault) existing (Splunk, QRadar, Logic data sources to identify LogRhythm); min. $25K threats in real time MRC combination of security Carbon Black (min. 50 tools and SOC analysts Carbon Black, Microsoft endpoints); CrowdStrike, Managed Detection & used to identify threats Defender, Palo Alto, SentinelOne offered standalone Microsoft Defender (min. CrowdStrike n/a Response (MDR) and respond to incidents SentinelOne; min. 250 25 endpoints); within a customer seats SentinelOne environment Carbon Black (min. 50 SentinelOne, McAfee, endpoints); CrowdStrike, remote management of Endpoint Protection Lookout Mobile Endpoint offered standalone n/a Microsoft Defender (min. CrowdStrike offered standalone specied product Security 25 endpoints); SentinelOne Web Application Firewall used to protect against WAF offered standalone sold as add-on n/a n/a n/a offered standalone attacks targeting Internet- facing applications Solution designed to block Distributed Denial of Service attacks from taking down a network or available for AT&T and available for Verizon and DDoS Mitigation offered standalone n/a n/a offered standalone online application; third-party circuits third-party circuits especially relevant for companies who do business online a technique to regulate who can use resources on a network; may include Identity & Access Single Sign-On, Cloud n/a SSO, CASB, MFA n/a n/a n/a offered standalone Management (IAM) Access Security Broker, and Multi-Factor Authentication a broad approach to fortify the boundaries of a network; may include on- on-prem and cloud, client Perimeter Security prem rewall, cloud Fortinet, Zscaler VPN, IDS/IPS, premise FW, offered standalone n/a Fortinet, Juniper, Palo Alto offered standalone rewall/VPN, intrusion NGFW detection, and intrusion prevention an organized, forensic Available for on-demand approach to investigate on-prem and remote as needed or via retainer, 24/7 Incident Response or Incident Response and remediate a security options available, either offered standalone n/a n/a remote or on-prem Emergency Incident breach; can be on-demand on-demand or on-retainer Response. or via monthly retainer an outsourced CISO to help a company build and Fixed price/scope/duration maintain an information (e.g. NOT a staff Virtual CISO security program without offered standalone augmentation), 20% NRC, offered standalone offered standalone n/a n/a an FTE; especially relevant 80% MRC billed monthly to align with compliance through term standards Legend - Sold Standalone - Sold as Add-on Only