BrandProtect is a Toronto-based company founded in 2001 that provides identity theft attack management services and proprietary phishing education technology. Their services include rapid response to phishing, vishing, smishing, pharming and malware attacks, as well as employee education through simulated phishing exercises and targeted awareness training for susceptible employees. Mock phishing exercises emulate real attacks to train employees and measure susceptibility in a web-based platform without collecting or storing passwords.

1. Phishing Education
BDProtect Inc. 2009 CONFIDENTIAL

2. The leader in internet reputation managementTM
About: BrandProtect
■ Toronto based company, founded 2001
■ Award winning proprietary Technology
■ Certified by F.I.R.S.T.
– Forum for Incident Response Security Teams
■ Microsoft partner
– Phishing filter data provider for IE
BDProtect Inc. 2009 CONFIDENTIAL

3. The leader in internet reputation managementTM
Identity Theft Attack Management Services
■ Rapid response service to deal with all forms of identity theft attacks
– Phishing, Vishing, SMShing, Pharming and Malware
■ Best in class detection practices
– Includes 24x7 response to abuse mail from customers
■ Support for employee education:
– Incident response guidelines and simulated attack education
■ Support for customers
– Browser plug-ins to protect against attacks from fraudulent websites
■ Secure Portal with enhanced functionality for workflow management
– Case management, incident details, trending and reporting capability
■ Best practices from BrandProtect client and partner community
– Access to threat alerts, insights and solution sharing with peers
BDProtect Inc. 2009 CONFIDENTIAL

4. The leader in internet reputation managementTM
SpearPhishing – A growing problem
■ > 15,000 corporate victims in 15 months
■ Victim Losses have
exceeded $100,000
■ Recent Victims
– Salesforce.com
– Critical infrastructure
at large energy company
BDProtect Inc. 2009 CONFIDENTIAL

5. The leader in internet reputation managementTM
Conventional Measures For Employee Education
• Brown Bag Sessions
• Security Posters
• Email Blasts
BDProtect Inc. 2009 CONFIDENTIAL

6. The leader in internet reputation managementTM
A Better Way
Mock Phishing Exercises
■ Emulate real phishing attacks
■ Train subjects by example
■ Measure susceptibility
BDProtect Inc. 2009 CONFIDENTIAL

7. The leader in internet reputation managementTM
A better way
■ Web-based platform that facilitates the execution of mock
phishing exercises and user awareness training
■ Easy Setup
■ Real Metrics*
■ Targeted Awareness Training
* We do NOT collect or store passwords. Only detect if they were entered
BDProtect Inc. 2009 CONFIDENTIAL

8. The leader in internet reputation managementTM
Case Study: Measuring Improvement
BDProtect Inc. 2009 CONFIDENTIAL

9. The leader in internet reputation managementTM
Targeted Awareness Training
Employees found to be susceptible can immediately be
redirected to:
• Internal corporate training websites
• Built-in educational message
• Educational comic strip
• Generic message non-indicative of the underlying activity
BDProtect Inc. 2009 CONFIDENTIAL

10. The leader in internet reputation managementTM
Common reasons for implementation
■ To make it part of annual security audit and training
■ To help employees to not get infected at work/home
■ To help employees explain phishing to customers
– “Train the trainers”
BDProtect Inc. 2009 CONFIDENTIAL

11. The leader in internet reputation managementTM
More Information
BDProtect Inc. 2009 CONFIDENTIAL