software of cybersecurity security and the fed: the rising

INDUSTRY NOTE

USA | Technology

Software March 7, 2013

SoftwareSecurity and the Fed: The Rising Importanceof Cybersecurity

EQU

ITY R

ESEARC

H A

MERIC

AS

Aaron Schwartz, CFA *Equity Analyst

(212) 284-4660 [email protected] Boolani *

Equity Associate(212) 284-2269 [email protected]

* Jefferies LLC

Key TakeawayCybersecurity is far from a static issue within federal agencies despite broaderbudgetary uncertainty. The threat spectrum has always been on the rise butthe motive of attack is changing; moving from financial to political gain. Thishas triggered a greater sense of urgency for security initiatives at the federallevel which will likely lead to a growing area of spend where FIRE, INTC (MFE),PANW and SYMC are better positioned.

Security is rising in importance at the federal level. So far this year, the NationalDefense Authorization Act was signed into law inclusive of several statutory cybersecurityprovisions, two independent cybersecurity bills have been reintroduced to the U.S. Congressand President Obama signed an Executive Order aimed at improving national IT security;specifically related to “critical infrastructure.” The implications from these proposals varybut the clear takeaway is the rising significance of cybersecurity at a federal level.

A greater sense of urgency is due to the shift in motive. The threat spectrumis changing where political objectives, rather than financial gain, are now the motivebehind attacks; and increasingly sponsored by nation states. This year alone, the U.S.Federal Reserve, U.S. Department of Energy and several undisclosed critical infrastructureorganizations have been breached, reportedly from foreign entities, while in 2011, fivemulti-national energy companies suffered attacks that originated from foreign nation states,according to McAfee. A widely sourced February report by IT security firm Mandiantprovided vast evidence, corroborated by U.S. intelligence officials, of attacks that originatedfrom foreign nation states with a sharp increase seen since 2011.

Budget uncertainty will persist but security spend will be resistant. Cybersecuritywill remain a top priority within the Department of Homeland Security (DHS), where theinitial FY13 budget request included a 74% increase in security within a flat overall DHSbudget, according to GCN. Sequestration and other appropriations will be involved and theoutcome could be a more backend-loaded nature to the spend with concentration towardsC3Q13. But federal cybersecurity spend should be immune from broader budget pressureand select funded programs provide visibility to absolute growth.

Continuous monitoring and the next phase of EINSTEIN stand out. Larger andfunded opportunities include the Continuous Diagnostics and Mitigation (CDM) program,which encompasses $6bn over five years for continuous monitoring solutions, and theNational Cybersecurity Protection System (NCPS), which has approved funds to expeditethe deployment of systems related to the EINSTEIN 3 program. Cybersecurity is becomingmore integral to federal priorities and large funded opportunities exist; we believe vendorsincluding Sourcefire (FIRE), McAfee (INTC), Palo Alto Networks (PANW) and Symantec(SYMC) are well positioned to benefit with private vendors including FireEye and Trustwavealso involved.

Follow-up industry expert conference call. We will host a related conference call withan independent consulting firm that focuses on guidance and support services to both theFederal government and those commercial entities that support it. The call will be held onWednesday, March 13 at 12:00PM ET; details as follows: Dial-in: (866) 900- 5944 (U.S.)/(706) 643-3801 (Global) / +44 (0) 20 3107 0289 (U.K.); Conference ID#: 20513165.

Jefferies does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that Jefferies may have a conflictof interest that could affect the objectivity of this report. Investors should consider this report as only a single factor in making their investment decision.Please see analyst certifications, important disclosure information, and information regarding the status of non-US analysts on pages 12 to 15 of this report.

Summary Cybersecurity initiatives continue to expand as a priority for federal agencies but with a

recent greater sense of urgency. Over the last two months alone, the President issued an

Executive Order, and two independent cybersecurity legislative bills have been

reintroduced to U.S. Congress. Underlying these actions is not only an increase in attacks

but also a change in the source, target and intent of the attack—political objective, rather

than financial gain, is increasingly the motive behind the attack and is often sponsored by

nation states. This is the primary reason regulatory authorities are inserting themselves

into the cybersecurity conversation.

Nevertheless, the current implications from the proposed legislation vary. Most current

proposals only involve voluntary programs for cybersecurity standards based on

information sharing. However, it is clear that security is an increasingly important initiative

at the federal level, which will result in new and expanding opportunities for commercial

security vendors. The heightened status of security will lay a foundation for broader

security strategies and related spending initiatives. And in an uncertain budgetary

timeframe, security will be a more immune, and likely growing, area within public sector

spending. Areas including security assessments, continuous monitoring and, over time,

next-generation host-based security solutions will see expansion where vendors including

Sourcefire (FIRE), McAfee (INTC), Palo Alto Networks (PANW) and Symantec (SYMC) are

well positioned to benefit.

Cybersecurity Is Expanding as a Federal Priority On January 2, the National Defense Authorization Act (NDAA) was signed into law and

included several statutory cybersecurity provisions. Since then, the Senate introduced the

Cybersecurity and American Cyber Competitiveness Act of 2013 (January 23); President

Obama signed an Executive Order aimed at improving U.S. cyber defenses (February 12)

and the Cyber Intelligence Sharing and Protection Act (CISPA) was reintroduced to the

House (February 13).

The rapid pace at which cybersecurity initiatives have expanded as a federal priority is

clear. This is due to an increase in the number and severity of threats; McAfee saw a 51%

increase in malware samples in 2012, as well as the changing motive of the attack beyond

notoriety. This year alone, not only have commercial entities such as The New York Times,

The Wall Street Journal, Apple and Facebook reported intrusions, but also the U.S. Federal

Reserve, the International Monetary Fund, defense contractor Lockheed Martin as well as

several undisclosed attacks on critical infrastructure entities. A recent report by Mandiant,

an IT security firm, provides evidence of an increasing cyber-attack focus on U.S. critical

infrastructure from foreign nation states and shows a sharp increase in nation state

sponsored attacks since 2011. For example, the report cites a recent intrusion on Telvent,

a company with access to over 60% of oil and gas pipelines in North America, which was

reportedly initiated by the Chinese PLA. The attack was corroborated by Telvent and U.S.

intelligence agencies.

Attack Motive Is Increasingly Political Driven The threat motive is moving beyond notoriety or financial gain. Over the last

several years, the predominate source and reason for cyber-attacks has been externally

originated attacks for the purpose of financial theft—over 98% of breaches now originate

from external sources, up from 72% in 2009, according to Verizon’s annual data breach

report. The involvement of organized crime, which often supports attacks with greater

funding, has been the primary reason the objective of attacks shifted from notoriety (i.e.,

script kiddies) to financial theft and we are now seeing the next shift which involves

nation states.

The motive of attacks is shifting

towards political objectives, and

increasingly involving nation states

In 2011 five multinational oil and gas

companies were attacked by foreign

nation states, according to McAfee

We believe FIRE, MFE (INTC), PANW

and SYMC are positioned to benefit

Technology

Software

March 7, 2013

page 2 of 15 , Equity Analyst, (212) 284-4660, [email protected] Schwartz, CFA

Please see important disclosure information on pages 12 - 15 of this report.

Going forward, political objectives will play a far greater, and public, role in

cyber-attacks. Just as the threat spectrum was characterized by a shift to organized

crime over the last several years, political objectives and the role of nation states as targets

and perpetrators of attacks will increasingly characterize the threat spectrum going

forward. The aforementioned Mandiant report provided vast evidence of an increase in

attacks that have originated from China and this evidence has been confirmed by U.S.

intelligence officials, according to The New York Times. Separately, at the recent

Information Systems Security Association conference, 79% of IT security professional

attendees believe a “major” cyber terrorism event will occur within the next year. Part of

this concern stems from the awareness of activities originated by nation states inclusive of

U.S. participation; for example, the U.S. reportedly worked with Israel to use cyber tools

(Stuxnet) to disrupt Iran’s nuclear program.

This shift to political involvement is the most important factor behind the

increasing public sector involvement in security. The risk has been seen with the

increase in federal attacks—the number of intrusions reported by U.S. federal agencies

increased by 13% to 49,000 in 2012, according to the U.S. Computer Emergency

Readiness Team (US-CERT)—as well as deficient preparedness, as the same report finds

that most of the 24 major federal agencies had information security weaknesses.

Therefore, with the shift in attack motive and increasing political awareness, security will

be far from a static issue over the next several years, even in the wake of federal budget

cuts. Just recently, Steven VanRoekel, Federal Chief Information Officer of the United

States, spoke on potential budget cuts and sequestration where “cybersecurity is such an

evolving threat that we have to be ever vigilant, we have to be proactive, we have to be

investing dollars and engaging smart contractors to think about how to lean forward.”

Cybersecurity Legislation in Motion Again Security regulation is a complex issue for both the private and public sector. This is due to

the sensitivity of the issue, the natural incentive for organizations to prevent attacks and

also a resistance to any forced mandate on security. But the increase in nation state

involvement behind security breaches has raised more questions about the danger of

attacks and the role of regulation.

Historically, cybersecurity at a national level has been a piecemeal approach with limited

success. A recent report by the U.S. Government Accountability Office (GAO) contends

that current security strategies have seen limited successful implementation. In fiscal

2012, 19 of 24 major federal agencies reported that information security controls were

either a material weakness or significantly deficient in internal controls. Most of the 24

agencies had information security weaknesses in areas including inappropriate access to

computer resources; system configuration; contingency planning for disruption or

disaster; and implementing agency-wide information security—thus another reason why

new security-specific legislation has been drawn.

Below we provide a summary overview of selected national strategies and bills, historical

and current, related to cybersecurity.

Chart 1: Cyberattack Incidents

Reported by Federal Agencies

No. of Incidents in 000s

Source: GAO, US-CERT data

2006-2012: +782%

Technology

Software

March 7, 2013



Chart 2: Evolution of Cyber Strategies and Select Cyber Legislation Overview

Source: GAO, GovWin (Deltek Report), Jefferies

Despite what has historically been a stagnant and even reactive cybersecurity legislation

environment, greater evidence of the expanded federal priority on cybersecurity matters

has manifested itself in several legislative proposals that have emerged in the last several

weeks. We look at four more topical law-making endeavors, and which will likely have the

most relevant impact to commercial / private sector security vendors. Specifically of

interest is the NDAA, which is one of few laws that provides some visibility into funding

levels, in the context of current, urgent cybersecurity priorities. Beyond legislation, we

also look at specific funded programs for FY13.

1) National Defense Authorization Act for 2013 (NDAA)

The NDAA outlines several targeted statutory provisions on cybersecurity

issues. Signed into law on January 2, the NDAA—legislation that formally sets policies

and funding levels for DoD operations and national security programs for the DoE—

outlines several cybersecurity-related provisions that the DoD is required by law to

implement, with the most relevant spanning a) investment strategies and priorities; b)

mandatory reporting requirements and protocols in the event of potential data breaches

in the defense industrial base; c) development of network flow data collection and

analysis capabilities; and d) procurement of “next-generation” systems involving host-

based cyber security tools and capabilities longer-term.

a) Formal communication of cybersecurity investment strategies and

priorities expected. The NDAA law requires that within six months of its

enactment, the U.S. Air Force is to submit a proposal detailing investment

strategies and priorities relating to cyberscience and technology needs; with

clear identification of expected resources required (both funding and personnel)

to meet these objectives. Given the budgetary uncertainties, such a mandate

demonstrates the greater significance—and perhaps even relative immunity

from potential budget cuts—ascribed to such initiatives.

2000

National Plan for Information Systems Protection v1.0 (January)

2003

2003 National CybersecurityStrategy (February)

Homeland Security Presidential Directive-7 (December)

2006

National Infrastructure Protection Plan (June)

2008

Comprehensive National Cybersecurity Initiative (January)

2009

National Infrastructure Protection Plan Update (January)

Whitehouse Cyberspace Policy Review (May)

2011

Homeland Security Cyber and Physical Infrastructure Protection Act (January)

Cybersecurity Education Enhancement Act (January)

Cybersecurity and Internet Freedom Act (February)

Executive Cyberspace Coordination Act (March)

National Strategy for Trusted Identities in Cyberspace (April)

Cyber Security Public Awareness Act (April)

International Strategy for Cyberspace (May)

Cyberspace Warriors Act (June)

2012

Cybersecurity Act (February)

3 Priority Areas for Improvement Identified (March)

SECURE IT Act (March)

Cyber Intelligence Sharing and Protection Act (April)

Cybersecurity Enhancement Act (April)

Intelligence Authorization Act (May)

Keep America Secure (August)

Cybersecurity and American Cyber Competitiveness Act of 2013 (Introduced January)

Executive Order-Improving Critical Infrastructure Cybersecurity (February)

Cyber Intelligence Sharing and Protection Act (Re-Introduced February)

2013

Technology

Software

March 7, 2013



b) Mandatory data breach reporting requirements for private entities

granted DoD clearance. The legislation also stipulates that “cleared”

members of the defense contractor community—or those private entities

granted DoD-authorized access to classified information—are required to report

intrusions of their DoD-sanctioned networks and IT systems. This is somewhat

unique in that other current proposals on information exchange with the private

sector, regarding infrastructure-based compromises, are typically one-sided,

where participation by the private sector is largely voluntary.

c) Improved capabilities around network flow data collection and

analysis. The law permits use of existing funding and research capabilities to

develop collection, processing and storage technologies, that monitor, identify

and counteract vulnerabilities and infrastructure compromises within the DoD’s

network—as well as DoD network data flow on ISPs’ networks—specifically

through the analysis of its voluminous data flow records. There has been a

convergence between data inspection, collection, analytics and security with

vendors including NetScout, Splunk, TIBCO, IBM, McAfee and Palo Alto

Networks involved; with each providing a differing security analytics approach.

d) Procurement authorization for “next-generation” cybersecurity

system. The law authorizes the acquisition of “next-generation” cybersecurity

systems for the DoD. The provision calls for an open framework to enable

integration of various commercial tools and applications in the realm of

continuous cyber-intrusion monitoring, detection, and remediation. This section

of the NDAA involves a longer-term outlook with budget submissions into

Congress requested for the FY15 period.

These NDAA provisions emphasize the current focus of strengthening federal

cybersecurity initiatives, and are directional indicators of how commercial vendors and

service providers can benefit. Yet admittedly—as we discuss further below—related

initiatives and other pending programs are largely voluntary and lack specific funding

appropriations.

2) Cybersecurity and American Cyber Competitiveness Act of 2013

The Cybersecurity and American Cyber Competitiveness Act was introduced to the Senate

on January 23 and is a modified version of the predecessor Cybersecurity Act of 2012. The

bill recommends public-private consensus to encourage and enhance communication

between government agencies and commercial organizations, but does not outline

specific strategies, requirements or incentives for private sector security compliance, as

did the prior proposal. If passed, however, the bill would add a legal and enforceability

backbone to the information sharing objectives.

A background on the bill involves standard political and regulatory lines, and is an

example of the complexity and criticism behind security mandates. The Cybersecurity Act

of 2012 failed (twice) in Congress largely due to complaints it would be a burden to

commercial entities. The bill included select requirements for defined critical infrastructure

companies to meet minimum security standards defined by government figures, and

enforced by the private sector. The re-introduced 2013 bill intentionally lacks specific

compliance requirements in order to improve the chance the bill passes.

3) Executive Order: Improving Critical Infrastructure Cybersecurity

Signed Executive Order seeks to increase cyberthreat information sharing but

lacks legal protection. On February 12, President Obama signed an Executive Order

and a related presidential policy directive to facilitate greater sharing of classified and

unclassified cyberthreat information between the public sector and eligible private sector

companies managing the nation’s critical infrastructure—which includes water, power,

NDAA reporting requirements are

unique relative to other proposed

legislation with two-way information

exchange

In February, Splunk App for Palo Alto

Networks was released to enable

machine-generated big data to be

used for security-based risk analysis

The Industrial Control Systems-

Cyber Emergency Response Team

(ICS-CERT)—DHS’s critical

infrastructure threat monitoring and

remediation taskforce—responded

to and investigated 198 cyber-

incidents against critical

infrastructure in FY12, compared to

130 in FY11.

However, our conversations suggest

these numbers remain relatively

modest compared to the much

larger total number of addressable

ICS entities.

Technology

Software

March 7, 2013



communications and transportation services. The Order is a one-sided effort; while federal

agencies will be expected to notify private companies of any detected cyberintrusion

activities, private companies will not be legally obliged to reciprocate with similar

information. The directive also calls for the development and enforcement of certain

minimum security standards by federal agencies on critical infrastructure operators, but

where adoption and adherence to these guidelines, as well as any disclosure of threat

information from the private company side, still remains entirely voluntary.

The Order is seen as a short-term solution but not a suitable longer-term approach. The

Order is narrow and more importantly, cannot grant companies protection from legal

action on information shared with government entities. This provides a basis for the

private sector to support alternative security-related bills as only legislation can provide

legal protection. Other drawbacks to the Order remain with an unclear role of the

government to physically protect critical infrastructure, and a lack of legal jurisdiction to

enforce any of the intentions outlined in the Order.

DHS will spearhead several initiatives to move forward the strategy outlined

in the Order. The DHS has been assigned one of the lead roles in moving the

requirements of the Order forward. Over the course of the next six to eight months, the

department will face several deadlines and is charged with: 1) identifying the

government’s relationship with critical infrastructure; 2) formalizing a public

agency/private company partnership framework; 3) finalizing a national infrastructure

protection plan based on the various capabilities of the critical infrastructure in question;

and also 4) introducing incentives for private sector adoption.

4) Cyber Intelligence Sharing and Protection Act of 2013 (CISPA)

CISPA proposes objectives similar to the Cybersecurity and American Cyber

Competitiveness Act and Executive Order around increased communication between the

public and private sector. But the key differentiator is that CISPA envisions a voluntary

bilateral information exchange with the private sector, largely at the expense of individual

privacy, i.e., any personal private information on any network could be shared with

federal agencies, with legal immunity in the event improper information is shared.

This is in contrast to the Executive Order which mandates only the government needs to

share cyberthreat information and makes a distinction between “critical infrastructure”

and private “leisure” or social networks. The Order also ensures, to a degree, that

individual privacy of citizens remains intact.

The CISPA bill passed the House in April 2012 but was threatened to be vetoed if it passed

the Senate due to privacy concerns. The 2013 CISPA bill is the exact same bill and was

reintroduced on February 13. Previously, CISPA had limited support due to the privacy

concerns. Opponents cited reservations around the potential legal immunity private

companies would have whilst being incentivized or even obliged to divulge private citizen

information, and thus infringing on civil liberties. Opposition, including from the ACLU

and the Electronic Frontier Foundation (a digital rights advocacy group), has already

formed against the bill.

Timing Could Shift but Programs Are Funded Related to the legislative activities, the NDAA is one of few recent laws that has established

baseline funding levels, and that specifically outlines 16 IT-related requirements, inclusive

of cybersecurity, that require the DoD’s attention and implementation. The law contains

congressionally authorized spending increases in the DoD’s Procurement budget

(+$966mn) which should influence purchase of cybersecurity tools and technologies,

though the law does not go as far as to appropriate funding to specific initiatives, and

where broader procurement-related spending discretion remains in the hands of the DoD.

The National Institute of Standards

and Technology (NIST), in

collaboration with federal agencies

and private companies, will lead the

efforts for developing a

Cybersecurity Framework—a risk

assessment and best practices

document— over the next eight

months

80%-plus of the nation’s critical

infrastructure is owned and operated

by the private sector

Technology

Software

March 7, 2013



In addition to the NDAA, other larger federal opportunities include 1) a government-wide

Continuous Diagnostics and Monitoring program (CDM or CM); 2) the ongoing National

Cybersecurity Protection System (NCPS), or EINSTEIN program roll-out; and 3) potential

expansion of the Cyber Command forces and U.S. Air Force’s cyber forces. Both the CDM

and NCPS programs are likely to see the greatest participation from the commercial sector

with the later initiatives initially focused more on personnel-expansion, rather than

technological or product expansion

1) Continuous Diagnostics and Mitigation Program (CDM)

Ahead of budget cuts, The Department of Homeland Security (DHS) secured roughly

$200mn in dedicated funding for continuous monitoring programs; a larger $6bn

Continuing-Monitoring-as-a-Service (CMaaS) initiative is also expected to see bids

awarded in FY13. Industry sources indicate the blanket purchase agreement (BPA) was

issued in late January with evaluations expected to occur over the next several weeks. The

programs will initially include civilian agencies but will additionally extend to all areas of

the government. The DHS will centrally manage the allocation of funding with

consistency in continuous monitoring as the goal—as such, security vendors that have

initial wins will be well positioned for additional deployments as the initiative is

expanded.

CM encompasses tools and protocols to instill a more collaborative and

dynamic approach to cybersecurity threat management. The CM program aims

for real-time and iterative threat detection at the agency level to drive greater visibility of

the government-wide risk and vulnerability landscape at the federal level; primarily

through infrastructure standardization and network surveillance process uniformity. The

broader objective is to enable the DHS to diagnose, summarize and disseminate threat

information, subsequent to which the remediation and mitigation would be undertaken

by the agencies.

Currently, major IT systems across the government are manually tested for vulnerabilities

once every three years to meet Federal Information Security management Act (FISMA)

standards. The annual cost to comply with FISMA security requirements is an estimated

$1.5bn, according to a DHS budget analysis, and this funding is expected to be re-

directed to a continuously updated approach. Mr. John Streufert, Director of the DHS’s

National Cyber Security Division, implemented a similar program on a much smaller scale

as the CIO of the State Department, and is championing the redirection of the $1.5bn in

FISMA compliance audit costs towards automated security sensors and monitoring tools.

CMaaS element of the CM program is a $6bn opportunity with bids awarded

in FY13. A notable element of the CM program is the large commercial opportunity tied

to the CMaaS initiative. Final request for bids on the agreement occurred in January 2013

and the DHS expects the purchase agreement to be worth $6bn over the five-year

contract; the agreement will be awarded as a one-year base deal with four one-year

renewals.

The $6bn proposal includes two categories of requirements—one that focuses primarily

on tools, and the other on services. Large system integrators will likely be prime

contractors Northrop Grumman, ManTech, SAIC, with confirmed bids on the

arrangement, according to Washington Business Journal; others including Booz Allen

Hamilton and CSC are reportedly also involved. Regarding the product component, the

proposal requires all prime contractors to involve smaller businesses as sub-contractors

with, according to one report, “pretty aggressive goals they should target.” This is clearly

intended to incorporate smaller and innovative security companies into the proposal, in

our view.

The DHS has approved funding for

continuous scanning and monitoring

tools that will eventually be

deployed government-wide.

In January, DHS representatives said

they anticipate awarding the $6bn in

contracts before October 2013 and

industry sources indicate initial

contracts were issued in late January.

Technology

Software

March 7, 2013



The DHS will cover the $6bn CMaaS spending bill over the course of the five years and

will expand the program to all civilian networks under the DHS purview. The initial

deployment will involve civilian “dot-gov” networks with expansion of the program to

other federal entities including the Department of Defense (DoD), “dot-mil” networks, as

well as state, local, tribal, and territorial governments, thereby further extending the reach

of the CM program.

2) National Cybersecurity Protection System (NCPS), or EINSTEIN Program

Funding for expansion of NCPS, “EINSTEIN 3,” have been approved by

Congress; a large part of the overall increase in DHS cybersecurity spend this year will

reportedly go towards expediting the deployment of EINSTEIN 3. The FY13 DHS budget

specifically includes $345mn for Network Security Deployment, which manages the NCPS

program. The DHS and National Security Agency (NSA) operate EINSTEIN 3 and the

Obama administration, with bi-partisan support from the Department of Justice (DoJ) for

privacy concerns, has made expansion of EINSTEIN 3 a fiscal priority.

Funding is intended to focus on intrusion prevention with the use of “active” sensors

from passive sensors that were utilized in phase 1 and 2 of the EINSTEIN program (which

we recap below). The deployment of EINSTEIN 3 will include intrusion prevention

technologies that involve situational awareness and real/near-real time analytics.

Essentially, technologies involved in this phase will have additional proactive capabilities,

beyond just the passive network data inspection, and intrusion detection capabilities

utilized in the earlier stages of the program.

EINSTEIN 3 will see deployment starting in FY13, which is supported by conversations we

have had with industry contacts, and will involve a multi-year period of implementation.

The timing of deployment within CY13 is less certain but the allocated funds are to be

utilized in FY13 (at a product level, this could be more concentrated towards the

September quarter). Sourcefire was involved in phase 1 and 2 of EINSTEIN and we are

confident the company will participate in phase 3; we also believe McAfee has a presence.

On this note, given the timing delays in the federal budget process, we view expansion /

upgrades for incumbent vendors far more likely than the inclusion of new vendors.

Brief recap of the EINSTEIN program; given it is near its ten-year anniversary.

Originally launched by the DHS, under the direction of its National Cybersecurity Division

in 2004, the NCPS—operationally known as the EINSTEIN program—is the three-phase

deployment of network intrusion detection systems across participating agencies of the

federal government, supported by funds from US-CERT. Designed to enhance the federal

government’s overall cybersecurity posture, and improve the “situational awareness” of

dot-gov domains, each phase of the EINSTEIN program’s roll-out is further decomposed

into “blocks” intended to add incrementally new cyber defense functionalities to agency

networks; with the overarching objective of automating, and increasing the frequency

and consistency with which federal agencies proactively share threat information with US-

CERT.

As the Office of Management and Budget (OMB) requires that federal civilian agencies

report cyber incidents to the US-CERT, the implementation of the EINSTEIN program

effectively serves to create a government-wide network monitoring program, helping to

increase the DHS’s threat and vulnerability awareness at the federal level. EINSTEIN is an

important DHS-governed mandate as it enables the US-CERT to more rapidly identify,

prevent, and disseminate cyberattack information on the dot-gov networks, and

accelerate response and recovery times in the event cyberattacks on agency IT systems do

occur.

US-CERT is the operational arm of the

DHS’s National Cybersecurity

Division and helps oversee the

EINSTEIN program.

As the central incident center for

federal “dot-gov” agencies, the unit

manages the identification, technical

assistance, and warning/ reporting of

cyberthreats through the collection

and analysis of these agencies’

network traffic data.

A large part of DHS cybersecurity

spend will reportedly be steered

towards EINSTEIN 3

Technology

Software

March 7, 2013



Chart 3: Breaking Down EINSTEIN’s “Block” Components

Source: DHS, Jefferies

EINSTEIN 1: The first phase of the implementation, EINSTEIN 1 was initiated in 2004 and

offered an automated process for collecting, correlating, and analyzing network flow

records—or network connections made to an agency’s IT system— from voluntarily

participating federal agencies, to enable the US-CERT to passively analyze anomalies and

detect potentially malicious activity. These records, collected through appliances, were

limited to a small subset of data fields, and focused more on the technical details of

machine-to-machine type information (i.e., IP address details, time of data transmission,

source/destination computer of data transmission, ports and protocols used) and did not

provide granularity down to the user and content level.

EINSTEIN 2: Launched in 2008, this phase of the EINSTEIN program mandated all federal

agencies (excluding the DoD and Intelligence agencies) deploy commercially available

intrusion detection products across their internet access points—in addition to their

existing information security products and practices—so to trigger alerts to the US-CERT

in the event of harmful traffic traversing agency networks. The first government‐wide

intrusion detection system, this system employs highly specialized signatures developed

by the US-CERT, and scans data passively at the content level, where such detail was

previously not being provided to or analyzed by US-CERT under EINSTEIN 1.

EINSTEIN 3: Industry sources confirm that this phase will be a FY13 project for product

deployment and is expected to add a near real-time intrusion prevention capability layer

on to agency networks. The DHS has been engaged in the test phase of EINSTEIN 3 since

2009, but widespread deployment will begin in FY13 with a multi-year schedule.

2) Cyber Command and U.S. Air Force Cyber Forces Expansion

Other meaningful cybersecurity-related initiatives under way at the DoD, involve plans to

expand the military cyber personnel. This expansion would indirectly lead to product

purchases but the timing, size and scope are far from certain. In operation since at least

2010, the DoD’s Cyber Command squad is expected to reorganize in to three forces

catering to 1) military commanders involved in offensive cyberattack operations; 2) units

defending military IT networks; and 3) groups extending protection to a larger extent of

domestic civilian networks across vital commercial sectors. The DoD is widely perceived as

a well-resourced federal entity, and where the expansion of such scale would likely

involve greater investment in tools, capabilities, and infrastructure. Select reports suggest

that under this type of three-pronged structure, the size of the Cyber Command could

increase more than five-fold to upwards of 5,000 military and civilian cyber professionals,

and supports the idea that such initiatives around computer network warfare will remain

immune if not actually grow as part of the broader military budget.

EINSTEIN 1: Launched 2004

Block 1• Flow sensor• Operating environment• Data storage• Flow analytics

EINSTEIN 2: Launched 2008

Block 2.0• Intrusion detection system

(passive defense)• Improved data storage• Incident Handling• Malware lab• Advanced analytics

Block 2.1• Security Information & event

management (SIEM)• Aggregation and increased storage• Correlation of multiple data sources• Visualization

Block 2.2• Collaboration tools• Information sharing• Network investigative capabilities• Data sharing

EINSTEIN 3: 2013+

Block 3.0• Intrusion prevention & active

defense (sensor, storage and analytics)*

• Information sharing (for active defense)*

• NEST/ ISP interface*• Enhanced flow (classified)• SIEM• Network management• Performance management• Enhanced operating environment

* Marks components of the “EINSTEIN 3 Accelerated” Strategy

Although the reach of the Cyber

Command forces is expected to

include civilian networks, the DoD

would not thwart any cyber-attacks

on ordinary businesses or citizens as

this responsibility largely falls under

the DHS and F.B.I.

The DHS is incorporating an Einstein

3 Accelerated (E3A) strategy, which

would allow for expedited

deployment of intrusion prevention

services through an MSSP

Technology

Software

March 7, 2013



Air Force has also disclosed intentions of expanding its cyber forces in the

medium to long-term. The U.S. Air Force is readying an expansion of its cyber forces

by upwards of 15% (or 1,000 additional personnel), a secondary unit to the DoD’s

broader Cyber Command forces, through 2015. Although this plan will remain

contingent on the availability of funding and budget dollars, cybersecurity continues to

be cited as a perennial priority, especially as it relates to national defense, and continues

to be viewed as an area officials have expressed difficulty in enacting spending reductions

on what is the department’s roughly $3.5 to $4bn annual spend on cyber capabilities.

Vendors Best Positioned to Benefit Depending on the course of sequestration, contract awards and spending could be

delayed towards the back part of FY13. But given the funded initiatives, clear fiscal priority

of security and contracts / evaluations that are under way, federal-based security

spending, at a minimum, will be immune to budgetary pressures and will be more likely

to grow this year. The process for many of these initiatives begins with awards to prime

system integrators, with purchases at the product vendor level occurring through BPAs.

Product vendors with long-established and entrenched relationships at the federal level,

such as Symantec and McAfee, will likely benefit in addition to vendors directly involved

with specific product criteria—here Sourcefire and Palo Alto Networks qualify. In our

industry conversations, we have also heard private vendors FireEye and Trustwave are

well positioned.

Below we highlight a select group of vendors with relevancy and exposure to the public

sector vertical worldwide, amongst whom Sourcefire, Palo Alto Networks, and Symantec

have greater revenue exposure to the U.S. federal and state government entities.

Symantec: We estimate the company has roughly 10% public sector exposure

(SYMC does not specifically disclose vertical revenue exposure) and has had

deeply entrenched engagements with the DoD, broadly including large multi-

year ELAs with the Army and Navy (NMCI) as well as civilian agencies. In

addition to select product areas such as endpoint protection and DLP, the

company is positioned with its vulnerability assessment and managed security

services as part of the latest EINSTEIN provisions.

Sourcefire: Long associated with the U.S. public sector, FIRE has seen

significant revenue diversification with commercial growth. But with 20%

exposure, the company still provides the greatest pure exposure to public sector

security spend. FIRE has been involved in EINSTEIN 1 and 2 deployments and

with the criteria outlined for phase 3—including a further focus on intrusion

prevention—FIRE will continue benefitting from the program. Further, the more

lucrative CM initiative has dedicated FY13 funding with broader CMaaS awards

expected by September, where FIRE could see a greater presence.

Palo Alto Networks: We believe the company has slightly over 10% exposure

to the public sector and is positioned to see broader deployments; although

specific larger programs could be further out. As part of the NDAA, Congress has

mandated a broader strategy for next-generation host-based security tools,

where we expect Palo Alto to compete, with specific allocation of funding in

FY15.

McAfee (part of Intel): Disclosure of specific public sector exposure is limited

but we believe stand-alone McAfee has about 10% revenue exposure to U.S.

public sector entities. The company has had a presence in many programs; we

believe, but have not confirmed, that the company has been involved in earlier

phases of EINSTEIN with its IPS solution and could be involved in EINSTEIN 3.

Technology

Software

March 7, 2013



The company is also well-positioned to participate in the broader CM initiatives.

Further, McAfee gained additional exposure to federal deployments with the

2008 acquisition of Secure Computing, which started out as a small defense

contractor and expanded more broadly into security; the company’s Sidewinder

firewall still does well at the public sector level.

Chart 4: Public Sector Exposure of Select Security Vendors

Source: Jefferies, company data Note: Data for FIRE, FFIV, JNPR and QLYS reflects U.S. federal/state specific revenue

20%

19%

10-15% 10-15%

13%

11%10%

7%

4%

1%

0%

5%

10%

15%

20%

25%

Sourcefire Cisco McAfee Symantec Palo Alto

Networks

Fortinet Check

Point

Software

F5

Networks

Juniper Qualys

Companies Mentioned:

Sourcefire (FIRE, $55.84, HOLD) NetScout (NTCT, $26.11, HOLD) CSC (CSC, $49.35, HOLD)

Intel (INTC, $21.77, HOLD) TIBCO (TIBX, $23.4, BUY) Cisco (CSCO, $21.71, HOLD)

Palo Alto Networks (PANW, $56.33, HOLD) IBM (IBM, $208.46, HOLD) Fortinet (FTNT, $24.27, HOLD)

Symantec (SYMC, $24.53, BUY) Northrop Grumman (NOC, $65.02, BUY) Check Point Software (CHKP, $51.72, BUY)

Splunk (SPLK, $37.8, NC) ManTech (MANT, $24.65, NC) F5 Networks (FFIV, $93.12, HOLD)

Apple (AAPL, $425.43, HOLD) SAIC (SAI, $12.06, BUY) Juniper Networks (JNPR, $20.12, BUY)

Facebook (FB, $27.46, HOLD) Booz Allen Hamilton (BAH, $12.59, NC) Qualys (QLYS, $12.1, NC)

Technology

Software

March 7, 2013



Analyst CertificationI, Aaron Schwartz, CFA, certify that all of the views expressed in this research report accurately reflect my personal views about the subjectsecurity(ies) and subject company(ies). I also certify that no part of my compensation was, is, or will be, directly or indirectly, related to the specificrecommendations or views expressed in this research report.I, Fatima Boolani, certify that all of the views expressed in this research report accurately reflect my personal views about the subject security(ies) andsubject company(ies). I also certify that no part of my compensation was, is, or will be, directly or indirectly, related to the specific recommendationsor views expressed in this research report.As is the case with all Jefferies employees, the analyst(s) responsible for the coverage of the financial instruments discussed in this report receivescompensation based in part on the overall performance of the firm, including investment banking income. We seek to update our research asappropriate, but various regulations may prevent us from doing so. Aside from certain industry reports published on a periodic basis, the large majorityof reports are published at irregular intervals as appropriate in the analyst's judgement.

Company Specific DisclosuresFor Important Disclosure information on companies recommended in this report, please visit our website at https://javatar.bluematrix.com/sellside/Disclosures.action or call 212.284.2300.

Meanings of Jefferies RatingsBuy - Describes stocks that we expect to provide a total return (price appreciation plus yield) of 15% or more within a 12-month period.Hold - Describes stocks that we expect to provide a total return (price appreciation plus yield) of plus 15% or minus 10% within a 12-month period.Underperform - Describes stocks that we expect to provide a total negative return (price appreciation plus yield) of 10% or more within a 12-monthperiod.The expected total return (price appreciation plus yield) for Buy rated stocks with an average stock price consistently below $10 is 20% or more withina 12-month period as these companies are typically more volatile than the overall stock market. For Hold rated stocks with an average stock priceconsistently below $10, the expected total return (price appreciation plus yield) is plus or minus 20% within a 12-month period. For Underperformrated stocks with an average stock price consistently below $10, the expected total return (price appreciation plus yield) is minus 20% within a 12-month period.NR - The investment rating and price target have been temporarily suspended. Such suspensions are in compliance with applicable regulations and/or Jefferies policies.CS - Coverage Suspended. Jefferies has suspended coverage of this company.NC - Not covered. Jefferies does not cover this company.Restricted - Describes issuers where, in conjunction with Jefferies engagement in certain transactions, company policy or applicable securitiesregulations prohibit certain types of communications, including investment recommendations.Monitor - Describes stocks whose company fundamentals and financials are being monitored, and for which no financial projections or opinions onthe investment merits of the company are provided.

Valuation MethodologyJefferies' methodology for assigning ratings may include the following: market capitalization, maturity, growth/value, volatility and expected totalreturn over the next 12 months. The price targets are based on several methodologies, which may include, but are not restricted to, analyses of marketrisk, growth rate, revenue stream, discounted cash flow (DCF), EBITDA, EPS, cash flow (CF), free cash flow (FCF), EV/EBITDA, P/E, PE/growth, P/CF,P/FCF, premium (discount)/average group EV/EBITDA, premium (discount)/average group P/E, sum of the parts, net asset value, dividend returns,and return on equity (ROE) over the next 12 months.

Conviction List Methodology

1. The aim of the conviction list is to publicise the best individual stock ideas from Jefferies Global Research2. Only stocks with a Buy rating are allowed to be included in the recommended list.3. Stocks are screened for minimum market capitalisation and adequate daily turnover. Furthermore, a valuation, correlation and style screen

is used to ensure a well-diversified portfolio.4. Stocks are sorted to a maximum of 30 stocks with the maximum country exposure at around 50%. Limits are also imposed on a sector basis.5. Once a month, analysts are invited to recommend their best ideas. Analysts’ stock selection can be based on one or more of the following:

non-Consensus investment view, difference in earnings relative to Consensus, valuation methodology, target upside/downside % relativeto the current stock price. These are then assessed against existing holdings to ensure consistency. Stocks that have either reached theirtarget price, been downgraded over the course of the month or where a more suitable candidate has been found are removed.

6. All stocks are inserted at the last closing price and removed at the last closing price. There are no changes to the conviction list duringthe month.

7. Performance is calculated in US dollars on an equally weighted basis and is compared to MSCI World AC US$.8. The conviction list is published once a month whilst global equity markets are closed.9. Transaction fees are not included.

10. All corporate actions are taken into account.

Technology

Software

March 7, 2013



https://javatar.bluematrix.com/sellside/Disclosures.action


Risk which may impede the achievement of our Price TargetThis report was prepared for general circulation and does not provide investment recommendations specific to individual investors. As such, thefinancial instruments discussed in this report may not be suitable for all investors and investors must make their own investment decisions basedupon their specific investment objectives and financial situation utilizing their own financial advisors as they deem necessary. Past performance ofthe financial instruments recommended in this report should not be taken as an indication or guarantee of future results. The price, value of, andincome from, any of the financial instruments mentioned in this report can rise as well as fall and may be affected by changes in economic, financialand political factors. If a financial instrument is denominated in a currency other than the investor's home currency, a change in exchange rates mayadversely affect the price of, value of, or income derived from the financial instrument described in this report. In addition, investors in securities suchas ADRs, whose values are affected by the currency of the underlying security, effectively assume currency risk.

Other Companies Mentioned in This Report• Apple Inc. (AAPL: $425.66, HOLD)• Check Point Software Technologies Ltd. (CHKP: $51.74, BUY)• Cisco Systems, Inc. (CSCO: $21.72, HOLD)• Computer Sciences Corporation (CSC: $49.35, HOLD)• F5 Networks, Inc. (FFIV: $93.11, HOLD)• Facebook, Inc. (FB: $27.45, HOLD)• Fortinet (FTNT: $24.28, HOLD)• Intel Corporation (INTC: $21.75, HOLD)• International Business Machines (IBM: $208.38, HOLD)• Juniper, Inc. (JNPR: $20.12, BUY)• NetScout Systems (NTCT: $26.10, HOLD)• Northrop Grumman Corp. (NOC: $64.96, BUY)• Palo Alto Networks (PANW: $56.38, HOLD)• SAIC, Inc. (SAI: $12.05, BUY)• Sourcefire, Inc. (FIRE: $55.80, HOLD)• Symantec Corp. (SYMC: $24.52, BUY)• TIBCO Software Inc. (TIBX: $23.37, BUY)

Distribution of RatingsIB Serv./Past 12 Mos.

Rating Count Percent Count Percent

BUY 736 46.41% 126 17.12%HOLD 717 45.21% 85 11.85%UNDERPERFORM 133 8.39% 2 1.50%

Other Important Disclosures

Jefferies Equity Research refers to research reports produced by analysts employed by one of the following Jefferies Group LLC (“Jefferies”) groupcompanies:

United States: Jefferies LLC which is an SEC registered firm and a member of FINRA.

United Kingdom: Jefferies International Limited, which is authorized and regulated by the Financial Services Authority; registered in England andWales No. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ; telephone +44 (0)20 7029 8000; facsimile +44 (0)207029 8010.

Hong Kong: Jefferies Hong Kong Limited, which is licensed by the Securities and Futures Commission of Hong Kong with CE number ATS546; locatedat Suite 2201, 22nd Floor, Cheung Kong Center, 2 Queen’s Road Central, Hong Kong.

Singapore: Jefferies Singapore Limited, which is licensed by the Monetary Authority of Singapore; located at 80 Raffles Place #15-20, UOB Plaza 2,Singapore 048624, telephone: +65 6551 3950.

Japan: Jefferies (Japan) Limited, Tokyo Branch, which is a securities company registered by the Financial Services Agency of Japan and is a memberof the Japan Securities Dealers Association; located at Hibiya Marine Bldg, 3F, 1-5-1 Yuraku-cho, Chiyoda-ku, Tokyo 100-0006; telephone +813 52516100; facsimile +813 5251 6101.

India: Jefferies India Private Limited, which is licensed by the Securities and Exchange Board of India as a Merchant Banker (INM000011443) and a StockBroker with Bombay Stock Exchange Limited (INB011438539) and National Stock Exchange of India Limited (INB231438533) in the Capital MarketSegment; located at 42/43, 2 North Avenue, Maker Maxity, Bandra-Kurla Complex, Bandra (East) Mumbai 400 051, India; Tel +91 22 4356 6000.

This material has been prepared by Jefferies employing appropriate expertise, and in the belief that it is fair and not misleading. The information setforth herein was obtained from sources believed to be reliable, but has not been independently verified by Jefferies. Therefore, except for any obligationunder applicable rules we do not guarantee its accuracy. Additional and supporting information is available upon request. Unless prohibited by the

Technology

Software

March 7, 2013



provisions of Regulation S of the U.S. Securities Act of 1933, this material is distributed in the United States ("US"), by Jefferies LLC, a US-registeredbroker-dealer, which accepts responsibility for its contents in accordance with the provisions of Rule 15a-6, under the US Securities Exchange Act of1934. Transactions by or on behalf of any US person may only be effected through Jefferies LLC. In the United Kingdom and European EconomicArea this report is issued and/or approved for distribution by Jefferies International Limited and is intended for use only by persons who have, or havebeen assessed as having, suitable professional experience and expertise, or by persons to whom it can be otherwise lawfully distributed. JefferiesInternational Limited has adopted a conflicts management policy in connection with the preparation and publication of research, the details of whichare available upon request in writing to the Compliance Officer. Jefferies International Limited may allow its analysts to undertake private consultancywork. Jefferies International Limited’s conflicts management policy sets out the arrangements Jefferies International Limited employs to manage anypotential conflicts of interest that may arise as a result of such consultancy work. For Canadian investors, this material is intended for use only byprofessional or institutional investors. None of the investments or investment services mentioned or described herein is available to other personsor to anyone in Canada who is not a "Designated Institution" as defined by the Securities Act (Ontario). In Singapore, Jefferies Singapore Limited isregulated by the Monetary Authority of Singapore. For investors in the Republic of Singapore, this material is provided by Jefferies Singapore Limitedpursuant to Regulation 32C of the Financial Advisers Regulations. The material contained in this document is intended solely for accredited, expert orinstitutional investors, as defined under the Securities and Futures Act (Cap. 289 of Singapore). If there are any matters arising from, or in connectionwith this material, please contact Jefferies Singapore Limited, located at 80 Raffles Place #15-20, UOB Plaza 2, Singapore 048624, telephone: +656551 3950. In Japan this material is issued and distributed by Jefferies (Japan) Limited to institutional investors only. In Hong Kong, this report isissued and approved by Jefferies Hong Kong Limited and is intended for use only by professional investors as defined in the Hong Kong Securities andFutures Ordinance and its subsidiary legislation. In the Republic of China (Taiwan), this report should not be distributed. The research in relation tothis report is conducted outside the PRC. This report does not constitute an offer to sell or the solicitation of an offer to buy any securities in the PRC.PRC investors shall have the relevant qualifications to invest in such securities and shall be responsible for obtaining all relevant approvals, licenses,verifications and/or registrations from the relevant governmental authorities themselves. In India this report is made available by Jefferies India PrivateLimited. In Australia this information is issued solely by Jefferies International Limited and is directed solely at wholesale clients within the meaning ofthe Corporations Act 2001 of Australia (the "Act") in connection with their consideration of any investment or investment service that is the subject ofthis document. Any offer or issue that is the subject of this document does not require, and this document is not, a disclosure document or productdisclosure statement within the meaning of the Act. Jefferies International Limited is authorised and regulated by the Financial Services Authorityunder the laws of the United Kingdom, which differ from Australian laws. Jefferies International Limited has obtained relief under Australian Securitiesand Investments Commission Class Order 03/1099, which conditionally exempts it from holding an Australian financial services licence under theAct in respect of the provision of certain financial services to wholesale clients. Recipients of this document in any other jurisdictions should informthemselves about and observe any applicable legal requirements in relation to the receipt of this document.

This report is not an offer or solicitation of an offer to buy or sell any security or derivative instrument, or to make any investment. Any opinion orestimate constitutes the preparer's best judgment as of the date of preparation, and is subject to change without notice. Jefferies assumes no obligationto maintain or update this report based on subsequent information and events. Jefferies, its associates or affiliates, and its respective officers, directors,and employees may have long or short positions in, or may buy or sell any of the securities, derivative instruments or other investments mentioned ordescribed herein, either as agent or as principal for their own account. Upon request Jefferies may provide specialized research products or servicesto certain customers focusing on the prospects for individual covered stocks as compared to other covered stocks over varying time horizons orunder differing market conditions. While the views expressed in these situations may not always be directionally consistent with the long-term viewsexpressed in the analyst's published research, the analyst has a reasonable basis and any inconsistencies can be reasonably explained. This materialdoes not constitute a personal recommendation or take into account the particular investment objectives, financial situations, or needs of individualclients. Clients should consider whether any advice or recommendation in this report is suitable for their particular circumstances and, if appropriate,seek professional advice, including tax advice. The price and value of the investments referred to herein and the income from them may fluctuate. Pastperformance is not a guide to future performance, future returns are not guaranteed, and a loss of original capital may occur. Fluctuations in exchangerates could have adverse effects on the value or price of, or income derived from, certain investments. This report has been prepared independently ofany issuer of securities mentioned herein and not in connection with any proposed offering of securities or as agent of any issuer of securities. Noneof Jefferies, any of its affiliates or its research analysts has any authority whatsoever to make any representations or warranty on behalf of the issuer(s).Jefferies policy prohibits research personnel from disclosing a recommendation, investment rating, or investment thesis for review by an issuer priorto the publication of a research report containing such rating, recommendation or investment thesis. Any comments or statements made herein arethose of the author(s) and may differ from the views of Jefferies.

This report may contain information obtained from third parties, including ratings from credit ratings agencies such as Standard & Poor’s. Reproductionand distribution of third party content in any form is prohibited except with the prior written permission of the related third party. Third party contentproviders do not guarantee the accuracy, completeness, timeliness or availability of any information, including ratings, and are not responsible forany errors or omissions (negligent or otherwise), regardless of the cause, or for the results obtained from the use of such content. Third party contentproviders give no express or implied warranties, including, but not limited to, any warranties of merchantability or fitness for a particular purpose oruse. Third party content providers shall not be liable for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequentialdamages, costs, expenses, legal fees, or losses (including lost income or profits and opportunity costs) in connection with any use of their content,including ratings. Credit ratings are statements of opinions and are not statements of fact or recommendations to purchase, hold or sell securities. Theydo not address the suitability of securities or the suitability of securities for investment purposes, and should not be relied on as investment advice.

Jefferies research reports are disseminated and available primarily electronically, and, in some cases, in printed form. Electronic research issimultaneously available to all clients. This report or any portion hereof may not be reprinted, sold or redistributed without the written consent ofJefferies. Neither Jefferies nor any officer nor employee of Jefferies accepts any liability whatsoever for any direct, indirect or consequential damagesor losses arising from any use of this report or its contents.

For Important Disclosure information, please visit our website at https://javatar.bluematrix.com/sellside/Disclosures.action or call 1.888.JEFFERIES

Technology

Software

March 7, 2013




software of cybersecurity security and the fed: the rising

Documents