Steppa Services

Service ID Service Name Description Deliverables Price

Audit (A) Provides an overview of Overall Business Report(s), your business security A1 Security Experts One time $2000 per organization readiness. Delivered Evaluation Opinions within 5 working days. Governance, Risk Audit as per ISO 27001, and Compliance Report(s), GDPR, SANS 20, among Price starts at $75 per hour. A2 as per Experts others international Contact Steppa for a quote International Opinions standards. Standards Provides a security Network Report(s), evaluation of your A3 Architecture and Experts One time $1500 per organization network infrastrucure Firewall Reviews Opinions and IT assets. Audit Cloud Infrastructure (AWS, Azure, etc.), MDM * Option 1: One time $50 per IP Config Audit, Offline Report(s), address/host A4 Others Config Audit, Policy Experts * Option 2: Package $500 Compliance Auditing, Opinions monthly for unlimited IP SCAP and OVAL Auditing, address/host paid for 1 year Credentialed Patch Audit.

Vulnerability Assessment (VA)

Check for known Ransomware, Spectre and Meltdown. * Option 1: One time $50 per IP Scan for all known Furthermore, check for Report(s), address/host VA exploits and Intel security bypass, Experts * Option 2: Package $500 vulnerabilities Badlock, Bash Opinions monthly for unlimited IP Shellshock, DROWN, address/host paid for 1 year Viruses, Rootkits, among others.

Service ID Service Name Description Deliverables Price

Security Testing (ST) Conduct continueous * Option 1: Minimum of $250 real yet ethical attack per IP address/host for 1 week Penetration (e.g., accessing trial plus $75 per hour for extra Reports, Testing based on database) based on the time. ST1 Experts known exploits discovered vulnerability * Option 2: Minimum of $900 Opinions and vulnerabilities after taking permission monthly for unlimited IP or authorization from address/host for 1 month trial the asset owner plus $75 per hour for extra time. Conduct continueous real yet ethical attacks * Option 1: Minimum of $500 (e.g., APTs) based on per IP address/host for 1 week Hacking for expert ethical hackers, Reports, trial plus $75 per hour for extra Bounty based on ST2 reverse engineers, and Experts time. unknown and scientists after taking Opinions * Option 2: Minimum of $1900 hybrid exploits permission or monthly for 1 month trial plus authorization from the $75 per hour for extra time. asset owner

Training and Education (T&E) Educated Employees can reduce the threat of On-line cyber attacks by 90%. Training(s), Price starts at $250 per hour by Join Steppa's Training Training and Knowledge, professional instructors with T&E and Education program Education Material, PhD degree. Every session can to spread awareness and Assessments, accommodate 15 people. reduce employees Certifications mistake. Select from several training

Service ID Service Name Description Deliverables Price

Research and Development (R&D) Fix your business issues, develop and design capabilities and innovative ideas based on research and sience in our experimental lab. Tools, Topics include Industry Technologies, Price is project based starting at Research and R&D 4.0, Robotics, Big Data, Reports, $75 per hour. Contact Steppa for Development Artificial Intelligence, Publications, a quote. Machine Leaning, Data Patents Mining, Cyber Security, among others. Publish and protect your intellectual property via patents.

Consulting and Managed Services (CMS) Get informed, we provide expert recommendations to improve your security Managed program and tools to Services, better protect your Solutions, assets. Furthermore, we Technical and Price is service/project based Consulting and CMS help your employees to Managerial starting at $75 per hour. Contact Managed Services focus on your busines Reports for Steppa for a quote. while we take care of Business your security matters by Intelligence and managing your security Decision Making services such as Firewall, Email, Website, SIEM, among others.

Service ID Service Name Description Deliverables Price

Advanced and Professional Services (APS) Advanced reverse engineering experiments targeting specific Evidence, Reverse executables and Analysis and APS1 Engineering malware samples. The Sandbox aim is to analyze the raw Reports elements of malicious software. Computer crime investigation such as Price is service/project based data breach Evidence, Digital and starting at $75 per hour. Contact investigation, cyber Analysis and APS2 Forensics Steppa for a quote. investigation, email Investigation Investigation investigation, fraud Reports investigation or other threat investigation. Contingency planning Disaster Recovery and implementation of Analysis, & Business APS3 Disaster Recover, Solutions, and Continuity Business Continuity and other Reports Planning Incident Response. Design and implementation of Robotics Design robots, drones, APS4 and industrial control Implementation systems, cyber physical systems, sensors, among others. Price is service/project based Models, Design and starting at $90 per hour. Contact Prototype, Tools implementation of Steppa for a quote. Artificial Intelligence, AI Design and machine learning, data APS5 Implementation mining, and other similar solutions for detection, prevention and control of security events.

Service ID Service Name Description Deliverables Price

Security Information and Event Management (SIEM) Dashboard with Visulization dashboard Dynamic that reads any computer Security Visuals, data. It uses dashboards Information and Focused SIEM and analytics to extract Basic Pro Entreprise Event BigData Search intel for business Management Engine, intelligence and Analytics, decision making. Alerts, Reports Monitoring all your machines' system System and Host information such as SIEM1 Monitoring status, CPU, memory, Dashboard incoming and outgoing traffic in real-time. All from one place. Monitoring Network Network Activities activities, IP SIEM2 Monitoring communication from/to Dashboard your network in real- Dashboard with *$50 /m *$150 /m *$500 /m time. Dynamic paid paid paid Monitoring events and Visuals, Focused yearly yearly yearly Audit Event activities in real-time BigData Search *$75/m *$200/m *$600/m SIEM3 Monitoring such as executed Engine, paid paid paid Dashboard commands, events Analytics, Alerts, monthly monthly monthly types, services, etc. Reports Monitoring all events targeting files such as File Monitoring SIEM4 creating and deleting Dashboard files on any machine in real-time. Monitoring any web request/reply from http Web Monitoring SIEM5 and https runing on- Dashboard premise or on cloud servers

Service ID Service Name Description Deliverables Price

Monitoring all firewall Firewall rules, policies, updates. SIEM6 Dashboard Create and delete rules on the fly. Monitoring all transport layer security, TLS Monitoring SIEM7 certificates, clients, Dashboard servers, sessions, versions on the fly. Monitoring all DNS DNS Monitoring communication and DNS SIEM8 Dashboard abuse activities and tunneling. Dashboard with *$50 /m *$150 /m *$500 /m Monitoring all your Dynamic paid paid paid Ecommerce activities Visuals, Focused yearly yearly yearly Ecommerce and products such as BigData Search SIEM9 *$75/m *$200/m *$600/m Dashboard sales, revenues. Search Engine, paid paid paid per manufacture, Analytics, Alerts, monthly monthly monthly categories, and more. Reports Analytics on flights data such control, ticket Flight Control SIEM10 prices, flight intel on Dashboard cancelations, delays rescheduling, etc. Analytics on social media activities from tweets on Twitter, LinkedIn, among Social Media SIEM11 others. Search per Monitoring hashtags and learn what the world is saying about you and your business.

Service ID Service Name Description Deliverables Price

Detect and learn about any known threats to Threat Detection human beings such as SIEM12 and Monitoring intrusions, scanning Dashboard activities, DDoS, among *$100 /m *$250 /m *$600 /m others. paid paid paid Monitor industrial Dashboard with yearly yearly yearly SCADA control systems, cyber Dynamic *$125/m *$300/m *$700/m SIEM13 Monitoring physical systems and Visuals, Focused paid paid paid System SCADA communications BigData Search monthly monthly monthly in real-time. Engine, Analytics on IoT Analytics, Alerts, IoT Monitoring malicious activities from Reports SIEM14 System within and outside your network. Analytics on terrorist Terrorism activities based on the SIEM15 $500 paid once Dashboard world largest (20 years data) offline dataset.

Steppa Detection and Protection (SDP) Solution Detect and protect all SDP1 IoT Solution your IoT devices from attacks Solution against threats SDP2 SCADA Solution Defense *$100 /m *$250 /m *$600 /m targeting critical sector solution, paid paid paid Stay up-to-date and Dashboards, yearly yearly yearly protect against summary of *$125/m *$300/m *$700/m intrusions that target Intrusion events, Alerts, paid paid paid applications, services, SDP3 Detection and Reports monthly monthly monthly and network. Defense Prevention (IDPS) against DDoS attacks, scanning activities, among others

Service ID Service Name Description Deliverables Price

Risk Management Tool (RMT) Tool for IT executives such as CISO, CTO, CIO, *$150 /m *$250 /m and IT security paid paid managers. The purpose Web-based tool, Risk Management yearly yearly RMT is to manage all risk, guidance and -- Tool *$200/m *$300/m assets and prepare for support paid paid audit. Ideal tool for monthly monthly gornence, risk and compliance (GRC).

Malware Solution (MS) Develop a malware analysis platform that Web-based tool, *$50 /m *$250 /m *$750 /m collects, processes, and monthly paid paid paid analyzes up to 33000 reports, yearly yearly yearly MS Malware Solution daily samples of malware feeds, *$75/m *$300/m *$850/m malware. Generate guidance and paid paid paid analytics to protect your support monthly monthly monthly network in near real- time.

Service ID Service Name Description Deliverables Price

Intel is raw data shared with clients based on their business. The information is Intel gathered from either the inside or outside the client's infrastructure. The data can be visulized in any SIEM solution or dashboard. Provides feeds on intrusions targeting CPS, SCADA and services used in critical *$250/m paid yearly I1 Industrial Control sectors such as *$300/m paid monthly Systems manufacturing from more than 40 countries Provides intel related to worldwide infections of Internet of Things IoT devices, including *$250 /m paid yearly I2 (IoT) and excluding your *$300/m paid monthly network. Intel extracted from 5 TB of daily data Provide malware feeds of 33000 samples daily. *$50 /m paid yearly I3 Malware Feeds Part of Malware Solution *$75/m paid monthly Logs, feeds, (MS) analytics, raw Provide social media *$50 /m paid yearly I4 Social Media data trends and analytics *$75/m paid monthly Provides near real-time brand protection by *$250 /m paid yearly I5 Deep Web monitoring more than *$300/m paid monthly 400,000 dark web sites Threats (Intrusions, DDoS, Provides threats *$250/m paid yearly I6 Scanning, originating from more *$300/m paid monthly Amplification) than 40 countries. Activities DNS feeds including *$50 /m paid yearly I7 DNS Activities tunneling and DNS *$75/m paid monthly abuse. Cloud Network Network activities based *$50 /m paid yearly I8 Activities on cloud servers. *$75/m paid monthly

- Free Trial: we build our business on trust, offering the option to try our services for free for limited time. During that period, you can have your full money back.

- Lowest Price Guaranteed: we can match any other competitive offer you receive if it fits our service standards.

- Cancellation: you can request to stop your service at anytime, cancellation fees may apply.

- Please note that any software service life cycle includes five phases: analysis, design, deployment, testing and evaluation. Therefore, we require your patience and cooperation at all phases.

- Please note that some services require full collaboration and cooperation with your employees (e.g., IT support, Executives, etc.). Your support is highly appreciated. STEPPA will follow-up on all requests during the life cycle of each phase.

- Prices are subject to change at anytime.

- All prices are in USD, taxes are not included.

- Extra consulting hours are available upon request.

- For more information on our terms and conditions, please check our website at www.steppa.ca

page 10 of 11 Steppa Cyber Inc. Cyber Security Fundamentals

FAQ: How to pay for STEPPA product/service? You can easily pay STEPPA using one one of two following options: Option 1: Wire transfer payment, here is the information needed: - Organization Name: Steppa Cyber Inc. - Bank Name: TD (Toronto-Dominion) Canada Trust - Bank Address: o Street Address: 1201 Laird o City: Ville De Mont-royal, Montreal o Province: Quebec o Postal Code: H3P 2S9 o Country: Canada o Swift Code: TDOMCATTTOR o Account Numbers: 443210045219030 (CAN) or 443210047304237 (USD)

Option 2: Online payment via Credit Card/Paypal, please follow the instructions on our website: steppa.ca

Thank you for your business. If you have any questions concerning payment, please contact:

Steppa Cyber Inc., Phone: +1 514 865 4444, E-mail: [email protected]