LEWIS for Check Point by LEWIS

Check Point Public Relations Proposal October 16, 2015

Contents Part 1

Part 3

04 / Agency Overview

47 / Case Studies

06 / Geographic Coverage 08 / Client Service

Part 4

10 / Experience

52 / References

12 / Sample Cover Stories 14 / Proposed Team Members 17 / Agency Process 20 / Rate Card

Part 2 22 / Strategy and Execution 24 / Communications Challenge 28 / Approach 34 / Audience Targets 36 / Product Reviews 42 / Social Media Services 44 / Security Breach 46 / Influencer Relationships

Part 1: Agency Overview

LEWIS PR is a global communications agency, working with leading and emerging brands in the most demanding industry sectors around the world. We were founded in 1995 by a former journalist and now have 550 consultants working in more than 28 wholly-owned offices across the US, EMEA and Asia Pacific. LEWISâ&#x20AC;&#x2122; US headquarters are based in San Francisco, with three additional offices in San Diego, Boston and Washington, D.C. The agency is independent and partner-owned.

How are we different? In addition to traditional media relations, LEWIS specializes in social media, digital marketing and creative services. It works with companies to implement integrated communications programs on an international scale.

review and track the progress of the campaign and, of course, alter the direction as and when required. We invest in our people. Training and professional development of staff is a cornerstone of our company philosophy. In 2014, LEWIS created the Rise Academy â&#x20AC;&#x201C; a series of intensive sessions aimed at equipping PR professionals with business, leadership and marketing skills to make us a more creative, effective and competitive company. We believe our security expertise, track record in building technology brands, and integrated, innovative approach to communications, make us the right PR partner for Check Point in 2015 and beyond.

Weâ&#x20AC;&#x2122;ve invested in our staff by building core teams around creative services, content services, media relations and digital marketing. All teams focus on creating compelling content, including text, images and video. We are focused on creating proactive campaigns that do not rely on product news or other strategic announcements. Our goal is to create compelling content that will tap into the media agenda. This can take the form of a customer video, an infographic or simply a piece of contributed content. Our team of security experts is always up for meeting a business challenge. With more than a century of combined experience working with leading global security brands, we have helped dozens of security brands grow their profile, attract customers or take on competitors Our metrics driven approach to campaigns provides clients with a customized dashboard to 5

Geographic Coverage Our global network of 28 wholly-owned offices, and LEWIS+ partner locations, are set up to support and embrace multi-region PR campaigns. More than 60% of our clients use LEWIS to execute multi-market projects, and many US clients work with more than one US office. The below map includes those office locations and clearly marked LEWIS+ partner locations. We also have additional partner firms in locations outside of the LEWIS+ group. This gives us a current global reach of 77 countries worldwide.

Wholly owned offices LEWIS+ partners

US Boston San Diego San Francisco Washington DC EMEA Amsterdam Antwerp Barcelona Budapest D端sseldorf

Eindhoven Frankfurt Lisbon London Madrid Milan Munich Paris Prague Stockholm Warsaw

APAC Bangalore Beijing Guangzhou Hong Kong Kuala Lumpur Shanghai Singapore Sydney

Austria Denmark Turkey Russia Israel Korea Taiwan Brazil Argentina Mexico

Client Service LEWIS represents 120 brands full-time in the U.S. The size of those engagements vary from $200,000 annually to investments of more than $2M. Our work with clients on a project basis varies from 5 to 10 active engagements at a time. Our retention rate for all clients is in line with industry averages, but here are a few examples of some of our particularly long-term relationships: Stanley Healthcare (10 years, current) Coverity (8 years, acquired by Synopsys) MicroFocus (8 years, current) Recommind (7 years, current) VMware (7 years, current) Veeam (6 years, current)

Why these are successful: The main reason we retain clients is our ability to drive business results. Each of the clients on the previous page attributes some of its growth and value to the success of its communications campaign. We review our relationships with clients regularly against objectives and have been able to demonstrate tangible results year on year. We implement bold ideas, weâ&#x20AC;&#x2122;re fast and able to seize opportunities We execute efficiently and operate like an extension of the marketing team We ensure alignment on goals through consistent, open and honest communication We allocate senior partners to accounts, who have a vested interest in success Our global approach and range of services allow us to support clients holistically We have the resources and expertise to adapt and grow with our clients

Experience CURRENT CLIENTS

Provides secure mobile file sharing, to corporations and government agencies

Enables enterprises of all sizes to quickly deploy and operate cost effective unified security management solutions

Network monitoring and traffic visibility solutions.

Provides multi-platform enterprise mobility, security and management software

Virus protection and Internet security.

Enterprise software used to monitor, report and analyze the machine data produced by the applications, systems and infrastructure

Provider of information security and cloud compliance solutions

Security technology and services

LEWIS Pulse client.

Identity and access management (IAM) solution provider both on premises and in the cloud

Enterprise firewall security management company, helping organizations to correct gaps in their existing network security infrastructure.

Pioneering a security model to eliminate advanced malware

Software company that provides cloud and virtualization software and services

Anti-virus and anti-intrusion software designed for both home and corporate users

Stealth security startup that delivers contextually relevant security analytics

Helps organizations identify and stop APTs, targeted attacks and other sophisticated malware.

FORMER CLIENTS

Market Leader in Network Security Policy Management, automating Firewall Operations Management, Risk & Compliance

Leading cloud hosting and managed services company

Worldwide leader in networking that transforms how people connect, communicate and collaborate.

Security platforms that deploy network security apps from third-party vendors for highperformance networks. Acquired by BlueCoat in 2013.

Producer of networking hardware as well as intrusion prevention systems, network access control and security information management. Acquired by Extreme Networks in 2013.

Leader in stopping next-generation threats, such as zero-day and APT attacks, that bypass traditional defenses and compromise over 95 percent of networks

Leading provider of public and private cloud infrastructure security IBM X-Force Research and Development

Leader in development testing, is the trusted standard for companies that need to protect their brands and bottom lines from software failures

Award-winning database and application security, reporting and audit solutions for organizations across the globe

Cloud-based security and acceleration service provider

Software and hardware network security appliances for security information and event management markets. Acquired by EMC in 2006.

Delivered source code vulnerability analysis solutions to eliminate business risk caused by software security vulnerabilities. Acquired by IBM in 2009.

Cloud-based email security, e-discovery and compliance solutions.

ISV that provides enterprise-class security for Hadoop and NoSQL environments

Sample Cover Stories The following is a range of cover or lead stories recently secured for clients Good Technology FORTUNE

FINANCIAL POST

Need to fix a business process? There’s probably an app for that

‘You’re always under attack’: Why Canadian firms are falling behind in mobile security

BASELINE

DARK READING

Business Can’t Keep Up With Shifting Cyber-Threats

‘You’re always under attack’: Why Canadian firms are falling behind in mobile security

Gemalto (SafeNet)

Mulesoft NEW YORK TIMES

FORBES

Greg Schott of MuleSoft: Beware the Threats to a Positive Workplace

What Some Of The World’s Leading Companies Can Teach You About The Future Of Work

ZDNET

SC MAGAZINE

Why Bomgar’s remote support technology is finding appeal outside the enterprise

The franchise security wake-up call

FORTUNE

RECODE

Watch out workers, it just got easier to sift your Instant Messages

NSA, Target, Heartbleed and Ethics

Bomgar

Recommind

Proposed Team Members When engaging with LEWIS, clients are buying the teamâ&#x20AC;&#x2122;s time. That team is a vertical slice through the company, and as such has staff of varying levels of experience. Check Pointâ&#x20AC;&#x2122;s account team would be comprised of the following primary team members:

Lucy Allen

Job title: EVP, Chief Strategy Officer Relevant experience: Splunk, Good Technology, Proofpoint, Crowdstrike Lucy drives the agency’s account servicing proposition, client service and best practices. She has led the development of many of the agency’s methodologies for client management, measurement and digital / social media. She provides the strategic direction on campaigns and works with clients on messaging, planning and coaching and executive visibility.

Catherine Koo

Job title: Vice President Relevant experience: Good Technology, Qualys, SendGrid Catherine provides strategic oversight and direction for some of LEWIS’ key clients. In addition to managing ongoing relationships with trade, technology, consumer and business press, she oversees message development and planning, account activities, content creation, crisis management and international coordination. Catherine will be the day-to-day contact for Check Point, overseeing strategy, content and earned media programs. She will be dedicating 20 percent of her time to the Check Point account.

Lisa Paglia

Job title: SVP, Global Marketing Services Relevant experience: Crossbeam, FireMon, IBM ISS, Trend Micro, FlowTraq, GFI As SVP of LEWIS’ Global Marketing Services team, Lisa counsels clients on all aspects of marketing strategy – from messaging and positioning, to awareness and demand generation, to content and creative development. In addition to her primary

role, Lisa has been responsible for building, executing, and managing the worldwide marketing initiatives for a number of LEWIS clients, including network security leaders such as Crossbeam, Trend Micro, IBM ISS, FireMon, and others. Among those initiatives was the development, management, and implementation of Crossbeam’s global go-to-market strategy, including awareness building, demand generation, and channel and partner marketing - with more than 10 years of joint marketing with Check Point.

Jen Scheer

Job title: VP, Digital Marketing Relevant experience: FlowTraq, GFI Jennifer brings more than 20 years of marketing experience to LEWIS, where she manages integrated marketing programs with a strong focus on content development, social media, and digital marketing. Jennifer currently serves as the lead on emerging network security vendor FlowTraq, where she is responsible for all aspects of the company’s marketing strategy, from messaging and positioning, to social media, to paid media and demand generation. In addition to her role on FlowTraq, Jennifer also manages the entire social media presence for Comcast Business, a program she developed and that she and her team have been managing ever since, including recruitment, engagement, content development, and creative campaigns.

Mark Daly

Job title: Managing Director Relevant experience: Symantec, TrendMicro, SafeNet Mark Daly has more than 19 years of PR experience, primarily working with high-tech B2B companies. His clients have appeared in prestigious 15

media outlets across the U.S., from The New York Times and The Wall Street Journal to NPR and FOX News. At LEWIS, Mark has years of security experience leading the Crossbeam Systems account and as a key contributor to the SafeNet (now Gemalto) team. Prior to LEWIS, Mark was a research manager and PR analyst at Cision and The Delahaye Group, where he measured PR effectiveness for some of the largest organizations in the world, including Symantec and Trend Micro. Mark has been awarded the Bronze Anvil Award from the Public Relations Society of America and multiple Gold Bell Ringer Awards. He has a B.A. in Anthropology from Franklin Pierce College and an M.B.A. from the Whittemore School of Business and Economics at the University of New Hampshire. He currently serves on the board of directors for the the Publicity Club of New England.

Ashley Womack

Job title: Account Manager Relevant experience: Bluebox Security, AlienVault, Menlo Security Ashley will lead manage the integrated marketing and PR elements of the campaign, ensuring metrics are being met through tight project management and quantitative reporting. As a core member of our security team, she will also support the account team in identifying opportunities for media coverage, maintaining media and analyst relationships and drafting relevant content. Ashley will be dedicating 25 percent of her time to the Check Point account focused on security and technology media relations.

Mark Karayan

Title: Media Strategist Relevant experience: F-Secure, Intermedia, Maynard Webb Mark Karayan specializes in developing successful media campaigns that secure coverage in flagship business publications and TV and radio outlets. He has relationships with some of the top technology and business journalists in the country. He will be dedicating 20 percent of his time to the Check Point account.

Agency Process Our approach is geared toward achieving tangible business results for our clients. Whether the goal is to build or shape awareness, drive demand, or foster adoption and advocacy, we always start by establishing clear goals. Our method for achieving those goals is governed by three steps. We may be implementing a media relations campaign, a lead generation program or a fully integrated strategy, but the principles stay consistent.

Context We research and analyze the top-of-mind issues for customers and influencers, using a range of data analysis tools, secondary and primary research. We identify the topical trends driving your market and the key issues influencing buying decisions. This is where our domain expertise comes in – our familiarity with your target markets and the key influencers shaping those markets, dramatically accelerates our ability to grasp the current context for your brand.

Point of View It’s not enough to simply understand the mega trends impacting your market. Those are like oceans. We need to identify the waves that we can ride within those oceans: the topics we can ‘own’. We believe in the importance of a distinct point of view. We help you formulate this through internal discovery (executive workshops, content analysis) and external discovery (customer or community insights). This point of view determines your unique role in the wider conversation and helps ensure you are setting the agenda.

Call to Action Every campaign needs a specific call to action. Once we establish your point of view, we create content around it that drives readers or viewers to a call to action. For awareness programs, the call to action may be merely cognitive (e.g. we want readers to understand, be impressed or perceive differently) or active (e.g. to seek further information). Both can be achieved through articles, profiles, news stories or contributed content. For demand-led programs, our call to action will likely be more tangible (e.g. to click, download or engage directly with your organization). These types of content are more likely to dwell on owned or paid channels. We have found that our ability to create – and constantly evolve – these content bites allows us to dramatically increase results for clients. The process is iterative and agile – we’re constantly identifying new contexts, shaping the point of view and implementing new calls to action. For Check Point, we understand the goals to be awareness-focused. We need to develop a distinctive point of view for Check Point that fits within the current security conversation. We then need to create a vigorous program of content (pitches, news, articles, visual content, speaker opps, research, presentations) that gives key media (and customers) a timely reason to engage with us and boosts our mindshare among all key stakeholders. For Check Point, we believe the secret recipe is a combination of Relevance and Volume: highly relevant and distinct positioning, implemented with volume and frequency in order to out-maneuver the competition.

Methodology

Rate Card / Billing LEWIS works to a monthly retainer, which buys the time of a team. Activities delivered within that time vary depending on the demands of the PR program. LEWIS is flexible in its pricing and will work to finalize budgets and specific activities at the outset of the engagement. LEWIS’ pricing is based on a blended hourly rate of $220 that includes team representation from vice president to account coordinator levels. Rates vary according to seniority and an approximate number of monthly hours are allocated to the campaign at the outset, equivalent to the proposed monthly fee. To ensure predictability, LEWIS provides a list of activities that will be delivered as part of the monthly fee. This way, clients can anticipate activity levels and output.

TITLE

RATE

EVP / SVP

$350

Managing Partner / VP / GM

$325

Practice Director

$275

Account Director

$225

Account Manager

$190

Senior Account Executive

$165

Account Executive

$135

Account Coordinator

$90

The PR program will incur third-party costs such as, but not limited to, wire fees, news monitoring services, travel and accommodation, production costs etc. LEWIS does NOT mark up these costs or charge an administration fee on them. However, if there are significant spend items (>$1,000) which the agency must pay for in advance of receiving funds, there is a 10% financing fee. The financing fee is simply there to prevent the agency from providing short-term banking facilities. Typically, we recommend allocating 15% of the budget to third party costs.

LEWIS applies the following innovative solutions to control costs: Multi-channel content management – We extract maximum value out of every piece of content by ensuring that it is effectively shared, reused and applied across communications channels Global coordination – LEWIS internal coordination across global teams to ensure sharing of ideas and campaigns Tools and services – We invest in dozens of tools and services to monitor, track and report on the impact of our campaigns. We provide access to these tools at a lower cost than if the client were to subscribe alone.

Part 2: Strategy & Execution

Research LEWIS has conducted preliminary research into Check Point’s share of voice in media and social media. The charts below reflect the past six months of activity and exclude financial coverage. There are several key observations: News output is very tactical – 80% of news has been around products, partners and executives

Social engagement - Social media conversations are generally positive and consistent. However, the overall community size could be increased to amplify the impact.

Awareness

Coverage analysis and share of voice

Coverage is focused on research – 60% of coverage has been around research, while only 20% of news output is related to research Tech and trade coverage leading media sources – 95% of Check Point’s coverage is in tech (45%), blog (26%) and channel (23%) publications, leaving significant room for improvement in business media. Chasing FireEye, Palo Alto and Juniper – Competing with Fortinet in news clips; lagging in overall SOV 21

Part 2: Strategy & Execution News coverage analysis

Share of Voice

Media Source

News Media Analysis

Coverage Type

Online Media Analysis

Relevance

Frequency of mentions alongside topical media and customer issues

Leadership

How often Check Point leads in articles, stimulating debate, setting the agenda, being quoted or referenced as a leader Executive quotes

Perception & Communications Challenge From the analysis, itâ&#x20AC;&#x2122;s clear that competitors are dominating in Share of Voice. There is relatively limited coverage dedicated to the company and the key spokespeople are less visible than those of our key competitors.

Qualitatively, Check Point is acknowledged in the media as the second largest firewall vendor, and an established security player. However, there is limited coverage of Check Point’s technical leadership. The company is not portrayed as an innovator or a driver of the security conversation. We know from our informal survey of buyers and influencers, that Check Point is loved by its customers and is very hard to dislodge. Yet this does not come through in the media or social media coverage. We believe Check Point’s greatest communications challenge is demonstrating that it is relevant to today’s security landscape. In a market which is full of noisy, marketing-led competitors and buzz worthy start-ups, getting attention relies on being highly relevant to the current conversation. These well-funded start-ups are deliberately positioning the incumbent vendors as ‘the old-guard’. We need to counter this. We have the assets to do so: a large installed base, capital to invest in the R&D and M&A needed to innovate, respected leadership, and a body of research and content. In the ‘Approach’ section we will outline how we would incorporate these assets into a cohesive strategy that tackles this challenge.

Articles in which Check Point should have been included This article highlights Palo Alto Network’s perspective on some of the challenges that end users are facing, with respect to security. They are challenging end users to be more proactive about partnering with and deploying integrated security solutions, instead of “cobbled together” legacy technology systems. This is exactly the commentary that Check Point should be using. Check Point is the only vendor who can actually fulfill this promise right now and can point to the company’s proven track record as evidence. Other vendors making this claim are doing just that: making a claim that they can’t back up. For this article in particular, if Check Point had already been talking about an integrated solution and approach, the company would have likely been mentioned alongside Palo Alto Network in this story.

This article is a good example of how a brand leveraged a SKO for media coverage. This was written from the reporter either attending or having been briefed on the news that was shared at Palo Alto Network’s sales kick-off, but its an effective article for a few reasons. First, it serves as a vehicle to remind the media and customers that the company is focused on innovation and technology development. Second, it provides insight into the company’s key focus areas, leveraging the existing products and features as benchmarks for the discussion. Finally, without disclosing any proprietary details about future products or technology, they’ve aligned themselves with the key trends that journalists are writing about, as well as the concerns customers and end users are facing.

Check Point has access to different types of data and research, but a very small amount of it is actually used. This story is a good example of how a larger story is built around a varied group of data points, versus data from one organization. Additionally, the article looks at different types of vulnerabilities and exposure, not just the network or endpoint, and would be a great vehicle to reinforce Check Pointâ&#x20AC;&#x2122;s integrated technology proposition. Check Pointâ&#x20AC;&#x2122;s most recent security report would have been a good fit for this story, as well as the smaller, more frequent data points from the ThreatCloud and any additional pieces of research. All of these unique data points can be proactively pitched, sliced and diced and repackaged into different stories, either as features or as supporting points, to add color and commentary to stories in the media cycle.

Approach In order to increase brand recognition and mindshare, Check Point needs to focus on two areas: relevance and volume. Competitors are all too happy to deposition Check Point as the old guard, a firewall-only vendor. Despite Check Point’s superior technology, large installed base and track record of profitability, unless Check Point continually reinserts itself into the current conversation, we will only play into our competitors’ hands. It is imperative that Check Point carves out a very clear narrative that positions it as the platform for the future, and implements it in a vigorous, innovative way.

Check Point’s ‘Securing the Future’ theme, is a good first step. However, our analysis shows that this theme has not yet translated into a perception change. Share of Voice is still behind competitors. Our recommendation is to breakdown the ‘Securing the Future’ theme into three pillars: Comprehensiveness, innovation and leadership.

Comprehensiveness Check Point secures the future because it has a highly extensible, scalable platform that supports customers as their needs evolve. It expands well beyond the firewall, to encompass network and endpoint security, including mobile. It offers a multi-application security platform that is highly integrated across cloud, hardware, software and intelligence. To communicate comprehensiveness, we need to assert Check Point’s role in the move toward integrated platforms and security convergence as a whole. We believe Check Point is well positioned to win the ‘platform wars’ but we need to prove this. We recommend creating a series of proof points for why we are the lead contender for an integrated platform. All spokespeople should be armed with these points for every interview. We should also tap into our loyal customer base. We need to develop stories about customers who have implemented Check Point’s full product suite. We also need an aggressive push on stories that illustrate our endpoint/mobile security and cloud threat prevention offerings. We would work with Check Point to create distinct points of view for both of these two hot topics (the ‘waves’ within these ‘oceans’). We would create story packages with these POVs, an example customer and a specialist (mobile or cloud) spokesperson and take them to the top 10-20 influencers (media and social influencers) in the two categories. We also need to show that we have the capital strength to acquire technologies where needed. Not only does this demonstrate ability to evolve the platform, but it also allows us to deposition startups as acquisition targets rather than contenders for winning the platform wars. We could consider

offering interviews and contributed articles providing insight into recent acquisitions such as Lacoon and Hyperwise, and the resulting product expansions.

Innovation If we want to be seen as securing the future, it is imperative that innovation is a more common thread throughout our PR. We need to show that we are continuing to invest in R&D and that we are ahead of the pack when it comes to bringing innovative products to market. This will be partially achieved by increasing the cadence of news. We should at least match the volume of (quality) news of our closest competitors. If we are securing the future, we also have to be specific about what the future threat landscape looks like. We can’t be seen as innovative if we’re not revealing new insights about the threat landscape. We can do this by better using the Check Point research assets. Check Point has a wealth of information and insights that are timely and relevant to today’s security conversation, but hasn’t made as consistent an effort as its peers when it comes to promoting those insights and ensuring inclusion in stories with top media. While seemingly straightforward, research and rapid response programs can be a challenge for many vendors to successfully develop and execute. At LEWIS PR, we’ve built the rapid response and research communication programs for security startups such as AlienVault, FireEye, Bugcrowd, Incapsula, F-Secure, as well as public companies including Imperva and Qualys. These programs anchored on three fundamental elements: 29

Approach, Contâ&#x20AC;&#x2122;d Experts: Institute a dedicated team of technical spokespeople and develop their individual personas based on specific areas of expertise. Create sought-after, third-party sources by implementing mini-campaigns around each expert. Insights: Develop and promote a specific set of data that is unique to Check Point, and repeatable in either short (regular blog posts) or long (quarterly research report) form. Amplify this content through cross/multi-channel promotion. Interaction: Communicate frequently with target media on stories of the day that are relevant to the Check Point value proposition through both proactive outreach and rapid response. Spokespeople must be readily accessible, engaging and add new information to the story at hand. Consistent interaction both virtually and in-person will create longer lasting media relationships. Ultimately, any research and rapid response program thrives on consistency: in messaging, interaction with media, and in the production and promotion of content. As well as pushing out our own research, we can, and should, be responsive to the media agenda. Security vendors have long known the value of commenting on breaking news related to threats. The key here is to align the PR function with the labs function so it works like a well-oiled machine. Itâ&#x20AC;&#x2122;s also important that we underscore our innovation message by using innovative methods to communicate. For example, we could break our annual security report into smaller factoids and share them over a period of time to share the lifespan of the story. We could even create an interactive contest in which participants are asked to guess the findings (e.g. how many malware attacks hit a company every hour?) and then we can create additional

stories highlighting the gap in knowledge. We recommend greater use of video, live streaming, and visual content. We suggest a more comprehensive approach to sharing repurposing content across channels and dynamically updating stories by adding updates to our social channels throughout the day.

Leadership To demonstrate that Check Point is forward-thinking, we need to take the lead on a specific issue. We need to show that we are driving change. Our recommendation is to build a thought leadership position around the impact of security on organizational leadership. According to Check Pointâ&#x20AC;&#x2122;s 2015 security report, 106 unknown malware hit an organization every hour. The security conversation is dominated by analysis of these threats, their implications and their source. But there is so far very little debate about the wider impact on organizational leadership, governance and culture. We believe Check Point is ideally positioned to set the agenda for this debate. Check Point is one of the most established vendors and the only one to span network, firewall and endpoint security. As the lead contender for ownership of the converged security platform, Check Point should be driving the conversation around organizational, not just technical, response to the new security landscape.

Ideas As an illustration of our approach, we have developed some initial ideas for campaigns that would allow us to demonstrate comprehensiveness, innovation and leadership.

Duty of Trust: the role of security in organizational leadership Our solution is a ‘Duty of Trust’ campaign. Duty of Trust is an evolution of Duty of Care, in which organizations are responsible for the safety and well-being of their customers and employees. Under the Duty of Trust, organizations are responsible for taking every precaution to secure their customers’ and employees’ data. Check Point would call for a global best practice, and potentially even legal standard, for duty of trust. The centerpiece of the campaign would be a global research study: the first study of organizational responses to the growing security threat. Key findings may include: • Security becoming a regular agenda item in board and investor meetings • Independent security committees being set up to monitor a company’s approach to security • Security concerns directly impacting corporate culture, for example the impact of microsegmentation on collaboration • Increasing collaboration between departments around security Of course, we may find that none of these changes are happening. This presents the perfect opportunity to issue a rallying call to organizations. The campaign would be supported with a Ted Talkstyle presentation: a video outlining the key findings and the actions that organizations can take. Media coverage would be secured around three key axes: • Release of the research findings, potentially in conjunction with a media partner 31

Approach, Cont’d • Launch of a microsite with advice and industry reactions, and the ability to track progress and adoption of the duty of trust standards • Using the research and Ted Talk-style video, placement of CEO speaker opportunities and media interviews on the topic Additional visibility would be achieved via an integrated social media and digital program that may include, but is not limited to: • Promotion and distribution of the survey findings in a drip-campaign format to extend and amplify the impact of the content • Promotion and distribution of the video, both as an on-demand piece and with an exclusive “VIP” gate that can be promoted to more exclusive audiences 1:1, perhaps with a live Q&A with Check Point executives at a set date and time • Executive blog series penned in the names of Check Point senior management and that talks to more business-level thought leadership • Online panel promoted over social media and potentially hosted as a webcast or Tweet chat moderated by Check Point and featuring the perspectives of C-level contacts within Check Point’s largest customers and technology and channel partners • Compilation of “Duty of Trust” blogs into an eBook, also featuring research and supporting graphics, that can be used as an asset to promote via social channels and as a call to action for paid media programs Once we have enough critical mass with regard to content, we would propose launching and maintaining a “Duty of Trust” microsite, a site structured in an editorial or online publication format, with dynamic, consultative content that reflects the new C-level thought leadership and content reflecting Check Point’s overall vision for the industry.

The types of content that would help drive the pace of the site and broaden the range of information include, but are not limited to: • Content redirected from the current blog • Customer profiles (“duty of trust” examples) • Customer video gallery • Contributions from third parties • Survey campaigns • Infographics • Media coverage and analyst reports • Video and live digital events • Educational and consultative webcasts • Promotion of online panel discussions and tweet chats • Integration with the company’s social sites Simply put, the site would be become a way for Check Point to raise its story and overall visibility above one that is purely technology-centric and more to one of corporate responsibility and accountability, with security at the core — in a way that is accessible, manageable, consistent, and widespread. The site would be fully optimized and coupled with regular creative digital campaigns to drive traffic and awareness. Expected results from this campaign would be an increase in business media coverage and social engagement. But more specifically, we would measure success based on the impact to Check Point’s ability to drive the conversation. This would be measured by influencer mentions and participation, inbound inquiries on related topics, and growth in UVMs or clicks to the microsite and social channels.

Check Point Academy – dynamic learning delivers the industry’s most topical security skills certification We know that Check Point is planning to increase its community focus through the Jive platform. We propose adding an Academy component to this program. The academy is an online training program which goes beyond typical vendor trailing offerings by doing more than focus on product administration skills. Instead, the academy would provide a curriculum based on what we think future security professionals will need. The curriculum would be directly dictated by Check Point’s research findings, to ensure we are always training on emerging threats and practices. Some of the curriculum could even be crowdsourced. We believe this is how we can reach the younger demographic of security admins who may not be familiar with Check Point. It’s important that the academy is a dynamic program since that allows continual touchpoints with the target audience. While course materials would be available on-demand. We could also create a dedicated blog for it. Contributors (e.g. Reddit authors) to the academy would be featured on the blog, increasing social shares. The curriculum also provides multiple opportunities for news hooks: we can brief media on new trends that warrant new training. We can also use data from participants to highlight trends in security skills (which skills are lacking, which are most valued, etc). The academy would provide an ongoing source of content that spans earned and owned media and is appropriate to Check Point as a founding father of the security industry.

Audience Targets A. IT/Security Administrators B. C-Level Executives C. Channel community Across each of these audiences, we want to create a sense of renewed interest and excitement – and awareness for the full breadth of Check Point’s offerings. Moreover, we want to make each audience feel that Check Point has a vested interest and commitment to them and their individual success. We can accomplish this by converting Check Point’s rich history, depth of experience, and extreme loyalty among existing stakeholders into a true community-based movement, one with an emphasis on accessibility, evangelism, and driving the future of security. To that end, we recommend a carefully coordinated and integrated approach, one with similar tactics but different messaging and tone per audience. For example: The Maverick Class (IT/security administrators) – Here, we want to appeal to this highly technical audience that is in a state of transition from a demographic perspective. With an eye towards the emerging younger community of IT/security administrators, we would propose identifying a Check Point “Dream Team” of product and research leads who have the technical and security chops to talk in depth about capabilities, differentiators, and customer trends, but who can talk about the direction of the industry and the cutting edge efforts and practices they are driving behind the scenes – Check Point’s own “Maverick Class” – the new guard working with the wiser, experienced pioneers that have shaped this industry (the “father of security”). We can give them each a distinct personality

and area of focus (ideally according to product area to drive awareness for CHKP’s offerings beyond firewall) and then promote those personalities and their views via media interviews, social posts, live online events, blog content, speaking engagements, and more to reach this new class of IT and security professional (while still appealing to the technical sensibility of more traditional Check Point champions). The goal would be to give a fresher face to Check Point and promote the next generation of security leaders who are going to transform the industry on the foundation Check Point has already built. In addition, we would propose profiling a new customer – and IT/security administrator champion – monthly via social media and in the form of media interviews (we could run vertical tracks as well). We can promote them as members of “The Maverick Class – Changing the Security Landscape from the Front Lines.” The Master (C-Level Executives) – In this case, we want to create that sense of accessibility and peerto-peer respect and collaboration between customer and prospect C-Suite executives and Check Point’s own leadership. To achieve this, we would propose an aggressive communications campaign that puts Gil, Amnon, and Dorit front and center with the media, analysts, and executive leadership across customers, prospects, and partners, talking about their vision for network security and what companies needs to do to prepare for what lies ahead. Less of a technology message and more one of industry direction. They can deliver this message via a content marketing campaign that includes exclusive media interviews, syndicated video, an executive blog series, executive tweet chats or live streamed “fireside” chats, and collaborative communications with C-level partner contacts. We could leverage the “Duty of Trust” theme as the basis for this program. And similar to what was described for the administrator audience, we would feature the C-level customer contacts as part

of the “Master Class” community, offering them to select business media to talk about the challenges facing big businesses with regard to security and how they are designing a strategy to combat those challenges. We could also do this at a vertical level with a focus on security strategy and the Duty of Trust in more regulated environments to give us a platform to address the issue of security and compliance, corporate responsibility and accountability, regulation, etc. The Mover Class (the channel) – With the channel, we have tremendous opportunity to leverage our existing relationships to both reach their target audiences and energize the front line sellers and sales engineers who are making product recommendations to their end customers. To do this, we first need to make it easy for them to promote the Check Point message, packaging our content and proactively distributing it in a way they can easily share. Moreover, we need to leverage Check Point’s own field and channel management teams to push content and coverage to their networks, both via social media but also via direct-touch methods. For example, pre-packaged media coverage and social media roundups that a regional manager can send to their counterparts across each of their local channel partners – the goal being to demonstrate a changing tide in the way Check Point market’s itself and create a constant drumbeat of Check Point buzz and coverage. As mentioned previously, we would also invite channel executives from Check Point’s largest partners to participate in a digital panel (again with the focus on Duty of Trust and security trends versus technology) – we would collaborate with each partner’s marketing team to distribute invitations to the panel chat to their respective customers and networks, thus compounding our reach. This could be done on a quarterly basis, with a different panel participating each time – the “Security Mover Class” series. We can reinforce this with a blog that invites contributions from executive

and product management across each of these partners, again providing the means for that partner to them promote to their channels. The goal across all of these audiences is to create a sense of community – the Check Point ecosystem coming together for the benefit of driving the industry forward and forcing business-level discussions around security. We can even brand this community online in a single forum (different than the technical community) entirely focused on vision, best practices, and corporate responsibility and accountability. To help launch this community effort, we could launch the Check Point “Duty of Trust” Award to companies that demonstrate a certain standard of corporate responsibility in the way they think about and approach network security. Those that go above and beyond and apply a unique blend of best practices to ensure the security of their employees, customers, suppliers, patients, students, and other stakeholders. We could announce the award via the media and social and accept nominees via a dedicated web page… rep and channel partners could nominate customers as well. The award could then be given at a special ceremony at CPX, with the winners being offered up for exclusive media interviews and promoted after the fact over social media.

Product Reviews Getting product-related coverage has become much harder in the digital media world, where click counts are the measurement of an articles’ worth and ROI. Product-focused press releases are largely eschewed by reporters, as a result. Therefore, one of the better ways to try to promote product features and functionality is through the use of a product reviews program. When it comes to landing security-related product reviews, a two-pronged approach (earned and paid) is recommended. Many of the enterprise IT publications have shut down their testing labs for the same reason that product news coverage has waned. There remain a limited number of them that write product reviews, chief among them SC Magazine and the IDG network. SC Magazine does both “First Looks” standalone reviews and “Group Tests” which compare features and functionality of up to 10 competitive products in a given market. Judy

Traub is the gatekeeper to the reviews process and Peter Stephenson is the tester. The Group Tests can be a riskier proposition as we’re being compared head to head with a large number of competitors. The upside is that if we fare well against the competition, the review means even more than a positive First Looks standalone review, and can be leveraged in competitive sales situations. IDG runs a wide range of reviews primarily across Network World and InfoWorld, with everything from standalone to group tests and even video reviews done by a mix of staff and freelance contributors. A small percentage of these tests are security-related, but there are opportunities. On the B2C side, there are more opportunities for reviews, the most influential being PC Magazine and PC World. Neil Rubenking in the PC Magazine testing lab has a rigorous process and really gets under the hood of each product.

An overall caveat for submitting for earned review opportunities: it is essential that we know how the product will test, and that we have a detailed reviewer’s guide to accompany it as well as an assigned SE to handhold the reviewer if appropriate. Once the reviewer receives the product, the ultimate outcome is largely out of our hands, so confidence in the performance should be assessed as a first step. The second prong of the approach is to allocate budget for paid review opportunities. There are a number of freelance reviewers who will test products for a fee (generally in the $3-5K range) and will generally write glowing recommendations as a result. We have much more control over the review outcome, and these reviewers will be open to suggestions and edits in order to make sure we’re happy with the final article. An example is Frank Ohlhorst, whose reviews regularly appear in Quinstreet (eWeek, et al), Tom’sITpro, UBM (Network Comput-

ing, iWeek), Desktop Engineering Magazine and TechTarget’s Technology Guide, and eChannelLine. These reviewers don’t all need to be in the U.S. either. The UK has respected tech journalists with close ties to publications, who are much more accepting of paid review opportunities. For instance, Dave Mitchell is an industry vet with editorial ties to Computing Security UK and Network Computing, two of the leading IT trade publications. His testing and writing skills are excellent, and the reviews he produces will not only be published in one or both of those UK publications, but can be used as sales collateral in the U.S. Through a combination of earned and paid reviews, we can build up a stable of product-centric collateral that will support product marketing and sales and increase awareness of new product offerings.

Driving Positive Press With Social Media On the web, content is and always will be king. Not only does fresh and interesting content bring repeat visitors, more importantly it increases the odds that other users and website owners will want to share your content with their visitors, groups or friends. This is becoming increasingly important as the web is evolving into a â&#x20AC;&#x153;participationâ&#x20AC;? based social network. Social media content and audience interaction provides an ideal opportunity for Check Point to amplify and syndicate useful content such as articles, videos, opinions and news about its technology. If Check Point wants to differentiate as a leader in securing the future, it should become more of a focal point through social media. That is why we believe it is important to have an integrated campaign. Social media is especially effective in B2B scenarios given the length of time it takes to effectively communicate complex messaging, and the fact that B2B sales cycles are longer and more involved than a consumer product. For these reasons, engaging on social media channels and using effective content is critical for business success as well as general awareness.

Below is an example of how we helped Cisco develop and curate its brand journalism efforts to reach both media and social influencers.

The results included 8.2 million new views to the site and helping Cisco to secure several award nominations for the quality of the content on the site. LEWIS also secured 7 media articles in 3 months through PR outreach on the topics of the site itself.

Content creation, curation The Network is a technology news site that Cisco launched as an early brand journalism initiative several years ago. The site contains content from across the web, hosting infographics, videos and articles from freelance journalists, among other items. With the recent introduction of FOCUS, a monthly thematic online publication that is produced on The Network, Cisco is aiming to spotlight a different technology topic each month based on industry trends and timely events. LEWIS worked with Cisco to: • create and amplify content on The Network and for FOCUS through promotion across various social media channels including Tumblr, Twitter, Facebook and Google+ • create a social media outreach program to target influencers to spread the content on The Network and also supported it with social media ads 39

Combating Negative Press With Social Media In this era of instant, readily accessible information vial on-line media outlets and social networks, even unqualified reporting can escalate to the level of viral distribution. Members of the LEWIS team offer direct, personal experience of working at the highest levels of the media combined with practical experience of handling a variety of international, high-profile crises on the global media stage. Most companies experience a threat to their brand credibility at some point, whether it’s a relevant internal exposure, or an erroneous unsubstantiated accusation via a social networking platform. Our crisis communications services include social media consultancy, global communications training, internal communications policies, and media planning, monitoring and response.

Here’s one example of our team’s work:

Responding swiftly to minimize a crisis In 2013, the lab at cyber security firm FireEye published a technical blog post concluding that not only had a dormant strain of malware (Gauss) reemerged, but that it could be linked to another high-profile malware strain (Flame), and that both were originating from the same hacker group. Within minutes of the post’s publication, researchers from Kaspersky Labs and other members of

the security research community took to Twitter to denounce FireEye’s claims by acknowledging that what FireEye had found was not the reemergence of the malware strain, but instead one of Kaspersky’s ‘sinkhole’ servers used for their own malware research. FireEye prides itself on the technical ‘chops’ of its research lab and regularly promotes a steady stream of discoveries via the FireEye blog. At worst, Kaspersky’s revelation in this instance could have undercut the integrity of the research team and FireEye, and at best it proved an embarrassment to the research team who overlooked the possibility of a sinkhole. Working in conjunction with FireEye, the LEWIS team’s crisis communication strategy was anchored on the following: Immediate response: As soon as the news broke that the research was incorrect, FireEye took down their original post. To ensure that FireEye didn’t appear to be hiding their error by removing the post, LEWIS crafted a Tweet for FireEye to publish, acknowledging their error and instructing people to check back shortly for an update to the findings. The facts: At the same time, LEWIS immediately pulled together a conference call with the relevant stakeholders from FireEye’s lab and marketing teams for a detailed discussion on what had actually happened. Did FireEye actually make a mistake? How did it happen? Could this mistake have been avoided? Taking responsibility: LEWIS crafted a short statement in which FireEye acknowledged and explained the error, as well as apologized for any confusion that their original post may have caused. The statement was concise, transparent, and avoided defensive language. It was published to the FireEye

blog, along with the text of the original blog post, and was promoted via the FireEye Twitter handle. During this time, LEWIS was consistently monitoring for Tweets related to the crisis, flagging those that required direct response. For example, select reporters who had covered the news and Tweeted inquiries at the FireEye handle received direct @ replies, and those reporters who called or emailed seeking a direct quote or comment were also sent personal emails with FireEye’s public statement as it was made public. A full report on related coverage was compiled and sent to the client. Because FireEye acted swiftly, was transparent in their rebuttal and accepted responsibility for their actions, they were portrayed fairly in coverage of the news. In fact, a reporter from InfoSecurity US wrote, “While embarrassing for FireEye, the company shouldn’t feel too bad…”

Social Media Services, Measurement & Management LEWIS has a team of 40 professionals accross the US who focus on social media, digital marketing and brand and product marketing. We manage social programs for some of the biggest brands in technology: VMware, Comcast, and others. LEWIS takes a holistic, integrated approach to social media to ensure that this channel supports the requirements of and leverages the opportunities for multiple constituencies, including marketing, PR, customer support, and others. LEWIS builds and executes social media strategies and programs based on the client’s business goals. For Check Point, we recommend a social media strategy that focuses primarily on thought leadership. We’d build a social media presence that is consistent with the brand and engages with key target audiences and we would recommend developing a mix of organic and paid social programs. In addition to IT/security administrator, C-level executive, and channel audiences, our social media program would also follow and engage with industry influencers. Social media requires a strong content pipeline and LEWIS would proactively manage the process, from developing the strategy to creating the content calendar to publishing the day-to-day posts to engaging with other customers, prospects, and influencers on social media. LEWIS would work with Check Point to identify the key performance indicators (KPIs) for the social media program, determine how those KPIs will be tracked, and set goals for the program. Example metrics include: follower acquisition, engagement, traffic to the website/microsite, etc. LEWIS would track program results on an ongoing basis and deliver regular reports that show results and provide recommendations for ongoing optimization.

Below is an example of a social media community building program LEWIS has executed.

LEWIS began working with Comcast Business in 2011 to build a social media presence. While the residential business had a robust social media program, the Business Services division had no official social media presence and there were a number of “rogue” accounts that did not appropriately represent the business. The social media program started with a LinkedIn company page followed by Twitter – Facebook and Google+ are also part of the program but are not the primary focus – and LEWIS also helped develop the organization’s social media policies and guidelines. LEWIS manages the program from soup to nuts, creating the strategy, developing the content for social posts on an ongoing basis, managing paid social programs, developing and executing on social campaigns, and measuring program results. Today, Comcast Business has over 62,000 LinkedIn followers and over 32,000 Twitter followers – and the content promoted both organically and via paid programs consistently beats engagement benchmarks. In 2013, LEWIS planned and executed a virtual week-long event – Tech Week – targeted at entrepreneurs and startups to promote the use of technology to drive business growth. Tech Week has become an annual event and has grown each

year, and in 2014, the event was integrated with the Innovations 4 Entrepreneurs (I4E) contest. During the 2014 I4E Tech Week event, Comcast Business launched the Comcast Business Community, an online resource for thought leadership content targeted at SMBs and enterprises. LEWIS manages the community, sourcing all of the content, promoting the articles in organic and paid social media, and measuring results. Since launch, the community has published almost 650 articles from over 60 contributors that have garnered more than 3.2 million page views, and the community has more than 2,500 registered users.

Taking Advantage of a Security Breach There are several factors to consider in the event of a widely publicized security breach, which in turn influence the response strategy. First, has the cause or entry point of the breach been made public yet? Most initial disclosures and early reporting on such breaches simply report on the effects, not the cause (i.e. number of customers/records affected, type of data compromised, etc). It’s important not to wade into the media fray without having the facts. Second, do we know who the attackers were? This can sometimes take months to confirm, but post-event forensics typically lead to a quick determination. The difference between an attack by China and an attack by Anonymous is an important distinction. Third, has anyone within our client’s own research organization discovered something about the breach? If so, in most cases they should have notified the breached company with the findings and possibly law enforcement as well, but at that point, they should be free to share what they know with the media. Once a topline understanding of the breach dynamics has been agreed upon, speed and relevancy become the critical factors in inserting ourselves into the media cycle. The industry is overrun with security experts all trying to get their share of quotes into the press. We not only need to compete to get in front of reporters before they write their stories, but we need to craft comments that will rise above the din of opinion. A few specific tips for achieving both: • Create a bank of pre-approved quotes that address various breach types. Make them short and easily quotable, with built-in sound bites. Analogies work very well. This way, when a major breach occurs, we already have something relevant we can send to media, with only slight modifications by the agency to make it specific to the breach in question. This works particularly well when experts are located in different time zones and cannot immediately respond and approve new quotes.

• If our researchers do have any specific knowledge of the breach that can be shared publicly, incorporating that into our response is crucial. The less generic the commentary is, the more likely reporters will be to use it. They are always looking for additional details about how the attack could have happened. • Nurture relationships with reporters BEFORE large-scale breaches occur. Most journalists have a list of experts they tap on a regular basis, sometimes even on background, for their stories. It’s important to consistently offer top-tier reporters access to our key experts and make sure there is an open line of communication when they need insights. Although there may not be coverage that results from every interaction, this type of relationship-building can payoff big when there is a frontpage breach and they are suddenly inundated with experts clamoring for their attention. Reporters will turn to sources they believe are knowledgeable, responsive and trustworthy. Short comments of one to two sentences are what reporters are looking for in these breaking news stories. However, if the insights we have are substantive, the corporate blog is a great avenue for delivering longer form commentary. Once published, we can then share a link to the post with the media and they can pull directly from it. We can also promote and distribute those blog posts across our own social media networks, and those of our employees and partners. In cases where we have more lead time, we can even pre-pitch the pending blog post before it is published in order to create a sense of urgency with reporters that they will have a certain window of time to write before the post is made public.

Top-20 Industry Influencer Relationships The following are some of the top business and trade reporters that focus on security technology and the business of security.