Brief introduction of technologies and products from BMST Co. which is the leading company at transparent network behavior audit and forensics.

1. Advanced Network Behavior Analysis , Record and Audit Last Modified: Dec.8 2009 Introduction of BMST Technologies

2. Agenda 1. Opportunity and Business Overview 2. Technology and Products 3. Scenarios and Solutions 4. Our Customers 5. About BMST 2 ©Copyright, BMST Co. 2009 December 13, 2009

3. What Gartner Top 10 and NSA Say? Gartner TOP 10 2010 1 Cloud computing, 2 Advanced analytics, 3 Client computing, 4 IT for Green,5 Reshaping the data center 6 Social computing, 7 Security - activity monitoring. …Information security professionals face the challenge of detecting malicious activity in a constant stream of discrete events that are usually associated with an authorized user and are generated from multiple network, system and application sources. At the same time, security departments are facing increasing demands for ever-greater log analysis and reporting to support audit requirements... 8 Flash memory, 9 Virtualization for availability, 10 Mobile applications. Security is not just the perimeter; layered defenses must be inside of the network and on the applications and databases if we really want to protect information. We haven’t done nearly enough to protect applications and databases…and the magnitude of loses around insider threats are underreported. William (Bill) Crowell – former Deputy Director of the NSA 3 ©Copyright, BMST Co. 2009 December 13, 2009

5. Are you outsourcing? How to handle potential contractual dispute in case of an IT issue?

6. Don’t you need compliance? What to show external auditors on complete organization IT operation records?

7. How to monitor and find the violation of authorized users in real time?

8. How to guarantee the security policy are followed correctly?4 ©Copyright, BMST Co. 2009 December 13, 2009

10. Real time monitoring

11. Smart behavior analysis and Audit

12. Comprehensive protocol support

13. Transparent deployment

14. Intuitive “flight” administration

15. Tampering-proof authentic “data” management5 ©Copyright, BMST Co. 2009 December 13, 2009

17. Bridge-model run

18. Session based data recording

19. Complete protocol support

21. Respond to SAC orders

22. Smart audit and search

24. Flexible reporting system

25. Policy-based real-time monitoring, alert and response6 ©Copyright, BMST Co. 2009 December 13, 2009

26. Session-Auditor Deployment SSH RDP Telnet ICA Rlogin VNC FTP Oracle Sybase …… Administrator WebApp& Web Services Enterprise Apps (ERP/CRM) SAS Traffic IT系统管理员/ 兼职安全管理 Recorded Servers Unix/Linux Console Windows Network Security SAD Auditor Mission critical 企业应用 (SAP, Oracle等)

27. Critical System Critical System Critical System Critical System SAS SAS SAS SAS Administrator SAD SAD Administrator SAC Auditor Distributed and Hierarchical Deployment

29. Session Auditor Product Family Session Auditor Lite is one 2-in-1 appliance, integrated SAS and SAD Storage SAS and SAD support distributed and hierarchical deployment, bringing users further flexibility Network Throughput 10 ©Copyright, BMST Co. 2009 December 13, 2009

31. PCI-DSS, SOX, ISO27001, HIPAA, GLBA, SB1836, …

32. “Audit”, “Records”, “e-Discovery” are essential to all of them

33. Virtual Asset Protection for Online Gaming

34. Internal abuse and theft

35. Potential lawsuit for virtual assets11 ©Copyright, BMST Co. 2009 December 13, 2009

36. Our Customers Session Auditor has been widely adopted by industry leading customers from telco, finance, service providers, consulting firms, governments and etc. Please visit http://bmst.net/solution for more details. 12 ©Copyright, BMST Co. 2009 December 13, 2009

38. sales@bmst.net (Sales)

39. partners@bmst.net (Partnership) @bmstdotnet 13 ©Copyright, BMST Co. 2009 December 13, 2009

40. 14 ©Copyright, BMST Co. 2009 December 13, 2009