ANNOUNCEMENT

Online
Cybereason Partner Agreement

This Cybereason Partner Agreement is a legal agreement between the entity entering into this Agreement (“Partner”) and Cybereason Inc., a Delaware corporation with offices located at 200 Clarendon Street, Boston, MA 02116 USA (“Cybereason”) (each a “Party” or collectively the “Parties”). 

BY CLICKING “I ACCEPT,” THE INDIVIDUAL ACCPETING THESE TERMS (“YOU”) REPRESENT THAT (I) YOU HAVE THE AUTHORITY TO LEGALLY BIND PARTNER TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, (II) YOU HAVE READ THESE TERMS AND CONDITIONS, AND (III) YOU HEREBY AGREE ON BEHALF OF PARTNER TO COMPLY WITH AND BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. SUBJECT TO THE WRITTEN NOTIFICATION OF CYBEREASON EXPRESSLY APPROVING PARTNER AS AN AUTHORIZED PARTNER OF CYBEREASON, THIS AGREEMENT SHALL BECOME EFFECTIVE ON THE DATE YOU CLICK “I ACCEPT.” 

In consideration of the promises and the mutual agreements set forth herein, and intending to be legally bound, the parties hereby agree as follows:

1. Definitions
1.1 “Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a Party. For purposes herein, “control” means ownership, directly or indirectly, of more than fifty percent (50%) of the voting shares or other equity interest in an entity. 

1.2 “Anti-Corruption Laws” means: (i) the U.S. Foreign Corrupt Practice Act, (ii) the UK Bribery Act 2010, and (iii) any anti-bribery or anti-corruption provisions in the criminal, anti-competition, anti-bribery, anti-money laundering and/or anti-corruption laws of the Territory and the jurisdictions in which each of the Parties to this Agreement operate, together with any amending, consolidating or successor legislation or case law which has effect from time to time in the relevant jurisdiction.

1.3 “Business Partner Code of Conduct” means the Cybereason Business Partner Code of Conduct, as may be amended from time to time, available at https://www.cybereason.com/business-partner-code-of-conduct.

1.4 “Capacity Addendum” means an addendum describing the relevant capacity and the terms and conditions applicable to said capacity as set out in the exhibits hereto.

1.5 “Confidential Information” means, any information, data or knowledge of any kind and in any form and however disclosed, presented or displayed, by a Party hereto and/or any of its affiliates (“Disclosing Party”) to the other Party (the “Receiving Party”) and which is not generally available to the public, including technology, products and services (and any related documentation), computer programs, business information, trade-secrets, methodology, know-how, marketing and other commercial/financial knowledge, techniques, specifications, plans and other proprietary information. Confidential Information shall not include information which the Receiving Party or its Representatives can demonstrate (a) is in or comes into the public domain without fault on the part of the Receiving Party or any of its Representatives; (b) was lawfully known to it prior to its disclosure by the Disclosing Party; (c) is disclosed to the Receiving Party or its Representatives by a third party without breaching of any duty of confidentiality; (d) was independently developed without reference to the Confidential Information; (e) is made available to third parties by the Disclosing Party without restriction on the disclosure of such information; or (f) is approved by the Disclosing Party for release in writing.

1.6 “Documentation” shall mean the documentation, technical specifications and material pertaining to the Offering provided by Cybereason to Partner for use in conjunction with the Offering. For the avoidance of doubt, Documentation does not include marketing materials or other information or communications.

1.7 “End User” means an individual or entity receiving products or services from and/or via the Partner based on the Offering.

1.8 “End User Agreement” means the form of Cybereason End User Agreement available at https://www.cybereason.com/mlsa as may be amended from time to time by the Cybereason or other similar agreement approved by Cybereason.

1.9 “Export Controls and Economic Sanctions Laws” means all export control, economic or financial sanctions, and trade embargo laws, regulations, orders, directives and other legal requirements applicable to Cybereason, Partner, and/or any Targets, including but not limited to those administered and enforced from time to time by (a) the U.S. government, including the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, or the U.S. Department of Commerce, (b) the United Nations, (c) the European Union (“EU”), (d) the state of Israel, (e) HM Treasury of the United Kingdom, or (f) the government of any other country or territory in which Cybereason, Partner, or any Target conducts or in the past have conducted business, directly or indirectly.

1.10 “Intellectual Property Rights” means all patents, patent rights, copyrights, mask work rights, moral rights, rights of publicity, trademark, trade dress and service mark rights, goodwill, trade secrets, trade secret rights and other intellectual property rights, Cybereason Partner Agreement – Online Version- April 2023 as may now exist or hereafter come into existence, and all applications therefor and registrations, renewals and extensions thereof, under the laws of any state, country, territory or other jurisdiction.

1.11 “Offering” means any software, software as a service, any other service provided by Cybereason and any related Documentation.

1.12 “Partner Program” means Cybereason’s program applicable to its partners as set out in the Partner Portal, as may be amended from time to time, and which may include, inter alia, matters such as partner tiers, goals and requirements, details of the Offerings, pricing, deal registration process, and additional partner benefits and obligations.

1.13 “Partner Portal” means the portal located at https://cybereason.force.com/partnercommunity/login (or any other URL as 
Cybereason may advise from time to time).

1.14 “Prohibited Person” means any individual or entity that is (i) on the U.S. Department of Commerce’s Denied Persons List, Entity List, Unverified List or affiliated lists, (ii) on the OFAC Specially Designated Nationals and Blocked Persons List on Consolidated Sanctions List, (iii) on the U.S. Department of State’s Debarred List or Nonproliferation List, (iv) located, resident, or organized in jurisdictions subject to U.S. and/or other applicable territorial sanctions (collectively “Prohibited Jurisdictions”; as of the date of this Agreement, such jurisdictions include, without limitation, Cuba, Iran, Iraq, Lebanon, Libya, North Korea, Sudan, Syria, Venezuela, Yemen and the Regions of Crimea, Donetsk and Luhansk (Ukraine), (v) any entity, regardless of location, that is owned or controlled by a government of any Prohibited Jurisdiction, or (vi) otherwise the targets of any Export Controls and Economic Sanctions Laws such that dealings with such individual or entity by the Cybereason, Partner, or any Target would be prohibited.

1.15 "Representatives" of a Party shall mean such Party’s directors, officers, employees, consultants, agents or advisers (which shall not include a competitor of the Disclosing Party) and any other person that the Disclosing Party has authorized the Receiving Party to disclose the Confidential Information to.

1.16 “Target” means any individual, partner, corporation or other legal entity to which Cybereason’s products or services are promoted, marketed or planned to be marketed.

1.17 “Territory” means the geographic region or territory expressly authorized by Cybereason and notified to Partner in writing. 

2. Appointment of Partner; Purchases

2.1 During the term of this Agreement, the Partner may act in the specific capacity approved by Cybereason in writing, in the relevant Territory, subject to the provisions of this Agreement, the relevant applicable Capacity Addendum (as set out in the exhibits hereto), and the Partner Program. For the avoidance of doubt, Cybereason may agree to approve more than one specific capacity for Partner. Notwithstanding the above, Cybereason retains the full and complete right to license, sublicense, assign, market and/or otherwise distribute, directly or indirectly through third parties, the Offering or any part thereof, throughout the world.

2.2 Partner shall issue a written purchase orders to Cybereason for all orders placed for an Offering. No purchase order shall provide for a delivery date sooner than Cybereason’s applicable lead-time for the Offering ordered unless approved in writing by Cybereason. Cybereason shall have the right, within its sole discretion, to accept or reject any orders, and no purchase order shall be binding upon Cybereason unless accepted by Cybereason. Each purchase order will set forth, at a minimum, the following (i) the name and address of the End User, (ii) the number or type of package of Offering(s) being purchased (including the number of endpoints) and under which Capacity Addendum, (iii) the countries and locations where the Offerings(s) are to be installed, (iv) requested delivery dates, (v) requested ship to location(s), (vi) billing address, (vii) reference to this Agreement and/or the quotation under which the purchase order is issued, (viii) an email contact address of Partner for billing purposes, and (ix) any other reasonable information required by Cybereason. Purchase orders shall constitute firm purchase obligations on behalf of Partner.

2.3 Except as expressly provided in this Agreement, and subject to the warranty provisions of this Agreement or the End User Agreement, as applicable, neither Partner nor End User shall be entitled to return and/or exchange any Offering, nor shall they be entitled to receive any refunds with respect to any such Offering for any reason.

2.4 The terms and conditions of this Agreement shall exclusively govern the purchase and supply of the Offering under this Agreement and shall override any conflicting, amending and/or additional terms contained in Partner’s purchase order, provided that in case of any conflict or inconsistency with the provisions contained herein and those in the End User Agreement, the latter shall govern.

2.5 Subject to the terms and conditions of this Agreement, Partner is authorized to access and use the Offering, on a nonexclusive, nonsublicensable (unless specifically authorized in a Capacity Addendum), nontransferable basis, solely for the purpose of:

(i) demonstrating the Offering to prospective End Users, and (ii) providing training in the use of the Offering to Partner’s employees and End Users. Partner may only demonstrate the Offering once with respect to any potential End User, and any demonstration of the Offering shall expire with respect to each potential End User after thirty (30) days from its first use with respect to such potential End User, unless otherwise approved by Cybereason. Furthermore, without derogating from any other Cybereason Partner Agreement – Online Version- April 2023 provision hereof and notwithstanding anything contained in this Agreement to the contrary, the demonstration Offering is provided “AS IS” and Cybereason shall not be liable for any damage and/or loss, of any kind whatsoever, arising from and/or related to the demonstration of the Offering.

2.6 Partnershall provide prompt written notification of any suggestions, comments, complaints or other feedback about the Offering and/or Cybereason’s Confidential Information (“Feedback”) that are made by End Users or Partner’s prospective End Users, or that originate with Partner, and of any problems with the Offering or its use of which Partner becomes aware. Such written notification shall be the property of Cybereason, and shall be considered Cybereason’s Confidential Information hereunder. Partner hereby grants, on behalf of itself and its End Users and prospective End Users, to Cybereason a worldwide, irrevocable, non-exclusive, royalty-free, fully paid, perpetual, sub-licensable and transferable license to use, disclose, reproduce, distribute, publicly display, exploit and prepare derivative works of the Feedback or any part thereof, and Partner hereby waives on its and their behalves, any moral rights in the Feedback, to the extent permitted by law.

2.7 Cybereason shall have the right to make modifications to the Offering and Cybereason’s Confidential Information at any time.

2.8 Partner Affiliates that have been approved by Cybereason’s compliance department may place purchase orders subject to the terms of this Agreement, provided that Partner is responsible for ensuring such Affiliate’s compliance with the terms of this Agreement and shall be responsible for any breach of the terms hereof by any such Affiliate.

3. Prices and Payment Terms

3.1 Prices for the Offerings are set out in the Partner Program. Unless otherwise agreed between the Parties in writing, amounts dueshall be invoiced by Cybereason upon execution of the applicable purchase order and shall be paid by Partner to Cybereason in USD within thirty (30) days of the invoice date. If any fees payable by an End User to Partner is payable in installments, such installment methodology is for the convenience of the End User only, and the full amount of the fees payable by Partner to Cybereason with respect to such End User is acknowledged as fully earned by Cybereason’s acceptance of a purchase order with respect to such End User and such amounts shall be payable by Partner as set out above unless otherwise agreed between the Parties in writing. Partner is obligated to pay the applicable fees set out in the purchase order by the above due date regardless of whether it has received payment from the End User. Such fees payable by Partner constitute the agreed consideration for Cybereason’s authorized access to and use of the Offering and the provisions of the Offering to an End User.

3.2 All prices are exclusive of shipping, insurance and installation charges, all of which are Partner’s sole responsibility. All prices are exclusive of all sales, use, excise, value added, withholding and other taxes, and all customs duties and tariffs now or hereafter claimed or imposed by any governmental authority upon the sale or license of the Offering. Any such taxes, duties or tariffs will be added to the price or subsequently invoiced to the Partner. In the event Cybereason is required to pay any such tax, duty, tariff or any such charge, Partner will promptly reimburse Cybereason therefor on an after-tax basis. Any taxes or levies based on the income, revenue or profits of Cybereason in Cybereason’s country of incorporation will be paid by Cybereason and will not be reimbursed by or recharged to Partner.

3.3 Any amounts not paid when due may accrue, at Cybereason’s election, interest at the rate of 1.5% per month, or the maximum amount allowed by law, if lower. Each accepted purchase order is a separate, independent transaction, and Partner has no right of setoff, offset, deduction, counterclaim, reduction, recoupment or other charge against other purchase orders or other transactions with Cybereason. Unless otherwise agreed between the Parties in writing, no discounts for prepayment are authorized.

3.4 For the avoidance of any doubt, it is hereby clarified that Cybereason shall not be required to pay any fees, or other remuneration to Partner in consideration for any of Partner’s marketing, promotion, or other services or activities relating to the Offerings.

4. Proprietary Rights

4.1 Title to and ownership of the Offering and Cybereason’s Confidential Information, and any improved, updated, modified or additional parts thereof, and all copyright, patent, trade secret, trademark and other Intellectual Property Rights embodiedtherein or related to the Offering and/or the Cybereason’s Confidential Information, shall at all times remain the property of Cybereason or Cybereason’s licensors. The use by Partner of of the Offering and Cybereason’s Confidential Information is authorized only for the purposes herein set forth and upon termination of this Agreement for any reason, such authorization will cease. Partner hereby undertakes to keep the Offering and Cybereason’s Confidential Information free and clear of all claims, liens and encumbrances and not to sell, assign, transfer, encumber or dispose of in any way any such Offering or Cybereason’s Confidential Information except as explicitly permitted under this Agreement.

4.2 Partner shall not and shall not cause or permit others to (i) copy, modify, sublicense, sell, distribute, transfer, tamper with, reverse engineer, disassemble or decompile the Offerings or any part thereof or otherwise attempt to derive or obtain the source code of the Offerings or any part thereof; (ii) modify, improve or make derivative works incorporating the Offerings or any part thereof, nor use the Offerings or any part thereof as part of a service bureau, or to provide commercial, rental or sharing 

Cybereason Partner Agreement – Online Version- April 2023 arrangements for the benefit of any third party; (iii) remove and/or alter any copyright notices, trademark, logo or other proprietary or restrictive notice or legend affixed to, contained or included in, the Offerings and/or (iv) use or provide access to the Offerings to any Cybereason competitor and/or for any purposes competitive to Cybereason including creating or developing competitive intelligence software or services based in part or in whole on data provided by Cybereason, or causing or allowing any End-User, third party, agent or other designee to do so; (v) perform any benchmarking of the Offerings (save for in the course of performing an evaluation of the Offerings authorized by Cybereason), or use or disclose the results of any testing or benchmarking of the Offerings to any third party; (vi) disparage Cybereason, the Offering or other products or services of the Cybereason (vii) disclose any competitive information to any third party (viii) engage in any unethical practices with respect to its dealing with End-Users (ix) use any feature of the Offering for any purpose other than in the performance of, and in accordance with, this Agreement; (x) use the Offerings in any application that involves risk of death, personal injury, or severe property or environmental damage, or in any life support applications, devices or systems except as explicitly approved in writing by Cybereason’s Chief Executive Officer. Furthermore, Partner shall comply with all applicable laws, including data protection and privacy laws, and shall not send or cause to be sent any unsolicited email, including without limitation newsgroup postings4.3 Partner may use the Offering names of Cybereason in Partner’s advertising and promotional media used for marketing the Offering, provided (i) that Partner conspicuously indicates in all such media that such names are trademarks of Cybereason and its licensors and (ii) that Partner submits all such media to Cybereason for prior approval in its reasonable discretion.

ANY USE OF THE CYBEREASON TRADEMARKS (AS DEFINED IN CYBEREASON’S EXTERNAL BRAND GUIDELINES) IS SUBJECT TO 
CYBEREASON’S EXTERNAL BRAND GUIDELINES, LOCATED AT: https://www.cybereason.com/external-brand-guidelines

Partner shall not remove and/or alter any copyright notices, trademark, logo or other proprietary or restrictive notice (hereinafter, collectively “Proprietary Notices”) or legend affixed to, contained or included in, the Offering or Cybereason’s Confidential Information and Partner shall reproduce and copy all such Proprietary Notices on all copies of the Offering and Cybereason’s Confidential Information, if applicable, or any part thereof, made pursuant and subject to the terms of this Agreement. Upon termination of this Agreement for any reason, Partner will immediately cease all use of the Offering names and, at Cybereason’s election, destroy or deliver to Cybereason all materials in Partner’s control or possession which bear such names, including any sales literature. Partner will not challenge Cybereason’s ownership of its patents or any Intellectual Property Rights claimed by Cybereason or its licensors in its trademarks, trade names or logos, or use any trademark, trade name or logo which might be confusingly similar to Cybereason’s trademark, trade name or logo.

5. Partner’s Responsibilities
5.1 Partner may register an opportunity in accordance with Cybereason’s deal registration policy set out at https://nest.cybereason.com/resource-documents/cybereason-deal-registration-policy. 

5.2 Partner will, at all times, conduct its business in a professional manner which will favorably reflect upon Cybereason. Partnershall at all times comply with good business practices and all applicable laws and regulations relevant to this Agreement and the subject matter hereof. Partner shall at all times maintain whatever organization and resources that are necessary for the performance of its obligations pursuant to the terms of this Agreement.

5.3 Partner shall advise each End User of the appropriate operating systems, operating environment, licenses, application server licenses, web server licenses and the hardware required for the installation and operation of the Offering.

5.4 Partnershall use commercially reasonable efforts to market and promote the Offering in the Territory. These efforts may include, without limitation, the use of mailings, telemarketing programs, advertising, seminars, other customary marketing techniques and collaboration with Cybereason. Partner further agrees to place Cybereason’s logo on the partner section of Partner’s corporate Website in equal to or greater position as other vendor logos if the partner supports a corporate Website.

5.5 Unless Partner is allowed to sublicense the Offerings (as set out in the relevant Capacity Addendum and/or as approved by Cybereason in writing), Partner shall ensure that Targets that wish to evaluate the Offering shall enter an End User Agreement(and if such evaluation is by way of an on premises deployment or the Offering is installed by the Partner, then Partner shall provide Cybereason with a copy of the End User Agreement executed by the End User). Unless otherwise agreed, Partner shall ensure that each End User that evaluates the Offering to complete its evaluation within a thirty (30) day period, provided that such period may be extended with Cybereason’s prior written consent, after which time Cybereason shall be entitled to deactivate such End User’s evaluation license to the Offering.

5.6 Partner shall (i) provide truthful and complete documentation supporting, in reasonable detail, the work performed and any expenses incurred in connection with this Agreement; (ii) maintain true, accurate, and complete records related to work performed and any expenses incurred under this Agreement; and (iii) retain such records for a period of five (5) years following the termination of this Agreement. Partner shall maintain an accurate and complete list of all End Users to whom Partner markets and promotes Cybereason’s products and services, including the names, contact and addresses of each End User and shall provide the same to Cybereason upon its request. 

Cybereason Partner Agreement – Online Version- April 2023

6. Delivery
Cybereason shall use commercially reasonable efforts to meet the agreed delivery/make available date for the Offering. The time period of delays and holds resulting from Partner or End User activity or omission may extend the agreed date but shall not affect the commencement and end dates of any agreed term. Any partial activations or installations delivered by Cybereason may be invoiced separately. No part of any fees payable by Partner to Cybereason shall be subject to deduction, offset, setoff, counterclaim or reduction, recoupment or other charge as a result of any such delay, hold or extension.

7. Acceptance
The Offering shall be deemed accepted once the software is available for download and the instance is provisioned. Partner must provide written notice to Cybereason within thirty (30) days of such time in the event that the Offering does not conform to the purchase order.

8. Warranty and Limitation of Liability

8.1 EXCEPT FOR THE WARRANTY TO THE END USER SET FORTH IN THE END USER AGREEMENT, CYBEREASON PROVIDES THE OFFERING AND CYBEREASON’S CONFIDENTIAL INFORMATION “AS IS” AND MAKES NO WARRANTIES WITH RESPECT TO SAME AND DISCLAIMS ALL IMPLIED WARRANTIES WITH RESPECT TO THE OFFERING AND THE CYBEREASON’S CONFIDENTIAL INFORMATION, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF THIRD PARTY RIGHTS, EFFECTIVENESS, USEFULNESS, RELIABILITY OR ARISING FROM A COURSE OF DEALING OR USAGE OF TRADE.

8.2 IN NO EVENT SHALL CYBEREASON AND/OR ITS LICENSORS OR OTHER PARTNERS BE LIABLE TO PARTNER, END USER OR ANY THIRD PARTY FOR ANY INCIDENTAL, INDIRECT, PUNITIVE, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES, OR FOR COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES, LOST PROFITS, LOSS OF BUSINESS OR BUSINESS OPPORTUNITIES, LOSS OF GOODWILL, REPUTATIONAL DAMAGES, WORK STOPPAGE, BUSINESS INTERRUPTION, OR LOST SAVINGS OR REVENUES OF ANY KIND, OR FOR LOST DATA, DAMAGE TO OTHER SOFTWARE, COMPUTER FAILURE OR MALFUNCTION OR DOWNTIME. CYBEREASON’S TOTAL AND CUMULATIVE LIABILITY FOR ALL CLAIMS UNDER THIS AGREEMENT AND/OR ANY ORDER, OR FOR BREACH OF THIS AGREEMENT AND/OR ANY ORDER, HOWEVER CAUSED AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, SHALL IN NO EVENT EXCEED 100% OF THE AGGREGATE AMOUNT RECEIVED BY CYBEREASON FROM PARTNER UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHPERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION AROSE. THE LIMITATIONS SET FORTH HEREIN SHALL APPLY EVEN IF CYBEREASON AND ITS RELATED PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. IN NO EVENT SHALL THERE BE ANY DUPLICATION OF LIABLITY BETWEEN CYBEREASON AND PARTNER AND/OR END USER.

8.3 ALL REPRESENTATIONS MADE OR AGREEMENTS EXECUTED BY PARTNER TO OR WITH ANY END USER PURSUANT TO THIS AGREEMENT SHALL BE PARTNER’S SOLE RESPONSIBILITY. FURTHERMORE, EACH SUCH AGREEMENT SHALL CONTAIN AN ACKNOWLEDGMENT BY ANY THIRD PARTY THAT IT IS NOT RELYING ON ANY REPRESENTATIONS OR WARRANTIES MADE BY CYBEREASON EXCEPT FOR THOSE WARRANTIES EXPRESSLY MADE IN THE END USER AGREEMENT.

9. Compliance with Laws

9.1 Partner hereby agrees on its behalf and on behalf of its owners, partners, officers, directors, employees, affiliates, and other persons acting for or on its behalf to abide and strictly comply with Cybereason’s Business Partner Code of Conduct.

9.2 Partner shall comply and shall at all times conduct its business in full accord with all applicable Anti-Corruption Laws.

9.3 Partner shall notify Cybereason in writing of any change in its ownership or in its directors or officers, or if any of its owners, partners, officer, directors, employees or other persons acting on its behalf is or becomes a Government Official within seven (7) business days of the effective date of any such change.

9.4 Cybereason shall have the right, from time to time at its expense, to review the books, records, and accounts of the Partner relating to its activities under this Agreement or to have such audited by its auditors or any consulting firm Cybereason chooses in its sole discretion for the purpose of verifying compliance with this Section 9. Partner shall fully cooperate in any audit conducted by or on behalf of Cybereason. Cybereason shall not be liable to Partner for any claims related to its decision to audit Partner under this Section.

9.5 Partner represents to Cybereason that (i) neither Partner nor any of its owners, partners, officers, directors, employees, or any other persons acting for or on its behalf is a Prohibited Person, and (ii) Partner shall comply with, and shall at all times conduct its business in full accord with, all applicable laws, decrees, ordinances and regulations, including those related to anti-boycott, import or use restrictions, of the U.S., the UN and that of the Territory and the jurisdictions in which each of the Parties to this

Cybereason Partner Agreement – Online Version- April 2023
Agreement operate, together with any amending, consolidating or successor legislation or case law which has effect from time to time in the relevant jurisdiction.

9.6 Partner agrees to comply strictly with all Export Controls and Economic Sanctions Laws and Partner shall take no action that would cause Cybereason to violate any U.S. or other applicable export controls or economic sanctions laws or regulations. Partnershall take all actions, furnish all documents, and provide all assistance reasonably requested by Cybereason in connection with any application by Cybereason for any export license or authorization that may be required under Export Control and Economic Sanctions Laws for the sale, supply, export, re-export, transfer, or support of any of the Offerings to any Target or End User to which the Partner has marketed, promoted, or provided such Offering within the Territory.

9.7 Partner expressly agrees that, without the prior written authorization of Cybereason and the applicable Government, Partner shall not (a) directly or indirectly acquire, export, re-export, divert, ship or transfer the Offerings or Cybereason’s Confidential Information or any related intellectual property or direct product thereof to or for the benefit of any Prohibited Person, or (b) directly or indirectly disclose any data derived from Cybereason’s Offering or any related intellectual property or direct product thereof to or for the benefit of any Prohibited Person when such disclosure is restricted or prohibited by Export Controls and Economic Sanctions Laws. Partner agrees to assist Cybereason with reasonable requests with respect to the Parties’ compliance with Export Controls and Economic Sanctions Laws, including furnishing applicable certification and other documentation with respect to Targets.

9.8 Partner undertakes that no Target or End User is a Prohibited Person; and that none of the Offerings will be used for nuclear activities, chemical/biological weapons, or missile projects unless authorized by the U.S. Government.

9.9 Partner acknowledges that from time to time during the term of this Agreement, Cybereason may in its discretion obtain and review information regarding Partner’s business practices and history and conduct customary background checks with respect to Partner, and Partner will cooperate as reasonably requested by Cybereason with all such inquiries, including information substantiating Partner’s compliance with this Section.

9.10 Partner shall cause its owners, partners, officers, directors, employees, affiliates, and other persons acting for or on its behalf to, promptly complete any training required by Cybereason, including any training relating to Anti-Bribery and Anti-Corruption and/or Export Controls and Economic Sanctions Laws. Where deemed necessary by Cybereason, Partner will make its owners, partners, officers, directors, employees, affiliates, and other persons acting for or on its behalf reasonable available for training conducted by Cybereason.

9.11 Notwithstanding any other provision of this Agreement, Cybereason shall not be obligated to take any action or omit to take any action under this Agreement that it believes, in good faith, would cause it to be in violation of any applicable U.S. or other law or regulation, including Anti-Corruption Laws and Export Controls and Economic Sanctions Laws. Furthermore, Cybereason shall not take any action or omit to take any action under this Agreement to the extent that doing so would expose Cybereason to any applicable prohibition or restriction under any Export Control and Economic Sanctions Laws.

10. Mutual Representations and Warranties
Each Party represents and warrants to the other that it has been duly registered and (if an entity rather than an individual) organized in accordance with all applicable laws, it has received all necessary governmental authorizations to enter into and perform its obligations under this Agreement, if not an individual its entry into and performance under this Agreement has been duly authorized by all necessary corporate or other entity action, its entry into and performance of this Agreement will not violate any applicable laws or any other agreements to which it is bound, and this Agreement constitutes its legal, valid and binding agreement, enforceable in accordance with its terms subject to applicable bankruptcy, insolvency, moratorium or other similar laws affecting the rights of creditors generally and the application of general principles of equity (regardless of whether considered in a proceeding at law or in equity).

11. Indemnification by Partner
Partner shall be liable for damages or remedies as provided by law, and shall defend, indemnify and hold Cybereason harmless from any liability, judgment, fine, loss, damage, claim or expense arising out of or relating to any breach by Partner of any of Partner’s representations or warranties set forth herein or relating to or arising from Partner’s performance or its failure to comply with its obligations under this Agreement.

12. Confidentiality

12.1 The Receiving Party will maintain the Confidential Information in strict confidence and will use at least the same degree of care and discretion it uses to protect the confidentiality of its own confidential, proprietary or trade secret information of similar nature but not less than a reasonable degree of care.

Cybereason Partner Agreement – Online Version- April 2023

12.2 Except as expressly authorized hereunder, the Receiving Party will not disclose or use or allow others to disclose or use theConfidential Information without the prior written consent of the Disclosing Party. The Receiving Party shall only use the Confidential Information for the purposes of this Agreement (the “Purpose") and only disclose the Confidential Information to those of its Representatives who need to have access to same for the Purpose, provided that each of the Representatives to whom the Confidential Information is disclosed is bound by confidentiality obligations no less restrictive than those contained herein and the Receiving Party agrees to enforce any such undertaking. Notwithstanding the above, the Receiving Party acknowledges that it shall be responsible for any breach of any of the provisions of this Agreement by any of its Representatives, including after termination of their employment or engagement, as the case may be. The Receiving Party agrees to promptly notify the Disclosing Party in writing of any misuse or misappropriation of Confidential Information which may come to its attention.

12.3 If the Receiving Party or any of its Representatives receives a request or order for disclosure of Confidential Information from any court, tribunal, government department or agency or other official body, or Receiving Party believes disclosure is otherwise required under applicable law, if legally permissible, it shall promptly notify the Disclosing Party and shall cooperate with the Disclosing Party (at the Disclosing Party’s expense) in seeking a protective order or other appropriate remedy. If, in the absence of a protective order or other remedy, the Receiving Party or any of its Representatives is legally compelled to disclose Confidential Information, it may disclose only that portion of the Confidential Information which is legally required to be disclosed.

12.4 The Receiving Party shall notify the Disclosing Party immediately in writing upon becoming aware that any Confidential Information has been disclosed to an unauthorized third party and assist the Disclosing Party in remedying such unauthorized disclosure.

13. Term and Termination
13.1 This Agreement is effective on the Effective Date and, unless terminated as provided in this Agreement, shall remain in effect for one (1) year and shall automatically renew for successive one (1) year terms unless terminated by either Party by providing written notice of non-renewal to the other Party at least 30 days prior to the applicable renewal date. The termination or expiration of this Agreement shall not affect the obligations of either Party to the other Party pursuant to any purchase order previously executed hereunder, and the terms and conditions of this Agreement shall continue to apply to such purchase order as if this Agreement had not expired or been terminated.

13.2 If either Party breaches a material provision of this Agreement and fails to cure such breach within thirty (30) days after receiving written notice of the breach, the non-breaching Party shall have the right to terminate this Agreement at any time. Partner’s breach of any payment obligation constitutes a default on the date the payment is due and Cybereason shall have the right to immediately terminate or suspend this Agreement. Either Party may terminate this Agreement, effective immediately, if the other Party becomes the subject of a voluntary or involuntary petition in bankruptcy or any proceeding relating to insolvency, receivership, liquidation or composition for the benefit of creditors that, in the case of an involuntary proceeding, is not dismissed within sixty (60) days. Cybereason may terminate this Agreement or any other agreement with Partner without any further obligation if Partner, or its equity holders, partners, officers, directors, employees, representatives, affiliates, subcontractors, or other agents, take any action which in Cybereason’s sole discretion potentially violates any provision of this Agreement.Cybereason shall have the right to terminate this Agreement immediately upon Partner’s violation or suspected violation of Section 9 hereof.

14. Effect of Termination

14.1 Upon the termination or expiration of this Agreement (i) Partner shall (unless set out in the relevant Capacity Addendum or agreed between the Parties in writing) immediately cease use of the Offering and Cybereason's Confidential Information and shall delete the Offering from Partner’s systems and shall no longer access Cybereason’s systems in any manner (including cloud based applications), (ii) all of Partner’s rights hereunder, including with respect to the Offering and Cybereason’s Confidential Information, shall immediately terminate, provided that each End User Agreement in place with an End User with respect to an Offering shall survive in accordance with its terms, subject to termination in accordance with its terms under the applicable End User Agreement and (iii) each Party will treat all Confidential Information of the other Party hereto as stated in Section 12 of this Agreement.

14.2 In the event of termination by either Party in accordance with any of the provisions of this Agreement, neither Party shall be liable to the other, because of such termination, for compensation, reimbursement or damages on account of the loss of prospective profits or anticipated sales or on account of expenditures, inventory, investments, leases or commitments in connection with the business or goodwill of either Party. Termination shall not, however, relieve either Party of any obligations incurred prior to the termination, including, without limitation, the obligation of Partner to pay Cybereason for the Offerings purchased prior to such termination. No Partner Subscription Fees or fees for Services paid hereunder shall be subject to repayment or credit in whole or in part in connection with any such termination, nor relieve Partner of its obligations to make

Cybereason Partner Agreement – Online Version- April 2023
all payments due hereunder to Cybereason without deduction, offset, setoff, counterclaim or reduction, recoupment or other charge.

14.3 The provisions of Sections 1, 2.6, 4, 5.6, 8, 9, 10, 11, 12, 14 and 15 of this Agreement, and all payment obligations incurred during the term of this Agreement, shall survive the expiration or termination of this Agreement for any reason. All other rights and obligations of the parties shall cease upon termination of this Agreement.

15. Miscellaneous

15.1 If any portion of this Agreement is held invalid, the parties agree that such invalidity shall not affect the validity of the remaining portions of this Agreement.

15.2 The failure of either Party to exercise any right granted herein or to require any performance of any term of this Agreement or the waiver by either Party of any breach of this Agreement shall not prevent a subsequent exercise or enforcement of, or be deemed a waiver of any subsequent breach of, the same or any other term of this Agreement.

15.3 Nothing in this Agreement shall constitute or create a joint venture, partnership, or any other similar arrangement between the parties. No Party is authorized to act as agent for the other Party hereunder except as expressly stated in this Agreement.15.4 All notices required or permitted under this Agreement will be in writing and will be deemed received when (a) delivered personally; (b) when sent by e-mail (followed by the actual document in air mail/air courier); (c) three (3) days after having been sent by registered or certified mail, return receipt requested, postage prepaid (or six (6) days for international mail); or (d) one (1) day after deposit with a commercial express courier specifying next day delivery or, for international courier packages, two (2) days after deposit with a commercial express courier specifying 2-day delivery, with written verification of receipt. Unless  otherwise specified, the address of each Party for the purpose of serving notices is as set out above and shall be sent to attention of the General Counsel of each Party.

15.5 Partner shall not assign or transfer this Agreement or any rights or obligations under this Agreement, without the prior written consent of Cybereason. Cybereason or any successor may assign or transfer, in whole or in part, any or all of its rights under this Agreement from time to time (including but not limited to assignment or transfer by way of merger, consolidation or sale of assets or shares, and assignment or transfer to a third party or to a subsidiary) without the consent of Partner or any End User. Any assignment or transfer of this Agreement made in contravention of the terms hereof shall be null and void. Subject to theforegoing, this Agreement shall be binding on and inure to the benefit of the Parties’ respective successors and permitted assigns.

15.6 This Agreement is to be construed in accordance with and governed by the laws of the applicable jurisdiction, as set forth in the table below (the “Applicable Jurisdiction”) without giving effect to any choice of law rule that would cause the application of the laws of any other jurisdiction. Any legal suit, action or proceeding arising out of or relating to this Agreement shall be commenced only in the courts of the Applicable Jurisdiction and each Party hereto irrevocably submits itself to the exclusive jurisdiction and venue of any such court in any such legal suit, action or proceeding. Region in which Partner’s Address is Located Applicable Jurisdiction Europe/Middle East and Africa (EMEA) London, EnglandAsia/Pacific (APAC) and India (excluding Japan) Singapore, Republic of Singapore, North America/Central & Latin America, (NA/CALA), New York, NY, USA, Japan Tokyo, Japan

IF RELEVANT TO THE APPLICABLE JURISDICTION, EACH PARTY HERETO HEREBY IRREVOCABLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL SUIT, ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT.

15.7 Neither Party shall be responsible for any failure to perform or delay in performance of its obligations (other than payment obligations) under the Agreement attributable in whole or in part to any cause beyond its reasonable control, including but not limited to acts of God, government actions, pandemic (other than COVID 19), war, civil disturbance, insurrection, riots, terrorism, sabotage, labor shortages or disputes, failure or delay in delivery by suppliers or subcontractors, transportation difficulties, shortage of energy, raw materials or equipment, or the other Party’s fault or negligence or any other force majeure event.

15.8 Each of Cybereason’s licensors shall be entitled to enforce, on a non-exclusive basis, the rights of Cybereason under this Agreement that are for the benefit of such licensor as if such licensor was a party to this Agreement. Cybereason is a third-party beneficiary of, and is entitled to enforce, any limitations on rights under and use of each Offering sold or otherwise provided by Partner to any End User. For the avoidance of doubt, this Section does not limit or condition the rights in relation to this Agreement or any right to enforce the terms hereof, of assignees and transferees permitted under Section 15.5.

Cybereason Partner Agreement – Online Version- April 2023

15.9 This Agreement, (including each purchase order, each Cybereason quotation document and any documents incorporated herein or therein by reference such as the relevant Capacity Addendum and the Partner Program), constitutes the entire agreement between the Parties concerning the subject matter hereof and supersedes all prior communications, transactions, and understandings, whether oral or written, with respect to the subject matter hereof and constitute the sole and entire agreement between the parties pertaining to the subject matter hereof. No modification, addition or deletion, or waiver of any of the terms and conditions of this Agreement shall be binding on either Party unless made in a non-preprinted agreement clearly understood by both parties to be a modification or waiver, and signed by a duly authorized representative of each Party, provided that the End User Agreement may be amended, modified or supplemented by Cybereason as provided under Section 1.8.

Cybereason Address for Notice:

as set out in preamble with a copy to: E-mail: legal@cybereason.com
Partner Address for Notice:as submitted by Partner to Cybereason upon 
registration 
Exhibits
Exhibit A – Reseller Partner Capacity Addendum
Exhibit B – MSSP Partner Capacity Addendum
Exhibit C – IR and Advisory Partner Addendum
Exhibit D – Distributor Partner Addendum

Cybereason Partner Agreement – Online Version- April 2023
Exhibit A – Reseller Partner Capacity Addendum
Subject to the provisions of the Partner Agreement between Partner and Cybereason (including this Capacity Addendum and the provisions of the Partner Program) (the “Agreement”) which are incorporated herein by reference, Cybereason hereby authorizes Partner to market and promote the Offerings in the Territory and act as a Cybereason reseller to submit Purchase Orders on behalf of End Users in the Territory for the Offerings and collect the relevant fees payable by such End Users in respect of the Offerings, on a nonexclusive, non-sublicensable, nontransferable basis, all subject to payment by Partner to Cybereason of the applicable fees agreed between Cybereason and Partner. The authorization set forth in this Section shall be effective once the Partner is approved by Cybereason for this specific capacity and has executed the Partner Agreement. Capitalized terms used and not defined in this Capacity Addendum shall have the meaning ascribed thereto in the Partner Agreement.

1. Subject to and conditioned upon the End User entering into an End User Agreement with Cybereason, the Offering shall include the number of endpoint installations purchased by the Partner from Cybereason. Partner is obligated, and hereby agrees to include the following language on any document in which it offers the Offerings to its customers: “Any use of the Cybereason products and services is subject to and hereby incorporates by reference the Cybereason Master License and Services Agreement located at https://www.cybereason.com/mlsa and if applicable the service descriptions located at https://www.cybereason.com/terms/services. Notwithstanding the foregoing, if you have executed a separate agreement or Statement of Work with Cybereason in connection with the products and services ordered hereunder, such separate agreement or Statement of Work will take precedence”

2. Unless otherwise approved by Cybereason in writing or otherwise set forth herein, Partner is not authorized to, and shall notmake any undertakings, warranties or representations with regard to the Offerings beyond those set out in the End User Agreement.

3. Cybereason shall use commercially reasonable efforts to provide support and maintenance to the End User during the relevant subscription period in accordance with Cybereason’s support and maintenance policies as set forth in the End User Agreement, as may be amended from time to time in accordance with the End User Agreement.

Cybereason Partner Agreement – Online Version- April 2023
Exhibit B – MSSP Partner Capacity Addendum
Subject to the provisions of the Partner Agreement between Partner and Cybereason (including this Capacity Addendum and the provisions of the Partner Program) (the “Agreement”) which are incorporated herein by reference, Cybereason hereby authorizes Partner to market and promote the Offerings in the Territory on a and act as a managed security services partner in the Territory for the Offerings, on a nonexclusive, non-sublicensable, non-transferable basis, all subject to payment by Partner to Cybereason of the applicable fees agreed between Cybereason and Partner. The authorization set forth in this Section shall be effective once the Partner is approved by Cybereason for this specific capacity and has executed the Partner Agreement. Capitalized terms used and not defined in this Capacity Addendum shall have the meaning ascribed thereto in the Partner Agreement.

1. Definitions 
“MSSP Services” means any of the following services, provided they have been expressly authorized in advance in writing by Cybereason (i) MSS (managed security services), (ii) MDR (managed detection and response), (iii) DFIR (digital forensics and incident response), (iv) advisory services (v) any other services which involves deployment and/or support of the Offering by Partner. “Multi Customer Instance” means a Cybereason SaaS delivered cloud instance that incorporates data from more than one End User.  “Transaction Agreement” means the agreement between Partner and an End-User, under which, among other things, Partner provides MSSP services to the End-User on a set number of End-User’s endpoints in accordance with this Agreement.

2. Purchase orders
Unless otherwise agreed by Cybereason, the following provisions apply to all purchase orders:

2.1 Purchase Orders Details. Each purchase order must specify as applicable the subscription term, specific Offering, total number of endpoints and, when the workstation/server ratio set out in Section 2.4 below is exceeded. Without derogating from the above and as otherwise agreed between the Parties, Cybereason may reject purchase order for any reason, including, without limitation: (i) the purchase order includes no less than the minimum number of endpoints determined by Cybereason, (ii) the Purchase Order is for an opportunity that has not been approved by Cybereason.

2.2 Minimum Order Size. Any purchase orders submitted by Partner to Cybereason, and/or sold by Partner to End Users must be for at least 100 endpoints for any instance which is not a Multi Customer Instance. Any orders for less sensors is subject toCybereason’s prior written consent.

2.3 Minimum Order Term. All orders must be for a twelve (12) month minimum (with the exception of pay-as-you-grow (PAYG) orders for shorter term commitments which are approved by Cybereason). Provided there remains four (4) months of term on an existing environment, then Partner can co-term additional subscriptions purchased subject to Cybereason’s prior written consent which shall not be unreasonably withheld.

2.4 Ratio. Workstation-to-server ratio for endpoints is 85:15 per instance (i.e. the number of server endpoints in within 15% of the total number of endpoints in the order).

2.5 Excess Use. In the event that Partner contracts with an End User for more endpoints than it has purchased from Cybereason (or from an approved distributor) (“Excess Use”), Cybereason (or the distributor) will invoice Partner for such Excess Use in accordance with the applicable pricing under the Partner Program. Such Excess Use will be co-termed and pro-rated and paid in accordance with the provisions of the Agreement.

3. Data Processing

3.1 The Parties agree that to the extent that Cybereason processes any End User personal data pursuant to Partner’s activities hereunder, then the terms of the Data Processing Agreement set out at https://www.cybereason.com/DPA (“DPA”) shall apply to such processing, with the understanding that all references to “Customer” in the DPA shall be interpreted and understood to refer to Partner, and all references to “Agreement” in the DPA shall be interpreted and understood to refer to the Agreement between Partner and Cybereason. Without derogating from any other provision of the Agreement, Partner undertakes to comply

Cybereason Partner Agreement – Online Version- April 2023
with all applicable laws when processing the End User’s personal data, and will enter a data processing agreement with the End User for such purpose if and to the extent required under said laws.

3.2 Partner is responsible for ensuring that no reporting or data is shared or otherwise disclosed or accessed by any End User who does not own the data. Partner is solely responsible for tagging or labeling each End User customer endpoint (including the End User’s legal entity name and location) and ensuring data grouping and segregation. All data included within a particular instance will have the same data treatment and retention.

4. End User Agreements

4.1 It is agreed that as a condition for Partner to provide any MSSP Services, there must be either (i) a valid Transaction Agreement with each End User under which, amongst others, (a) Partner flows down the following provisions of the End User Agreement: 2 (Access and Use Rights), 3 (Restrictions), 6 (Audit), 7 (Data Collection and Use), and

10 (Warranties and Disclaimers) and (b) stipulates that Cybereason is a third party beneficiary, or (ii) if specifically approved by Cybereason in advance, on a case-by-case basis, a valid end user license agreement between Cybereason and End User titled ‘MSSP EULA’ to be used for the specific End User in question for its receipt of MSSP Services.

4.2 Subject to the payment of all applicable fees and compliance with all the other provisions of the Agreement (including this Capacity Addendum), Partner may use the Offering solely for the purpose of providing the specific MSSP Services agreed between the Parties in writing (whether in a signed quotation or purchase order), for the internal business purposes of End Users in the Territory, and for the number of instances, duration, number of endpoints and other criteria so agreed in writing), as well as for any other MSSP Services that have been approved in accordance with Cybereason’s prior written consent.

4.3 In order to facilitate their collaboration, upon request, Cybereason may agree to make available to Partner certain Offerings for demonstration and/or evaluation and/or lab testing and/or incident response and/or education and/or training purposes. Cybereason will advise Partner if any additional fees apply. Any such arrangement is subject to the provisions of Section 4.13.1 above, and the evaluation provisions set out in the End User Agreement which shall apply between Cybereason and Partner (and which Partner shall flow down to the End User).

5. Offering Use

5.1 Remote Access. Partner acknowledges and agrees (and will cause the End-User to acknowledge and agree) that (a) Cybereason may communicate with the Offerings for reasonable purposes including, (i) verifying credentials; (ii) issuing reports and alerts such as automated support requests and alert messages; (iii) providing support and maintenance services; (iv) applying policyand configuration changes; and (v) extracting usage information, service performance information, and infection logs, and b) such communications do not, in the normal course of business involve the processing of protected health information, financial data, social security numbers or other sensitive (personal) information. Partner will ensure that the Transaction Agreement expressly allows Cybereason to exercise its rights pursuant with the foregoing.

5.2 Alert Messages. Upon receipt of any alert messages from Cybereason, Partner will promptly communicate, as appropriate, such alert messages to its End-Users. Partner acknowledges and agrees that Partner is responsible for checking regularly for alert messages received from Cybereason and is solely responsible for communicating such alert messages to its End-Users.

6. Reports. Within ten (10) business days of the start of each calendar month (or as mutually agreed), Partner will submit a report to Cybereason, by enabling automated reporting (where available) or otherwise by submitting a consolidated manual report to Cybereason in an agreed format. Such report must include the following:
6.1 List of all End-Users including: 
a. End-user entity name, and address
b. End-user point of contact 
c. Total number of end points contracted and deployed
d. Locations where Cybereason’s Offering has been deployed (City/state/country) 
e. Service start date
f. Term of service
g. End point type by count
 
Cybereason Partner Agreement – Online Version- April 2023

6.2 good faith monthly rolling forecasts of Partner’s anticipated requirements for the Offering in the six-month period following the date of such forecast.

7. Quality of Service. Partner will cooperate with Cybereason in performing a quality-of-service assessment via Net Promoter Score Questionnaires (NPS) (or other manner) which may require input and involvement from the End User.

8. PARTNER’S OBLIGATIONS

8.1 Partner’s General Obligations. Partner will at all times:

8.1.1. Prior to providing services to End Users, comply with training and certification requirements as set forth in the Partner Portal, or as mutually agreed in writing, and will maintain the number and level of resources as required by Cybereason at all times while providing services;

8.1.2. Ensure that End-Users receive notification of updates and upgrades promptly and in any event within seventy-two (72) hours following Cybereason making such updates and upgrades available or as otherwise directed by Cybereason;

8.1.3. Except as set forth in Section 8.1.4 below, provide all Level 1 & 2 support to End Users in the manner directed by Cybereason and ensure that End-Users do not contact Cybereason directly. If End-Users contact Cybereason directly, they will be re-directed to the Partner. Cybereason will provide Partner with support in the manner described at: https://nest.cybereason.com/resource-documents/mssp-support-guide, but is not required to provide any support and maintenance of the Offering to Partner’s End-Users. If Partner fails to provide its End User with adequate support or fails to manage the security of their End User’s machines and machine networks to the Cybereason’s satisfaction, Cybereason will have the right, but not the obligation, to step in, contact, and support such End User for the remainder of the term of the Transaction Agreement at Partner’s sole cost and expense and Partner will ensure that the Transaction Agreement expressly allow Cybereason to do so;8.1.4. When the Partner is supporting an End User that has purchased Offerings via a resale order, then Cybereason will direct partner as to the extent and level of support to be provided by Partner to such End User;

8.2 Marketing. Partner shall use commercially reasonable efforts to promote the sale and distribution of the Offering. Any marketing materials or documentation developed by or on behalf of Partner in relation to the Offering shall not be distributed to any third party without Cybereason’s prior approval of the material. Upon approval of the material, Partner shall be able to distribute material to promote the sale and distribution of the Offering, provided that such material incorporates “Powered by Cybereason”. Cybereason shall use commercially reasonable efforts to support Partner in its promotional efforts by providing reasonable marketing, technical, and sales support. Any materials produced by Partner in relation to the Offering must be approved by Cybereason in advance.

9. PRICING
The prices applicable for the MSSP Offerings are as set out in Cybereason’s partner program or as otherwise provided to Partner, unless otherwise agreed between the Parties in writing. For purchase orders submitted by MSSP to an authorized distributor, thefees shall be agreed between Partner and said distributor.

10. TERMINATION.
Subject to the termination provisions of the Agreement, the Parties agree that upon the termination or expiration of the Agreement, all of Partner’s rights hereunder, including with respect to the Offerings, shall immediately terminate, provided that any End User which has executed a Transaction Agreement with Partner for use of the Offerings, and for which Partner has paid Cybereason for the relevant term, may continue to use the Offerings until the end of the paid term (unless termination is due to breach of Section 9 of the Agreement).

11. GENERAL 
Partner’s obligations contained in this Capacity Addendum, shall apply also in the instance in which Partner is submitting orders to distributors and not directly to Cybereason, except for provisions that are obviously replaced by such arrangement (e.g. payments terms which are agreed between Partner and the distributor when payment is made by Partner to distributor and not to Cybereason).

Cybereason Partner Agreement – Online Version- April 2023
Exhibit C – IR and Advisory Partner Addendum
Subject to the provisions of the Partner Agreement between Partner and Cybereason (including this Capacity Addendum and the provisions of the Partner Program) (the “Agreement”) which are incorporated herein by reference, Cybereason hereby authorizes Partner to act as an Incident Response (“IR”) & Advisory Partner in the Territory on a nonexclusive, non-sublicensable, nontransferable basis. Pursuant to this authorization, Partner may be allowed to: (a) procure certain Offerings, (b) install such Offerings on its computers and the computers of Partner’s customers (“IR/Advisory Customers”) who have engaged Partner to (i) provide investigation and incident response services as a result of security breaches, internal or external threats, or other security incidents, or (ii) provide proactive threat hunting, breach discovery, and risk assessment services; (c) use such Offerings to provide such services; and (d) if approved by Cybereason, to permit Partner to leave all or some of the Offerings on IR/Advisory Customer’s endpoints, pursuant to the terms and conditions of the Cybereason Partner Agreement. The authorization set forth in this Section shall be effective once the Partner is approved by Cybereason for this specific capacity and has executed the Partner Agreement. Capitalized terms used and not defined in this Capacity Addendum shall have the meaning ascribed thereto in the Partner Agreement.

1. PROGRAM OVERVIEW AND REQUIREMENTS: In its capacity as an IR & Advisory Partner, and provided Partner maintains the Conversion Target described below, Cybereason may provide to Partner certain Offerings(s) at no additional cost solely in support of Partner’s IR and Advisory Services (i.e. a cyber posture assessment, or insurance qualification audit) Customers (“Short-Term Use Authorization”). The IR Program is measured on the Partner endpoint conversion rate. The target conversion rate of Short-Term Use Authorization converted to annual service subscriptions is 33.3% or higher (“Conversion Target”). Performance against the Conversion Target will be assessed quarterly in arrears, beginning (6) months from the initial contract date, by analyzing the preceding quarter (3) month period (“Assessment Period”). To count towards the Conversion Target, an IR/Advisory Customer must have issued a purchase order for annual subscription services for such Offering(s) within six (6) months from the expiration of the Short Term Use Authorization (“Order Window”). Any purchase made by an IR Customer outside of the Order Window will not count towards the Conversion Target. By way of example, if Partner deploys 3 Short Term instances for a total of 45,000 deployed endpoints, then converts 1 of those IR/Advisory Customers, through MSSP or resale, for a total of 15,000 endpoint annual subscriptions sold within the Order Window, that is a conversion rate of 33.3%. If Partner does not meet the Conversion Target on a quarterly basis, Cybereason has the option to terminate the Partner from the Short Term Authorization Program.

2. ADDITIONAL RIGHTS AND OBLIGATIONS: All use of the Offerings(s) by Partner hereunder is subject to the End User Agreement which is hereby confirmed accepted by Partner. As a Partner under this Capacity Addendum, Partner is hereby authorized to install and use the number of Offerings specified on each particular purchase order, solely on behalf of the particular IR/Advisory Customer during the IR Customer Term (as defined below), or for such term as otherwise expressly permitted by Cybereason in writing in an order. Partner may not permit an IR/Advisory Customer to use the Offering(s) directly and will be responsible for any use or misuse of such Offering(s).

Short Term Use Authorizations cannot be provided to the same IR/Advisory Customer business unit more than twice. The parties acknowledge that Partner's IR/Advisory Customers may have different business units or legal entities, and that independent engagements by separate business units or entities within the same organization shall not violate the foregoing limitation. The parties agree to work together in good faith if needed to resolve any discrepancy.

3. TERM AND QUANTITIES. Short Term Use Authorizations shall be made available to Partner for a period of thirty (30) days, or other mutually agreed upon term and in the quantities agreed by Cybereason in writing (“IR Customer Term”). Any request for an extension to the IR Customer Term shall be approved by Cybereason and pursuant to the rates and terms in 4(a) and (b) below.

a) Partner may procure additional time to extend the Short Term Period for the fees specified in the IR Partner Program documentation and/or as agreed by the Parties.

b) The Short Term Use Authorizations are available for up to two (2) monthly paid extensions only, unless additional extensions are approved by Cybereason in writing.

Cybereason Partner Agreement – Online Version- April 2023

4. RIGHT TO LEAVE OFFERING BEHIND. As of the earlier of the expiration of the IR Customer Term or the conclusion of the Partner’s engagement for an IR/Advisory Customer, Partner will delete all copies of the Offerings(s) from the IR/Advisory Customer devices, unless (a) Cybereason has notified Partner in writing that the applicable IR/Advisory Customer has executed a license agreement with Cybereason for such Offerings(s), (b) Partner has resold the Offering(s) to the IR/Advisory Customer pursuant to the Reseller Capacity Addendum (which shall already be in place between Cybereason and Partner), (c) Partner has entered into an MSSP relationship with the IR/Advisory Customer to provide services to IR/Advisory Customer utilizing the Offering(s) and subject to the terms of the MSSP Capacity Addendum, which shall already be in place between Cybereason and Partner, or (d) if Cybereason otherwise agrees in writing to allow the Offerings(s) to remain installed.

5. EFFECT OF TERMINATION. Promptly upon expiration or termination of the rights hereunder, Partner shall delete (a) all copies of the Offering, other than any copy that Partner is permitted to leave installed in accordance with the terms of Section 5 above, and (b) all related materials. At Cybereason’s request, Partner will provide written certification of such deletion.

6. DISCLAIMER OF WARRANTIES. The Short Term Use Authorizations made available to Partner at no charge are deemed an Optional Tool pursuant to the terms of the End User Agreement, and therefore subject to the warranties and limits of liability applicable to Optional Tools.

7. Data Processing. The Parties agree that to the extent that the Cybereason processes any End User personal data pursuant to Partner’s activities hereunder, then the terms of the Data Processing Agreement set out at https://www.cybereason.com/DPA (“DPA”) shall apply to such processing, with the understanding that all references to “Customer” in the DPA shall be interpreted and understood to refer to Partner, and all references to “Agreement” in the DPA shall be interpreted and understood to refer to the Cybereason Partner Agreement between Partner and Cybereason. Without derogating from any other provision of the Agreement, Partner  undertakes to comply with all applicable laws when processing the End User’s personal data, and will enter a data processing agreement with the End User for such purpose identifying Cybereason as Partner’s sub processor, if and to the extent required under said laws.

Cybereason Partner Agreement – Online Version- April 2023
Exhibit D – Distributor Partner AddendumSubject to the provisions of the Partner Agreement between Partner and Cybereason (including this Capacity Addendum and the provisions of the Partner Program) (the “Agreement”) which are incorporated herein by reference, Cybereason hereby authorizes Partner to market and promote the Offerings in the Territory, and act as a Cybereason distributor to submit purchase orders on behalf of End Users in the Territory for the Offerings, and collect the relevant fees payable by such End Users in respect of the Offerings, on a nonexclusive, non-sublicensable, nontransferable basis. The authorization set forth in this Section shall be effective once the Partner is approved by Cybereason for this specific capacity and has executed the Partner Agreement. Capitalized terms used and not defined in this Capacity Addendum shall have the meaning ascribed thereto in the Partner Agreement

1. In addition to the foregoing appointment, Cybereason hereby authorizes Partner to appoint non-exclusive, authorized resellers to sell the Offerings to End-Users in the Territory (“Resellers”) (in the event of a software Offering, such sales shall be of licenses), provided that (i) Partner ensures that in connection with its general agreements with the Reseller, all such Resellers are legally bound in writing by substantially similar terms and conditions applicable to Partner under the Agreement (including this Capacity Addendum, but excluding any right for such Resellers to appoint additional resellers), and (ii) Partner only appoints Resellers that have been approved in advance by Cybereason; and (iii) Partner shall use its best endeavors to ensure compliance of its Resellers’ acts and omissions with respect to the Cybereason Offerings and all related obligations under their applicable Reseller agreements, and (iv) Partner continuously monitors its Resellers’ compliance with their contractual obligations (including, inter alia, compliance with all obligations under Section 9 of the Cybereason Partner Agreement (Compliance with Laws) below, and (v) Partner includes in each quotation it issues to a Reseller pursuant to this Capacity Addendum (“Distributor Quotation”) a statement that the transaction under said quotation is subject to and governed by the terms and conditions located at https://www.cybereason.com/terms-and-conditions/disti-res, and countersignature by Reseller of said quotation and/or issuance by Reseller of a purchase order to Partner under said quotation (“Reseller PO”) shall constitute Reseller’s acceptance of said terms and conditions.

2. Partner may appoint Resellers only with prior written approval from Cybereason. Partner must register with Cybereason all approved and appointed Resellers promptly upon their appointment in the manner instructed by Cybereason. Partner shall not authorize nor appoint any dealers, representatives, sub-distributors, original equipment manufacturers, value-added distributors, systems integrators, or other third parties, to market, promote, demonstrate, distribute, or sell Cybereason Offerings. Except as expressly provided for in writing, Partner shall not rent, issue, auction, sell, assign, use the Offerings for outsourcing purposes, provide application or Internet service provider’s services or otherwise transfer the Offerings.

3. Cybereason also hereby authorizes Partner to appoint approved Resellers, on a non-exclusive basis, to act as a Cybereason managed security services provider (MSSP) partner (“MSSP Reseller”) and for Partner to submit purchase orders to Cybereason for such purpose, subject to the provisions of the Agreement (including this Capacity Addendum) as well as the following additional provisions:

3.1 Any such MSSP Reseller has first received Cybereason’s prior written approval to act as a Cybereason managed security services partner and has executed Cybereason’s Partner Agreement and MSSP Capacity Addendum which are valid and in effect at the time of submitting such a purchase order; and

3.2 Any purchase order submitted by Partner to Cybereason for such purpose contains all the details and meets all of MSSP Reseller’s obligations as set out in the Agreement and the MSSP Capacity Addendum) and shall be subject to the provisions of the same; and

3.3 Cybereason may terminate any such purchase order for managed security products and services submitted hereunder in the event that the MSSP Reseller is in breach of any of its obligations.

4. In the event that a MSSP Reseller has been approved to participate in Cybereason’s PAYG program and has executed the PAYG Capacity Addendum (“MSSP PAYG Reseller”), Partner may submit purchase orders to Cybereason under said program subject (a) to the provisions of Section 3 above which shall also apply mutatis mutandis to orders subject to the PAYG program, and (b) all the pricing and payment terms set out in the PAGY Capacity Addendum shall be understood to apply to Partner who shall be directly responsible to pay Cybereason in accordance with both: (i) the provisions of the order it has submitted to Cybereason, (ii) the PAYG Capacity Addendum and (iii) all other provisions of the Agreement.

Cybereason Partner Agreement – Online Version- April 2023

5. With regard to any supply of the Offerings by Partner to End Users, it is agreed that in addition to the provisions of the Agreement, the provisions of the Reseller Capacity Addendum shall apply as well.

6. Partner shall neither solicit nor accept purchase orders (i) outside the Territory; (ii) from any Cybereason exclusive account(s); (iii) from other distributors; (iv) for any services other than from customers who have purchased the Offerings related to such services through Partner. Furthermore, Partner shall not provide any pricing, financial or other commercial information regarding the Offerings to any third party that is not a Reseller that has already been approved by Cybereason in writing.

7. Partner agrees that: (i) Partner will use best efforts to promote, market, and sell the Offerings to potential End Users in the Territory in accordance with the Agreement, this Capacity Addendum and the Partner Program; (ii) Partner will actively recruit and train Resellers to be effective in selling and supporting the Offering(s); (iii) Partner will ensure that Resellers shall solely determine the price and payment terms for the Offering(s) as between Reseller and the End User; (iv) Partner shall solely determine the price and payment terms for the Offerings as between Partner and the End User and/or Reseller/MSSP Reseller; (v) Partner will (a) conduct business in a manner that reflects favorably on the Offerings and the good name, goodwill, and reputation of Cybereason; (b) not engage in deceptive, misleading, or unethical practices and (c) make no representations or warranties concerning the capabilities, functionality, performance or other characteristics of the Offerings other than those which are consistent in all material respects with, and do not expand the scope of the Documentation; (vi) Partner will comply with all policies and procedures established by Cybereason from time to time regarding the promotion of the Offerings, the solicitation and/or submission of purchase orders and all other matters related to the distribution of the Offerings; and (vii) Partner shall not disparage or make any negative comments with respect to Cybereason or the Offerings, as well as Cybereason’s business and operations.

8. Partner shall use best efforts to accurately explain the Offerings to prospective End Users, and upon request by Cybereason, Partner shall provide available feedback to Cybereason regarding a prospective End User’s concerns and reactions, if any, relating to its purchase of any Offerings.

9. Partner shall have access to Cybereason’s generally available online partner product training at no additional charge via Cybereason’s partner portal.

10. Partner may only provide implementation services for the Offerings if Partner has complied with the requirements of Cybereason’s partner technical enablement program.
 
11. Partner must deliver each purchase order to Cybereason within forty-eight (48) hours of Partner’s initial receipt of the purchase order from End User or Reseller/MSSP Reseller. In addition to the provisions of the main agreement applicable to purchase orders, it is agreed that each order from Partner to Cybereason shall reference general details of the Distributor Quotation, including: the date and serial/identifying number of the Distributor Quotation, as well as identifying details for the Reseller and End User (formal legal name and address of business). Upon Cybereason’s request, Partner will provide Cybereason with a copy of the relevant Distributor Quotation and the Reseller PO (for the avoidance of doubt, Reseller PO shall be interpreted to include the purchase order issued by the MSSP Reseller to Partner for MSSP products/services as contemplated above where relevant).