WHITE PAPER

The Protection and Operational Benefits of

Agentless Security in Virtual Environments
An Osterman Research White Paper

Published March 2012

SPONSORED BY

SPON

sponsored by

sponsored by
Osterman Research, Inc.
P.O. Box 1058 Black Diamond, Washington 98010-1058 USA
Tel: +1 253 630 5839 Fax: +1 253 458 0934 info@ostermanresearch.com
www.ostermanresearch.com twitter.com/mosterman

The Protection and Operational Benefits of Agentless Security in Virtual Environments

Executive Summary
There are two important trends occurring in the security space that every organization must
address:

Increasing threat levels

Not only is the sheer volume of malware, phishing attempts and other types of security
threats increasing, but also increasing is the risk that affected organizations face from these
potential incursions. The consequences of a successful threat include not only loss of funds,
data and intellectual property; but also regulatory problems that can ensue, such as the
obligation to remediate events like data breaches. As a result, security capabilities must
continually evolve and do so frequently.

A need for greater efficiency

IT departments must manage a growing number of systems, services and data types, both
on-premise and in the cloud. To accommodate this increase in the number of systems and
capabilities that IT must manage, while continuing to become more cost-efficient in the
datacenter, IT organizations must accelerate virtualization and cloud investments, and
ensure that security now works more efficiently within this environment.

The bottom line is that a) security must improve and b) it must operate more efficiently in a
virtualized infrastructure. To accomplish these goals, the ability to deploy agentless security to
the various virtual machines (VMs) on a host physical server can have dramatic impacts on IT
staff efficiency and operational costs, while maintaining a high level of security against the
prevailing threat environment.

KEY TAKEAWAYS
Osterman Research undertook a research program to understand how an agentless security
architecture, as provided by Trend Micro Deep Security, performs among a variety of its
customers and compares to businesses using traditional agent-based security. Our goal was to
understand what customers thought of Deep Security, to determine if it improved operational
efficiency, and to determine if it helped organizations to address their security requirements in a
virtualized environment. Our high-level findings from the research are summarized as follows:

The wide range of server security capabilities from anti-virus to intrusion prevention to
integrity monitoring that are built into Deep Security enable a lower total cost of ownership
by providing security features and functions under a single umbrella from one vendor.

The Deep Security agentless security architecture enables faster provisioning of security
capabilities on new VMs, as well as easier ongoing maintenance.

The agentless virtual patching capabilities of Deep Security reduces the cost and complexity
of keeping systems up to date on the latest patches, allowing organizations to roll out
patches on a more scheduled and systematic basis.

With agentless security, in particular agentless anti-virus, VM density is significantly

improved when compared to agent-based security solutions, resulting in much lower total
cost of ownership.

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

ABOUT THIS WHITE PAPER

This white paper discusses the results of the research program that Osterman Research
undertook to learn more about Deep Securitys capabilities. It was sponsored by Trend Micro,
information about which is included at the end of this white paper.

Virtualization and Its Security Implications

Virtualization has been used for decades, starting first in mainframe environments in the 1960s
and later developed for the x86 platform during the 1990s. More recently, virtualization has
found dramatically increased interest as a result of the push toward the cloud, both public and
private. In addition to the cloud, the convergence of excess capacity in the computing
infrastructure, tightening budgets that require IT departments to do more with less, and the
growing use of Web applications, have all driven the rapid adoption of platforms like VMware
vSphere, as well as virtualization platforms from Microsoft and Citrix. The result has been
growth in the number of offerings that can take advantage of virtualization technologies and
decision makers willingness to embrace them. For example, virtualization is used in every
Fortune 100 company.
The primary drivers for virtualization are:

Consolidation of servers within data centers

Because virtualization permits the deployment of multiple VMs onto a single physical server,
and because virtualization is a key enabler for cloud services, organizations are embracing
virtualization as a way to reduce IT staff costs, reduce power consumption and simplify IT
management.

Performance
VMs can take full advantage of the performance of servers to provide a better backend
experience for services like email or CRM, as well as a better desktop experience in virtual
desktop interface (VDI) environments.

Agility
Virtualization permits more rapid deployment, faster recovery, easier and more flexible
assignment of computing resources to specific tasks, and other advantages, making IT
departments and organizations better able to respond to planned and unplanned events.

VIRTUALIZED ENVIRONMENTS REQUIRE A DIFFERENT SECURITY APPROACH

However, security in a virtualized environment must address the unique threats and
infrastructure considerations of this platform. Security cannot effectively be achieved with
traditional, physical machine approaches, but instead requires virtualization-aware security if
organizations hope to keep their environments as secure as possible. Among the many
challenges associated with virtualized security are the following:

Not only must IT maintain the security of the physical server on which the VMs are
deployed, but they must maintain security on each of the VMs, as well. This adds to ITs
workload and increases the threat exposure for a network.

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

With traditional security, scans or updates are often initiated simultaneously across all VMs
on a host, causing resource contention and performance degradation. Some vendors
suggest randomization or grouping in virtual environments to try to avoid these issues.
However, randomization can take an excessive amount of time to run through a complete
scan or update and is not designed to avoid times of high system usage, while grouping
does not account for the dynamic nature of VMs, requiring reconfiguration if VMs are
migrated or cloned.

VMs are much more subject than physical servers to be out of date and therefore not
updated with the most recent security patches and pattern updates. VMs that lie dormant
for long periods and so are not patched like physical servers or continually active VMs
are quite common in some organizations, such as when specific VM configurations are
created to satisfy particular types of testing or for specific applications and are activated
only occasionally. When these machines are reactivated, they are highly vulnerable to
threats that have already been patched on other VMs and so pose a significant security
threat until they are brought up to date. For example, Intel recommends that Care must
be taken to apply in a timely fashion security patches and configuration changes required by
policy to all VMs, including those that are not running.1

Blind spots can be created when using traditional network security appliances because they
are unable to see the communication between VMs on the same host unless all
communications are routed outside the host machine to this separate appliance. However,
this security configuration introduces significant time lags.

Traditional security models using Security Information and Event Management (SIEM)
systems are not as useful in a VM environment because these systems cannot see inside
VMs.

Other security challenges include: inter-VM traffic which can lead to attacks between VMs
on the same host; hypervisor compromises, such as hyperjacking or guest VM escape; and
mixed trust level workloads in which VMs with high-risk applications might be housed next
to VMs with critical applications and data.

In short, while virtualization offers a number of advantages, it opens up a new set of security
threats that do not exist or are addressed with a different approach in the world of physical
servers.

WHY AGENTLESS SECURITY MAKES SENSE IN A VIRTUAL ENVIRONMENT

Agentless security in a virtual environment involves deploying a dedicated security virtual
appliance on each host physical server. This security virtual appliance integrates with the
hypervisor APIs to communicate and protect each guest VM without requiring a separate
security agent on each VM. The security virtual appliance coordinates and staggers scans and
updates to ensure that all active, dormant, and reactivated VMs have up-to-date security while
also preserving resources. The advantages of this approach are several:

http://communities.intel.com/servlet/JiveServlet/previewBody/3833-102-1-6269/VT%20Security%20Whitepaper_final.pdf

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

Traditional security solutions in which an agent is applied to each VM require significant

amounts of IT labor to manage. As in physical environments, each machine must have a
security agent installed, patched, updated and otherwise managed. In an environment in
which many tens of VMs may run on a single physical server, this is a cumbersome and
expensive process. And this issue is exacerbated when multiple security solutions are
deployed across VMs, requiring several agents. With a security virtual appliance, multiple
types of server security can be combined in one solution, such as anti-virus, intrusion
prevention, integrity monitoring, and more. Moreover, this integrated protection can be
deployed using an agentless approach that eliminates the burden of security agents on
guest VMs.

Agent-based security installed on each VM does not get around the problem of dormant
machines with out-of-date security being reactivated and therefore becoming a security
threat until they are brought up to date. Properly architected agentless security systems,
on the other hand, can coordinate security updates across active, dormant, cloned, and
reactivated VMs, ensuring that they always have up-to-date security.

Agentless security requires much less virtual system resources (CPU, memory and disk)
compared to traditional agent-based solutions on each VM. Resource-intensive operations,
such as full system scans, are run from the separate security virtual appliance. And
coordinating and staggering scans across guest VMs helps to preserve resources, avoiding
resource contention issues, such as anti-virus storms. This results not only in better
performance of the physical host on which the VMs run, but also much higher VM density
better supporting one of the primary benefits of virtualization.

Improving Security and Operational Efficiency

ABOUT THE RESEARCH CONDUCTED FOR THIS WHITE PAPER
To understand more about the security and operational benefits of agentless security and
virtual patching using Trend Micro Deep Security, Osterman Research conducted in-depth
interviews with a number of Deep Security customers across a range of industries and
organization sizes. In addition, we also conducted a separate research program focused on
agent-based security processes in order to provide comparative data with Deep Security. The
goal of this research was two-fold:

To understand the before picture in these organizations: how their security infrastructure
was managed prior to the deployment of Deep Security and what prompted these
organizations to seek a more comprehensive and easier-to-manage server security
capability.

To understand the after picture: how Deep Security has helped organizations to
accomplish their security objectives and to determine if these organizations expectations
have been met.

The interviews for this white paper were conducted during August and September 2011.

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

KEY BENEFITS UNCOVERED IN THE RESEARCH

Our research uncovered a number of important benefits that Deep Security-enabled
organizations have experienced:

Time savings for initial deployment

One of the fundamental advantages of an agentless security approach is the ability to avoid
deploying security agents on every VM in an environment. Our research found that the
initial deployment effort with Deep Security took some effort, often because of problems
with corrupt databases on agent-based systems or other issues had to be rectified before
Deep Security was installed. Even so, the effort required to deploy Deep Security was
comparable to setup times encountered with individual agent-based solutions: a food
processing company with whom we spoke, for example, initially required only 10 hours to
deploy Deep Security with vShield Endpoint on 16 VMs with another four hours to fully
document the environment an average of only 53 minutes per VM for the very first
deployment of Deep Security.
Where Deep Security saves significant setup time is when customers need to install multiple
separate point security solutions for example, for separate solutions such as anti-virus,
host firewall, host IPS, and integrity monitoring. By providing these technologies in a single
integrated virtual appliance, Deep Security reduces overall setup time relative to other
market alternatives that deploy multiple agent-based solutions, as shown in the following
table.

TABLE 1
Sample Anticipated Savings in Initial Install/Setup Time with Deep Security
Agent-Based
Deep
Activity
Security
Security
Install/setup time for agent-based AV on email servers
44 min
Install/setup time for an agent-based host firewall
38 min
Install/setup time for agent-based host IDS/IPS
40 min
53 min
Install/setup time for agent-based file-integrity monitoring
32 min
Install/setup time for agent-based log inspection
28 min
TOTAL MINUTES REQUIRED PER SERVER
182 min
53 min
SERVERS DEPLOYED PER YEAR*
20
SALARY FOR IT LABOR ($80,000/year)
$38.46/hour
TOTAL COST
$2,333
$679
INITIAL INSTALL/SETUP SAVINGS WITH DEEP SECURITY
$1,654
* Note that these savings are based on a conservative estimate of 20 servers deployed per year.
Many organizations will have considerably more servers, which will result in higher savings.

Faster deployment on new VMs

After the initial deployment and working through the problems that existed with the
previous environments, however, standing up new VMs is extremely fast. Without
exception, our research found that Deep Security permitted easier on-going management of
security provisioning for new VMs. Some organizations had to do provisioning frequently,
such as a food processing company that must provision roughly 200 new VMs per quarter,
down to some organizations that perform this activity only a few times per quarter.

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

Our research found that provisioning with Deep Security requires little or no extra time per
new VM, offering substantial savings over what organizations have found in their previous
security environments. Below are examples of how quickly organizations were able to
provision new VMs when not hindered by their security solutions:
o

A Canadian firm found that provisioning a new VM requires only two minutes compared
to 15 minutes with their previous security solution.

A Turkish steel manufacturer can provision a new VM in less than five minutes.

A US food processing company requires only 2-3 minutes to provision on a new VM.

The reduced amount of time for provisioning can result in significant cost savings for an
organization. For example, lets assume that 200 new VMs will be configured each quarter
and, using the Canadian firms experience, this will result in a total time investment per
quarter of six hours 40 minutes (200 machines x 2 minutes per machine). With their
previous security solution, this would have required 50 hours (200 machines x 15 minutes
per machine). Assuming a fully burdened annual salary for an IT staff member of $80,000,
this translates to an annual cost savings of $6,667 and 173 IT staff-hours a significant
savings for a single aspect of managing VMs. This data is converted into savings per 1,000
users in the table below.
Moreover, and almost without exception, the companies we interviewed told us that it is
easier to provide ongoing management for agentless security on existing VMs with Deep
Security, resulting in further cost savings. Sample anticipated savings from Deep Security in
terms of the time required for ongoing management is shown in the following table.
TABLE 2
Sample Anticipated Savings in Ongoing Management with Deep Security
Calculations per 1,000 Users

Activity
Provisioning of new VMs introduced after initial install in hours per
month per 1,000 users
Reconfiguration of security due to VM migration and load balancing
in hours per month per 1,000 users
Manual administration of pattern updates in hours per month per
1,000 users
TOTAL HOURS REQUIRED PER YEAR PER 1,000 USERS
SALARY FOR IT LABOR ($80,000/year)
TOTAL COST PER 1,000 USERS
ANNUAL MANAGEMENT SAVINGS WITH DEEP SECURITY

Agent-Based
Security

Deep
Security

5.8

0.8

6.8

0.9

2.6

0.3

182.4
24.0
$38.46/hour
$7,015
$923
$6,092

Patching is significantly easier

Patching is a critical issue when comparing agentless and agent-based security solutions.
For example, as noted earlier, when a VM that uses agent-based security is offline it will not
be updated with the latest patches, making it vulnerable to security threats when it is

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

brought back online the longer it is offline, the more vulnerable it is. However, with a
dedicated security appliance, virtual patching can be applied to active, dormant, cloned or
reactivated virtual machines. Virtual patching shields vulnerabilities before they can be
exploited. This eliminates emergency patching, frequent patch cycles, and costly system
downtime, saving on administrative time and costs and protecting critical systems,
applications, and data.
Our research found that patching using Deep Security is generally easier when compared to
previous environments. For example, one interview subject told us, client patch updates
[in their previous environment] were not as streamlined as with Deep Security. Another
interviewee told us that the virtual patching in Deep Security, has been the single biggest
benefit they have experienced with the solution. With their normal patch process in
Windows, they had to schedule downtime to perform the patching, typically between
2:00am and 4:00am on a Sunday morning. Now, IT simply sets up the patch and runs it
whenever its convenient, perhaps every 90 days. This can result in enormous revenue
savings, such as in the case of a retailer that is selling products through its Web site on a
24x7 basis.
Organizations can spend up to one third of their time on patch management in conventional
environments, including patching servers, desktops, laptops, and other endpoint devices.
Add this to costly downtime, and patching in conventional environments can be very
expensive. Instead, virtual patching with Deep Security can save organizations a
considerable amount while also ensuring that their critical systems, applications, and data
remain safe.

Improved VM density
Another important benefit of Deep Security is its ability to provide higher VM density. For
example, one interviewee told us the following about their VDI efforts, our primary reason
for moving to Deep Security was to increase our VM guest density per ESX host. We went
from 50 to 80 guest VMs per host, which essentially paid for the upgradeand gave us
better performance than using traditional agent-based AV for the VMs.
The increase in machine density is one of the most important benefits of Deep Security.
Using the example above going from 50 to 80 VDI images per host the cost savings
provided by the increase in density alone would be 35%, as shown in the table below.
The following table shows a sample of the savings that can be achieved with VDI density
improvements based on that achieved by a Deep Security customer. Potentially higher
savings can be attained depending on a companys VDI deployment. And additional VM
density improvements can be reached with server deployments in addition to VDI.

2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

TABLE 3
Anticipated Savings through VM Density Improvement for VDI Efforts

Activity
Number of VMs supported per host
Total VMs
Total physical hosts required
CAPEX cost per physical host (2 CPU, 2 Core)*
OPEX cost per physical host per year (power, cooling, and rack space per 2
CPU 2 Core)*
TOTAL CAPEX COST OVER THREE YEARS
TOTAL OPEX COST OVER THREE YEARS
TOTAL THREE-YEAR COST
TOTAL THREE-YEAR SAVINGS FROM IMPROVED VM DENSITY
THREE-YEAR SAVINGS FROM IMPROVED DENSITY PER VM
* The CAPEX and OPEX cost estimates are based on figures from VMware.

Agent-Based
Deep
Security
Security
50
80
1,000
20
13
$8,954
$8,954
$1,050

$1,050

$179,080
$116,402
$63,000
$40,950
$242,080
$157,352
$84,728
$84.73

SUMMARIZING THE BENEFITS

Using agentless security in Trend Micro Deep Security provides savings across the deployment
and use of the product, including installation, ongoing management, VM patching, and VM
density improvements. These savings estimates in the tables above were based on input from
current Deep Security customers. Actual savings will vary based on many factors, one of the
most significant factors being the degree of virtualization. However, regardless of the extent of
virtualization, all customers interviewed experienced operational benefits and cost savings using
Trend Micro Deep Security.
A comparison of agent-based and agentless security is shown in the following table.
TABLE 4
Comparison of Agent-Based and Agentless Security
Parameter

Initial deployment

On-going deployment to new VMs

Patching

VM density

2012 Osterman Research, Inc.

Agent-Based Security
Variable. More time is needed when
several point products are installed
across VMs.
Can be time-consuming, particularly
in environments with large numbers
of VMs.
Slow, requires scheduled downtime
to perform patching. Requires
significant IT effort to accomplish.
Networks are vulnerable to security
threats during gap created between
VM instantiation and patches. Can
spike server resources.
Modest because of significant
processor horsepower required.

Agentless Security
Can require several hours of effort,
largely to correct corruption and
other problems in the previous
environment, but saves time with
multiple security modules integrated
into one solution.
Very fast: as little as 2-3 minutes per
VM.
Very fast, can be accomplished with
no downtime. Little IT effort
required to accomplish. No gaps
exist when dormant VMs are
activated.
Much higher because processors do
not have to run multiple security
agents on each guest VM.
8

The Protection and Operational Benefits of Agentless Security in Virtual Environments

OTHER BENEFITS OF DEEP SECURITY

A single console simplifies management

Almost without exception, interviewees told us that having a single console in Deep Security
has simplified management of their security infrastructure. For example, one interviewee
told us that the single console has been a great benefit when compared to their previous
environment that required the use of three or four separate tools one for the technicians,
one for the Windows administrators, etc.

Wide range of features

One of the fundamental advantages of Deep Security is the wide range of features it offers
across physical, virtual, and cloud environments, including firewall, intrusion detection and
prevention, Web application protection, application control, integrity monitoring, log
inspection and other capabilities. Our research, which was focused more on in-depth
anecdotal analysis, suggests that most Deep Security customers are using only a fraction of
the total capabilities available in the offering. This suggests that as these organizations roll
out more features of Deep Security as their virtual environments expand, more of the
functions currently being managed by competing products will be shifted to management
under Deep Security. This will likely result in lower total cost of ownership for functions as
a) fewer vendors will ultimately be used to manage security capabilities, and b) there will be
fewer vendors to contact if issues arise in the future. This is consistent with other Osterman
Research surveys that have found most organizations wanting to consolidate security under
a single vendor for purposes of increased efficiency and lower cost.

Recommendations for Deep Security

Interviewees provided some additional insight into their experience with Deep Security
when asked if they would recommend the solution to others particularly telling was the
fact that every individual with whom we spoke would recommend Deep Security:
o

Agentless AV is a great improvement on resident solutions as there is always a concern

that installing components may have an effect on the server configuration at a software
level and from a performance level.

We would definitely recommend Deep Securityits a package of compliance tools in a

single environment and helped us roll out a new environment that needed PCI
compliance in the context of IPS, host firewall capabilities, etc.

We would absolutely recommend Deep Security we dont know of any other products
that can provide integrated server security.

Summary
Deep Security is a comprehensive package of security tools that offers a wide range of features,
functions and deployment models. Our research with Deep Security customers clearly indicates
that it makes security provisioning on VMs easier and faster, makes patching simpler, improves
VM density, and simplifies management. These benefits result in lower overall security costs
and dramatic improvements in IT staff efficiency.
2012 Osterman Research, Inc.

The Protection and Operational Benefits of Agentless Security in Virtual Environments

About Trend Micro

ABOUT DEEP SECURITY
Trend Micro Deep Security is a comprehensive, adaptive, and highly efficient server security
platform that protects enterprise applications and data from breaches and business disruptions
without expensive emergency patching. Tightly integrated modules easily expand the platform
to ensure server, application, and data security across physical, virtual, and cloud servers, as
well as virtual desktops. Choose from agentless and agent-based protection, including antimalware, intrusion detection and prevention, firewall, web application protection, integrity
monitoring, and log inspection. This comprehensive server security platform helps you simplify
security operations while enabling regulatory compliance and accelerating the ROI of
virtualization and cloud projects.

ABOUT TREND MICRO

As a global leader in cloud security, Trend Micro develops Internet content security and threat
management solutions that make the world safe for businesses and consumers to exchange
digital information. With over 20 years of experience, Trend Micro is recognized as the market
leader in server security for delivering top-ranked client, server, and cloud-based data
protection solutions that stop threats faster and protect data in physical, virtualized, and cloud
environments.
Since its inception in 1988, Trend Micro has pioneered innovative technologies and services that
protect users against threats on new and emerging platforms and devices. As the newest
platform change, cloud computing, revolutionizes the way people share and make access to
digital information, Trend Micro is prepared. By extending Trend Micro security to virtualized
and cloud-computing environments, businesses and consumers can securely take advantage of
new technologies in the public or private cloud.
Powered by the industry-leading Trend Micro Smart Protection Network cloud security
infrastructure, Trend Micros solutions stop threats in the cloud, delivering proactive protection
faster than any other security vendor. Test results confirm the effectiveness of Trend Micros
security from the cloud, with Smart Protection Network-powered solutions blocking over 4
billion threats daily for customers worldwide.
Trend Micro delivers timely threat intelligence, service, and support to its global customer base
and defends tens of millions of customers round-the-clock through TrendLabsSM a worldwide
network of threat research and product service and support centers. As new threats and
vulnerabilities emerge, Trend Micro remains committed to timely threat intelligence and ongoing
innovation to help customers secure data, ensure compliance, reduce costs, and safeguard
business integrity.
By providing security from the cloud with our industry-leading Trend Micro Smart Protection,
Network and security for the cloud with our server, data storage and encryption
technologies, Trend Micro is the best choice for Securing Your Journey to the Cloud.

2012 Osterman Research, Inc.

10

The Protection and Operational Benefits of Agentless Security in Virtual Environments

Appendix
CURRENT ENVIRONMENTS PROTECTED WITH DEEP SECURITY
The infrastructures about which we interviewed were varied as shown by the following
examples:
TABLE A
Sample Organizations Interviewed for the Research
Organization
Healthcare company in the southeast US

Dutch retailing group with worldwide

operations
Canadian provider of insurance and
related services
Turkish university
Turkish steel manufacturer
US-based food processing company

Environment
33 physical VMware ESX host servers running 431 virtual
servers, 4,000 PCs, Windows 7 virtual desktop being rolled
out at physician sites
Using Deep Security primarily to meet requirements for file
integrity monitoring and host-based intrusion protection in a
heavily regulated environment
Operating 45 VMs on three VMware ESX host servers
Running 60+ VMs in a VMware vSphere 4 cluster with four
hosts
Running 10 VMs
Running 800 virtual desktops on 10 physical VMware ESX
host servers

The environments about which we interviewed ranged from small server deployments to large
datacenters. They were quite heterogeneous and are using a number of other solutions beyond
those offered by Trend Micro.

2012 Osterman Research, Inc. All rights reserved.

No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of
Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior
written authorization of Osterman Research, Inc.
Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document
or any software product or other offering referenced herein serve as a substitute for the readers compliance with any laws
(including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively,
Laws)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws
referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the
information contained in this document.
THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS,
CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL.

2012 Osterman Research, Inc.

11