Product Specific Terms

Professional Services shall be subject to and governed by the following:

PROFESSIONAL SERVICES SUPPLEMENT

DEFINITIONS

“Customer Documentation” means any documentation developed, conceived, or acquired specifically for, or on behalf of, Customer in connection with the Professional Services.

“Customer Materials” means any information, specifications, instructions, or materials provided by Customer in connection with the Professional Services.

“Deliverables” means any reports documents, templates, studies, documentation, customization, parameter setting, specifications and other work product that Cato delivers in connection with the Professional Services. Deliverables excludes Customer Documentation.

"On-Call Fee" means a premium charged for the availability of on-call support during not otherwise scheduled Professional Services. Such fee is in addition to any consumable hours charged or used, including any Minimum Time Consumption requirements on a particular day.   

“On-Call Support” means any established time during which Cato will be readily available to perform Professional Services upon communicated request by Customer but otherwise not actively performing Professional Services during the time.

“Professional Services” means the technical and consultative services provided to Customer, including, without limitation, deployment, advisory services, training, and the development and delivery of any Deliverables related to the Cato Services purchased by Customer.

“Professional Services Package” means the hours-based Professional Services package purchased by Customer, the terms for which are incorporated herein by reference and set forth in the applicable Order Form.

PERFORMANCE. 

Cato will provide the Professional Services, on a remote basis, and on a mutually agreed upon schedule, in accordance with this Supplement, the applicable Professional Services Package, and Order. Cato is responsible for the provision of the Professional Services in accordance with this Supplement, the applicable Professional Services Package, and applicable Order and Cato will control the method and manner of performing all work necessary for completion of Professional Services. Cato will only allocate personnel for the provision of the Professional Services once Customer has executed the applicable Order. 

CUSTOMER RESPONSIBILITIES. 

Customer will comply with the terms of this Supplement, the applicable Professional Services Package, and the applicable Order. Customer will cooperate reasonably and in good faith with Cato in its provision of the Professional Services by, without limitation: (a) providing Cato sufficient resources, knowledgeable employees or staff of Customer; (b) timely access to accurate and complete Customer Materials; (c) timely, accurate, and complete responses to inquiries or requests for feedback or information from Cato; (d) appointing a primary point of contact for Cato that can make authorized decisions on behalf of Customer; and (e) actively participating in scheduled project meetings with Cato. If Customer’s failure to comply with this Section prevents Cato from providing the Professional Services, as determined by Cato in its sole discretion, Cato’s obligation to provide the Professional Services will be excused until Customer remedies such failure and Cato will not be responsible for any delays resulting therefrom. 

STANDARD WORK DAY.

Unless otherwise agreed by Cato in writing, the Standard Work Day is any 8-hour period of work, Monday through Friday, between 8:00 AM and 6:00 PM in the time zone which is local to the Customer’s primary point of contact for the project and excluding Customer observed public holidays of the location. If Professional Services are performed outside of the Standard Work Day, one (1) hour will be consumed/charged for each thirty (30) minutes Cato performs Professional Services. 

STANDARD TIME CONSUMPTION.

Time is billed in thirty (30) minute increments with a minimum of one (1) hour billed time per any Standard Work Day in which Professional Services are scheduled.  Services canceled with less than one (1) business day notice, not attended by Customer or other required parties acting on behalf of Customer, or concluded early will incur at least one (1) hour billed time for that day and up to the entire scheduled meeting duration. When Professional Services are performed outside the Standard Work Day, a minimum of two (2) hours billed time will be incurred for that day. 

• e.g. Professional Services is performed for 30 minutes on Saturday which results in two (2) hours billed based on Professional Services performed outside the Standard Work Day 
• e.g., Professional Services is performed for 90 minutes on Sunday which results in three (3) hours billed as time worked outside the Standard Work Day is billed at one (1) hour for every 30 mins of work performed
• e.g., Professional Services is performed for 60 minutes, 30 minutes during the Standard Work Day and 30 mins outside the Standard Work Day which results in the minimum two (2) hours billed when work is performed outside the Standard Work Day
• e.g., Professional Services is performed for 90 minutes, 30 minutes during the Standard Work Day and 60 minutes outside the Standard Work Day which results in 2.5 hours billed as time worked with outside the standard work day is billed at one (1) hour for every 30 minutes worked.

ON-CALL SUPPORT.

Cato will provide On-Call Support on best effort basis during a date and time which is pre-agreed upon between both Customer and Cato in writing with no less than five (5) business day advance notice. On-Call Support will incur an On-Call Fee of one (1) hour billed during the Standard Work Day, and two (2) hours billed outside of the Standard Work Day. Professional Services performed upon Customer request during the On-Call Support will be billed in addition to the billed On-Call Support Fee. Standard Work Day billing terms shall apply to any Professional Services performed during On-Call Support including the increased time billing when Professional Services are performed outside the Standard Work Day.

INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP

The parties acknowledge that the Professional Services performed by Cato hereunder may utilize material or processes developed by Cato under similar terms and conditions for others, and Cato shall retain all right, title and interest in such.. Nothing contained herein shall restrain Cato or its personnel in the use of the techniques and skills of computer operation, system design and programming acquired in the performance of services hereunder. Notwithstanding, Cato grants Customer a non- exclusive, world-wide royalty-free license to use any Deliverables produced under this Supplement in a manner consistent with and subject to Cato’s then current grant of rights as provided in the MSA and applicable Order.

WARRANTY DISCLAIMER. 

CATO WILL PROVIDE THE PROFESSIONAL SERVICES IN FURTHERANCE OF THE PARTIES’ MUTUALLY AGREED OBJECTIVES, BUT DOES NOT GUARANTEE COMPLETION OF ANY SPECIFIC RESULT(S) OR DELIVERABLE NOR OFFER ANY WARRANTY THEREOF. THE PROFESSIONAL SERVICES, DELIVERABLES, CATO INTELLECTUAL PROPERTY, AND CUSTOMER DOCUMENTATION ARE PROVIDED TO CUSTOMER “AS IS.” THE PROFESSIONAL SERVICES DO NOT CONSTITUTE COMPLIANCE ADVICE OR GUIDANCE. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS RELIANCE UPON THE PROFESSIONAL SERVICES, DELIVERABLES, CATO IP, AND CUSTOMER DOCUMENTATION.  CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR CATO’S BREACH OF THIS SECTION WILL BE FOR CATO TO RE-PERFORM THE NON-CONFORMING PORTIONS OF THE PROFESSIONAL SERVICES.

EXPIRATION OF PROFESSIONAL SERVICES

Unless otherwise stated in an Order, any non-recurring, non-subscription based Professional Services purchased in the applicable Order or a previous Order must be used no later than 15  months after the  from the Effective Date of the applicable Order, after which time the option to use the Professional Services will expire and no refund or credit will be granted. Cato will allocate Professional Services resources within 10 business days of a Customer’s or Partner’s (as applicable) request, and it is the Customer’s/Partner’s responsibility to ensure sufficient lead time is available to consume all services within the term. Cato shall not be liable for any Professional Service hours not consumed within the above mentioned time frame

MDR Services shall be subject to and governed by the following: 

MANAGE DETECTION RESPONSE (“MDR”) 
SUPPLEMENT 

1. Supplement
   1. The parties agree to the terms of the MDR Services Proposal in connection with the Cato’s Manage Detection Response services (“MDR Services”) and the terms of the applicable Order in relation to the MDR Services.
   2. The Service Level Agreement (“SLA”) for Cato Services provided to Customer according to the applicable Order shall remain in effect for the Cato Services, while the MDR Services SLA attached hereto as Schedule 1 (the “MDR SLA”) shall apply to the MDR Services.
   3. Customer’s subscription to the Cato Services, which will include the MDR Services, pursuant to the applicable Order and this Supplement, shall remain in effect for the Term, all in accordance with the MSA.
2. Miscellaneous
   1. In any case of contradiction between the terms of this Supplement, the Order Form and the MSA, as far as the MDR Services are concerned, the terms of this Supplement shall prevail.

Schedule 1 –  MDR SLA; 

Schedule 1

SLA OBJECTIVE

This SLA is an integral part of the applicable Order for Cato Networks MDR Services ("Agreement") and subject to the terms set forth therein. Defined terms shall have the meaning ascribed to them in the Agreement unless defined otherwise herein.

1. TERMS AND DEFINITIONS

For the purpose of this SLA, the terms in bold are defined as follows:

“Device(s)” refers to a machine which is connected and is monitored by the Cato Cloud, it can be a user’s PC, Server or a mobile device.

“Incident(s)” or “Security Incident(s)” refers to a (suspicious or suspected) malicious activity that implies on a compromised device, that a Device is already infected, and a threat is already activated for some time on a specific Device which can be: Malware, PUP, Network Scan and/or other types of threats that may affect the Device.

“Initial Incident Response” shall mean a report by Cato to Customer and/or an action taken by Cato, either as a response to an Incident, in Cato’s discretion.

“Incident Response” – an action taken by Customer, as a response to Cato’s Initial Incident Response.

“Malware”- Malicious software that is installed on a user’s Device with or without User's intention, and allows to remotely control, read/steal User data, and take actions on behalf of the User without User's intention.

“Inquiry to Customer” a question that is raised by Cato to Customer, through the IMS, regarding a suspicious activity or any other activity that may result in an Incident.

“Network Scan” - potentially unwanted network scan over the network which implies on a compromised Device or Malware infection.

“PUP” – A potentially unwanted program that is installed on a User’s Device with or without User's intention, such software may lead to an installation of Malware or other software without the User’s intention.

“User” shall mean a person using a Device.

“Risk Level” – an attribute which is assigned to an Incident which can be: Low, Medium or High. This attribute represents the potential risk of an incident. The risk is decided by Cato analysts per incident. For example - An active Malware infection could be assigned as “High” while a PUP could be assigned with “Low” or “Medium”, each time depends on the current facts of the Incident.

1. SERVICE LEVELS
   1. Incident Management System. 
      Customer shall have access to information about Incidents that were identified by Cato via an Incident Management System available at: https://mdr.catonetworks.com (the “Incident Management System” or “IMS”), which will serve as the main communication channel between Cato and Customer in respect of Incidents. Through the IMS, Customer may request additional information about Incidents (“RFI”, “Request for Info”). Through the IMS Cato may raise an Inquiry to Customer. 
      
   2. Monitoring, Detection, Initial Incident Response and Incident Response. 
      
      1. Monitoring & Detection. 
         Cato monitors for Security Incidents, on a daily basis, analyzes and validates Incidents on Devices, connected to Cato Cloud. For each Incident, the Customer will be notified via the IMS. Cato shall assign to each Incident the applicable Risk Level. Cato may initiate an Initial Incident Response (when feasible), however, such actions, if taken, are not exhaustive, and it is Customer's sole responsibility to ensure that an adequate Incident Response and remediation is executed. Cato does not warrant that any Initial Incident Response will be carried out, or if one taken, such will be effective.
      2. Initial Incident Response. 
         Upon detection of Incidents, Cato shall provide an Initial Incident Response to Customer, which can be either a report and/or may apply one or more of the following actions: 
          
         Blocking access to IP addresses; Blocking access to Domains; Blocking in-coming files; 
          
         For the removal of doubt this list is neither an undertaking to perform or an exhaustive list and is provided as an example only.
      3. Incident Response. 
         Customer should promptly undertake an appropriate Incident Response after receiving the Initial Incident Response from Cato, in accordance with own applicable policies. Customer shall have sole responsibility for applying the Incident Response, and remediation and containment of any and all Incidents. 
         
   3. Monthly Report 
      Cato shall provide Customer with a monthly report comprising a summary of all Incidents identified and recorded by Cato during the last month. 
      
2. DISCLAIMER 
   Customer acknowledges that: (i) Cato does not represent or warrant detection of all Incidents; (ii) detected Incidents are often likely to be due to events that have been active for some time prior to detection and Incidents may occur during the time between infection and remediation, which may already have caused some damage to Customer, such as unauthorized actions, data loss or theft; and (iii) Cato shall not be liable for any Incidents or any damage caused in connection therewith, whether due to failure to detect, late detection or otherwise.

ILMM Services shall be subject to and governed by the following description: 

INTELLIGENT LAST-MILE MANAGEMENT SERVICES

Supplement Definitions. Capitalized terms used herein and not otherwise defined shall have the meaning ascribed to such terms in the Master Services Agreement (“MSA”).

“Case(s)” means a “Connectivity Case(s)” or a “Degradation Case(s)”.

“Case Update(s)” or “Updates” means any updates made by Cato to Customer through the Cato Support Portal on any unresolved Case, such as: responses received from the ISP, changes applied by the ISP, Case resolution, etc. 

“Connectivity Case(s)” means an Underlay Circuit experiences a complete loss of connectivity to the Internet for more than five (5) minutes.

“Degradation Case” means a connectivity quality degradation in an Underlay Circuit for packet loss exceeding 15% five times or more in a ten (10) minute period.

“Initial Case Report” means the initial report of a Case that Cato prepares and provides to the ISP on behalf of Customer using ISP’s designated method(s) of contact. 

“Socket(s)” means a Hardware device provided by Cato to Customer under the Order Form, which is used to connect Customer’s site to the Cato Cloud and monitor the internet connectivity provided by the ISP under the Intelligent Last-Mile Management Services.

“Underlay Circuit” means a single network access link of connectivity supported by Cato that is provided by a carrier or ISP. 

“Service Level Credit” for purposes of this Supplement, means the credits to be provided to Customer if Cato does not meet the time frame with respect to the Initial Case Report Submission Service Level as detailed below, which are calculated as a percentage of total fees paid by Customer for the ILMM Services for the Site(s) provisioned with ILMM and affected by a Connectivity Case during the month in which such time frame is not met.  Customer shall be entitled to a maximum of one Service Level Credit per affected Site per applicable month.

1. Intelligent Last-Mile Management Services
   1. Monitoring & Detection

Cato shall monitor for Cases on a continuous basis and analyze and validate Cases as reported by the Sockets. Customer will be notified of each Case via the Cato Support Portal. 

1. Initial Case Report

Cato shall provide to Customer a summary of the Initial Case Report, and the status of the communication with the relevant ISP in accordance with the Section 4 (Service Levels) described below. 

1. Cato Support Portal

Customer shall have access to information about Cases via the Cato Support Portal, which will serve as the main communication channel between Cato and Customer regarding Cases. Through the Cato Support Portal Customer may request additional information or Updates, to which Cato shall respond in accordance with the Section 4 (Service Levels) described below. 

1. Monthly Report

After the end of each calendar month, Cato shall provide Customer with a monthly report summarizing all Cases identified and recorded by Cato during such month. 

1. Letter of Authorization 
   1. Customer hereby appoints Cato to act on behalf of Customer with regard to services rendered or to be rendered by Customer’s various Internet Service Providers, (including, but not limited to, any provider of an Underlay Circuit) (collectively, the “ISP(s)”) during the Term, with respect to the following matters, including:  contacting the ISP to perform its obligations hereunder; requesting updates and support services from ISP; notifying ISP of internet connectivity problems; and opening support tickets; requesting service solutions in accordance with ISP’s contract with Customer.
   2. To enable Cato to provide the Intelligent Last-Mile Management Services, if required by the applicable ISP, Customer shall execute a Letter of Authorization (the “LOA”), in the form, an example of which is attached hereto as Schedule 1, or any other similar form as shall be required by the ISP(s), provided such LOA enables Cato to provide the Intelligent Last-Mile Management Services.   
   3. Upon execution of this ILMM Supplement: (i) Customer shall provide Cato with full and complete up to date communication details (e.g. phone, mail, website) of Customer’s contact person(s) with each ISP as well as any other information needed and reasonably requested by Cato in order for Cato to be able to provide the Intelligent Last-Mile Management  Services (such as: the process and method applied by the specific ISP in order to be able to open a support ticket with the relevant ISP) (the “Contact and Process Details”); (ii) If required by the ISP(s), Customer shall deliver the LOA to the ISP(s) as soon as reasonably possible after the execution of this ILMM Supplement and the applicable Order; and (iii) Customer shall assure that the applicable ISPs acknowledge that Cato is authorized to act on behalf of the Customer as contemplated and required under this Supplement and the applicable LOA.   
   4. The receipt and acceptance of the LOAs signed and executed by Customer, and by the ISPs if such approval and signature is required by the ISP, and receipt by Cato of the Contact and Process Details, must occur in order for Cato to be able to provide the Intelligent Last-Mile Management Services and obtaining such executed LOAs and Contact and Process Details is the sole responsibility of Customer. Any failure by Customer to notify the ISP(s), execute and deliver the LOAs, and have the ISPs acknowledge that Cato is an authorized representative of Customer shall excuse Cato’s performance of the Intelligent Last-Mile Management Services related to outreach and interaction with any such ISP, and Cato shall have no further obligation or liability hereunder, but in such case Customer’s obligations will continue hereunder.      
   5. The Intelligent Last-Mile Management Services are monitoring services, which are meant to assist Customer to locate when and where there is a problem with ISP service delivery, and to alert both Customer and ISPs of Cases, as well as to seek service support from ISPs on behalf of Customer. Cato does not provide internet services, and nothing herein shall be construed as an undertaking by Cato to provide internet services, which are the sole responsibility of the ISPs.
2. Service Levels. Cato shall perform the Intelligent Last-Mile Management Services in accordance with the Agreement, including the Service Levels stated below. Cato will provide Initial Case Reports for Cases via the Cato Support Portal in accordance with the timeline set forth below. If Cato does not meet the time frame with respect to the Initial Case Report Submission Service Level, Cato shall provide Customer with the Service Level Credits as calculated below in accordance with the Service Level Credit request process set forth in the Service Level Agreement. Customer’s aggregate total of Service Level Credit per affected Site per applicable month shall be no more than fifteen percent (15%) of the fees payable for such affected Site(s).

Cato will inform Customer if and when the Case has been fully remediated by the ISP and its status changed to closed.

5. Disclaimer

Customer acknowledges that: (i) Cato does not represent or warrant detection of all Cases; (ii) Cato shall not be liable for any damage or loss caused in connection therewith, whether due to failure to detect, late detection or otherwise; (iii) it is the ISPs’ sole responsibility to address and fix any Cases reported by Cato, and Cato shall not be held responsible for a.) any cases where the ISP fails to do so; or b.) if Cato is unable or delayed from reporting due to ISP’s notification systems malfunctioning, ISP has limited accessibility, or ISP does not transact business in English; (iv) Failure by Customer to comply with its obligations under the Supplement will prevent Cato from providing the ILMM Services contemplated hereunder; and (v) the ILMM Services shall not be available for satellite-based connectivity, wireless internet access (mobile broadband) or for radio communications.

Schedule 1

[Letterhead of Customer]

Date [__________________]  

To: [Please insert details of the ISP]

Re: Letter of Authorization to Cato Networks (“Cato”)

[________________________] (“Company”), hereby appoints Cato and its representatives who are engaged in the provision of Intelligent Last-Mile Management Services (i.e., circuits monitoring and management) (herein defined as “ILMM”) services, to act on behalf of the Company, with regard to services rendered or to be rendered by [________________________] (the “ISP”) including ISP’s support and maintenance services, and with respect to the following matters: contacting the ISP; requesting updates and support services from the ISP; notifying the ISP of internet connectivity problems; and opening support tickets. Cato does not have the authority to, and shall not, enter any new contractual arrangement with the ISP on Company’s behalf, or modify, supplement, terminate, extend or amend any existing contractual arrangement between Company and the ISP. 

The ILMM Services to be provided by Cato to Company are for monitoring services, which are meant to assist Company in locating when and where there is a problem with the ISP’s service delivery, and to alert both the ISP and Company of any connectivity problems, as well as to follow up with seeking service support from ISP on behalf of Company. 

   
This Letter of Authorization shall remain in full force and effect until notified otherwise by the Company in writing.  

____________________ 

____________________  

Name: ______________ 

Title:  _______________ 

NOCaaS Services shall be subject to and governed by the following supplement. To note, NOCaaS product includes the services of Hands Free management (in the following section)

NETWORK OPERATIONS CENTER AS A SERVICE SUPPLEMENT

1. Definitions. Capitalized terms used herein and not otherwise defined shall have the meaning ascribed to such terms in the Master Services Agreement (“Agreement”). 

“Case(s)” means an issue as detailed in NOCaaS Stories at https://nocaas.catonetworks.com/hc/en-us/articles/10112444143261. 

“Case Update(s)” or “Updates” means any updates made by Cato to Customer through the Cato Support Portal on any unresolved Case, such as: responses received from the ISP, changes applied by the ISP, Case resolution, etc.  

“Initial Case Report” means the initial report of a Case that Cato prepares and provides to the ISP on behalf of Customer using ISP’s designated method(s) of contact.  

“Socket(s)” means a Hardware device provided by Cato to Customer under the Order Form, which is being used to connect Customer’s site to the Cato Cloud and monitor the internet connectivity provided by the ISP under the NOCaaS Services. 

“Underlay Circuit” means a single network access link of connectivity supported by Cato that is provided by a carrier or ISP.  

“Service Level Credit” for purposes of this Supplement, means the credits to be provided to Customer if Cato does not meet the time frame with respect to the Initial Case Report Submission Service Level as detailed below, which are calculated as a percentage of total fees paid by Customer for the NOCaaS Services for the Site(s) provisioned with NOCaaS and affected by a Case during the month in which such time frame is not met. Customer’s aggregate total of Service Level Credit(s) per affected Site per applicable month shall be no more than fifteen percent (15%) of the fees payable for such affected Site(s).  

2. NOCaaS Services

2.1 Description. The NOCaaS Services include 24/7 monitoring of Sites for connectivity and health to the Cato Cloud based on signals and events collected from Cato’s platform, the ILMM Services (defined below), and working with customer to notify or remediate as detailed in the Cases. 

2.2 Account Onboarding. To enable Cato to begin providing the NOCaaS services, Customer and Cato will schedule a meeting on or after the service start date to exchange information. During the meeting Cato will request from the customer information about the customers global and site contact details, information about customers network, to understand which sites are higher priority than others (e.g. HQ, Data Centers, etc., where up to five sites can be specifically called out to be handled with higher priority (each, a “Priority Site”)), discuss Cato alert and other Cato configuration modifications required to run the NOCaaS Service (including a customer configurable API key).  

2.3 Account Review. As part of NOCaaS Services, Cato will review of Customer’s Cato account settings to determine any opportunities for improvement or potential issues. Cato will then provide recommended changes, and Cato and Customer may schedule a meeting to discuss this review and any recommended changes to the Cato account settings or configurations. Cato will perform this review with Customer regularly throughout the term of the NOCaaS Services. Any adoption and implementation in settings and/or configuration based on said recommendations and discussions shall be at Customer’s sole discretion and at its responsibility.  

2.4 When Cato identifies Cases, it will notify Customer and provide a response to Customer and status updates in accordance with the NOCaaS SLA below.  

2.5 Cato Support Portal. Customer shall have access to information about Cases via the Cato Support Portal, which will serve as the main communication channel between Cato and Customer regarding Cases. Through the Cato Support Portal Customer may request additional information or updates, to which Cato shall respond in accordance with the Section 4 (Service Levels) described below.  

2.6 Monthly Report. After the end of each calendar month during the applicable term of NOCaaS Services, Cato shall provide Customer with a monthly report summarizing NOCaaS ticket statistics including all Cases identified and recorded by Cato during such month.  

2.7 Exclusions. The NOCaaS service only includes monitoring and notification of the Cases and excludes anything not detailed in the NOCaaS stories or that is otherwise outside of the direct control of Cato, (e.g., customer LAN issues/wifi issues, VOIP systems management, etc. would be out of scope). 

2.8 NOCaaS Service Level Agreement (“SLA”) Table 

Definitions of Severity: 

Critical  - Multiple Sites or Priority Sites are down    

High  - A single Site other than Priority Site is down / Tunnel is flapping   

Low  - Low-priority issue / Informational /Service Degradation / Other performance issue    

3. Letter of Authorization

3.1 Customer hereby appoints Cato to act on behalf of Customer with regard to services rendered or to be rendered by Customer’s various Internet Service Providers, (including, but not limited to, any provider of an Underlay Circuit) (collectively, the “ISP(s)”) during the Term, with respect to the following matters, including:  contacting the ISP to perform its obligations hereunder; requesting updates and support services from ISP; notifying ISP of internet connectivity problems; and opening support tickets; requesting service solutions in accordance with ISP’s contract with Customer (collectively the “ILMM Services”).

3.2 The ILMM Services are monitoring services only, which are meant to assist Customer to locate when and where there is a problem with ISP service delivery, and to alert both Customer and ISPs of Cases, as well as to seek service support from ISPs on behalf of Customer. Cato does not provide internet services, and nothing herein shall be construed as an undertaking by Cato to provide internet services, which are the sole responsibility of the ISPs.  

3.3 As detailed in the Cases descriptions, to enable Cato to provide the ILMM Services if required by the applicable ISP, Customer shall execute a Letter of Authorization (the “LOA”), in the form, an example of which is attached hereto as Schedule 1, or any other similar form as shall be required by the ISP(s), provided such LOA enables Cato to provide the ILMM Services.   

3.5 Upon execution of this NOCaaS Supplement: (i) Customer shall provide Cato with full and complete up to date communication details (e.g. phone, mail, website) of Customer’s contact person(s) with each ISP as well as any other information needed and reasonably requested by Cato in order for Cato to be able to provide the NOCaaS  Services (such as: the process and method applied by the specific ISP in order to be able to open a support ticket with the relevant ISP) (the “Contact and Process Details”); (ii) If required by the ISP(s), Customer shall deliver the LOA to the ISP(s) as soon as reasonably possible after the execution of this Supplement and the Order Form; and (iii) Customer shall assure that the applicable ISPs acknowledge that Cato is authorized to act on behalf of the Customer as contemplated and required under this Supplement and the applicable LOA.     

3.6 The receipt and acceptance of the LOAs signed and executed by Customer, and by the ISPs if such approval and signature is required by the ISP, and receipt by Cato of the Contact and Process Details, must occur in order for Cato to be able to provide the ILMM Services that require the LOA and obtaining such executed LOAs and Contact and Process Details is the sole responsibility of Customer. Any failure by Customer to notify the ISP(s), execute and deliver the LOAs, and have the ISPs acknowledge that Cato is an authorized representative of Customer shall excuse Cato’s performance of the NOCaaS Services related to outreach and interaction with any such ISP, and Cato shall have no further obligation or liability hereunder, but in such case Customer’s obligations will continue hereunder. 

4. Disclaimer 

Customer acknowledges that: (i) Cato does not represent or warrant detection of all Cases; (ii) Cato shall not be liable for any damage or loss caused in connection therewith, whether due to failure to detect, late detection or otherwise as well as with regards to Customer’s decision to adopt or implement any recommendation; (iii) it is the ISPs’ sole responsibility to address and fix any Cases reported to it by Cato, and Cato shall not be held responsible for a.) any cases where the ISP fails to do so; or b.) if Cato is unable or delayed from reporting due to ISP’s notification systems malfunctioning, ISP has limited accessibility, or ISP does not transact business in English; (iv) Failure by Customer to comply with its obligations under the Supplement may prevent Cato from providing the NOCaaS Services contemplated hereunder; and (v) the NOCaaS Services shall not be available for satellite-based connectivity, wireless internet access (mobile broadband) or for radio communications. 

Schedule 1 

[Letterhead of Customer] 

Date [__________________]  

   To: [Please insert details of the ISP] 

Re: Letter of Authorization to Cato Networks, Inc. (“Cato”)  

[________________________] (“Company”), hereby appoints Cato Networks, Inc. and its representatives who are engaged in the provision of last mile monitoring services (i.e., circuits monitoring and management) (herein defined as “ILMM”) services, to act on behalf of the Company, with regard to services rendered or to be rendered by [________________________] (the “ISP”) including ISP’s support and maintenance services, and with respect to the following matters: contacting the ISP, requesting updates and support services from the ISP; notifying the ISP of internet connectivity problems; and opening support tickets. Cato does not have the authority to, and shall not, enter any new contractual arrangement with the ISP on Company’s behalf, or modify, supplement, terminate, extend, or amend any existing contractual arrangement between Company and the ISP. 

The ILMM Services to be provided by Cato to Company are for monitoring services, which are meant to assist Company in locating when and where there is a problem with the ISP’s service delivery, and to alert both the ISP and Company of any connectivity problems, as well as to follow up with seeking service support from ISP on behalf of Company. 

   
This Letter of Authorization shall remain in full force and effect until notified otherwise by the Company in writing.  

____________________ 

____________________  

Name: ______________ 

Title:  _______________

Hands Free Services shall be subject to and governed by the following:

HANDS-FREE SERVICE 
SUPPLEMENT

Supplement

1.1 The parties agree to the terms of the Hands-Free Service Proposal in connection with the Cato’s Hands-Free Service (“Hands Free Service”), and the terms of the applicable Order in relation to the Hands-Free Service;

1.2 The Service Level Agreement (“SLA”) for Cato Services provided to Customer according to the applicable Order shall remain in effect for the Cato Services, while the Hands-Free Service SLA attached hereto as Schedule 1 (the “Hands Free SLA”) shall apply to the Hands-Free Service;

1.3 Miscellaneous

1.4 Terms used herein and not otherwise defined shall have the meaning ascribed thereto in the MSA;

1.5 In any case of contradiction between the terms of this Supplement, the applicable Order and the MSA, as far as the Hands-Free Service is concerned, the terms of this Supplement shall prevail.

Schedule 1 – Hands-Free Service SLA;

Schedule 1

SLA OBJECTIVE

1. TERMS AND DEFINITIONS

For the purpose of this SLA, the terms in bold are defined as follows: 

“Advanced Configuration(s)” shall mean, any configuration, that excludes Customer Configurations, that in Cato’s sole discretion might interrupt the Service;  

“Cato Management Application” shall mean the Cato’s management application made available to Customer when an Account is enabled by Cato for Customer to access the Service, located at: https://cc2.catonetworks.com;

“Cato Networks Support Portal” shall mean Cato’s support interface, located at: https://support.catonetworks.com/; 

“Configuration(s)” shall mean Customer Configurations or Advanced Configurations;  

“Customer Configuration(s)” shall mean configurations, changes, and adjustments that may be performed as part of the operation and management of the Cato Solution, through Cato Management Application, based on Customer Request. Such configurations are those which are equally available to the Customer to perform them by themselves, should they choose to. Such may include change, add, delete, and/or move operations such as: 

• Setting, changing or removing networking, routing and security policies 
• Adjusting Quality-of Service polices
• Managing events and alerting policies
• Managing site and Account configurations 

“Customer Request(s)” shall mean a written request by Customer to Cato delivered through Cato Networks Support Portal, to perform Configurations;

“Third Party Devices” shall mean any devices, solutions, services and/or software that were not provided by Cato, as part of Cato’s Solution, such as Customer’s routers, firewall, servers, etc. 

2. SERVICE LEVELS

2.1 Customer may instruct Cato, through the Cato Networks Support Portal, to perform, on its behalf, Configurations. Cato shall only respond to Customer Requests;

2.2 Advanced Configurations shall only be performed upon prior agreed time schedule with the Customer. Cato shall not perform any Advanced Configurations, unless and until Customer shall provide final written approval as to the scope of such configuration and timing;

2.3 The response time for Customer Request will vary upon the degrees defined below: 

2.4 Customer Request must include any required details. It is the responsibility of Customer to provide Cato with any reasonable information required and asked by Cato, in order to perform the Configurations;

2.5 The Hands-Free Service only include actions taken as a response to a Customer Request and does not include any proactive Configurations and/or any initiatives from Cato side;

2.6 The Hands-Free Service excludes any Configurations, changes or any recommendations with respect to Third Party Devices;

2.7 Cato hereby disclaim any liability and/or responsibility with respect to any consequences to, or any effect on Third Party Devices, alone, and/or in combination with Cato Solution, and/or other Customer systems, as a result of any Configurations made by Cato under this Supplement;

2.8 Customer acknowledges that Cato does not represent that all Configurations can be made.

ATP (Advanced Threat Prevention) services shall include RBI (Remote Browser Isolation), TP (Threat Prevention) and Sandbox services. The RBI services therein shall be subject to and governed by the following: 

REMOTE BROWSING ISOLATION SERVICES 

SUPPLEMENT 

1. Definitions. Capitalized terms used herein and not otherwise defined shall have the meaning ascribed to such terms in the Master Services Agreement (“MSA”). 

2. RBI Services. The following terms and conditions will apply to Customer’s use of the RBI Services.  

• Customer, and/or its Authorized Users may provide Cato or its licensors with certain login and other account information for websites and web-based applications that Authorized Users will access through the RBI Service (“Account Access Information”). Authorized Users may only use the RBI Service to access accounts for which they are authorized by Customer to access and use. By providing Account Access Information, the account owner (whether Customer or its Authorized Users) permits Cato and its licensor to use (and, if elected, store) the Account Access Information on behalf of the account owner to perform logins and other access-related activities when so directed by Customer or its Authorized Users. The account owner can remove any Account Access Information stored with the RBI Service at any time. Customer’s relationship with each third party website is governed by the agreement Customer has with such third party website. Any risk of loss relating to the use of such third party websites remains entirely with the Customer.  
• Customer, and its Authorized Users, agree not to:  use the RBI Service or other than as authorized herein; resell, sublicense, or otherwise make the RBI Service available to any third party that is not an Authorized User; use the RBI Service to support any activity that is illegal or that violates the proprietary rights of others; Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by Cato or its licensor’s or any other third party (including another user) to protect the RBI Service; access the RBI Service for purposes of monitoring its performance or functionality;  authorize any third parties to do the above; Post, upload, publish, submit or transmit any text, graphics, images, software, music, audio, video, information or other material that: infringes, misappropriates or violates a third party’s intellectual property rights, or rights of publicity or privacy; violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; Use, display, mirror or frame the RBI Service, or any individual element within, Cato or its licensor’s name, any of Cato or its licensor’s trademark, logo or other proprietary information, or the layout and design of any page or form contained on a page, without Cato’s express written consent; Attempt to probe, scan, or test the vulnerability of any Cato or its licensor’s system or network or breach any security or authentication measures without prior written consent to do so; Attempt to access or search the RBI Service or download information or data from the RBI Service through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by Cato or its licensor or other generally available third party web browsers; Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the RBI Service; Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the RBI Service; Collect or store any personally identifiable information from other users of the RBI Service or any third party without their express permission;  
• Customer acknowledges that, without limiting other available remedies, after first providing notice to Customer and any of the following remain uncured after a reasonable time to do so, Cato or its licensor reserves the right to disable Customer’s account and suspend access to the RBI Service if Cato or its licensor determines that: someone other than an Authorized User is using (or attempting to use) Customer’s account; Customer or any of its Authorized Users use of the RBI Service disrupts, harms, or poses a security risk to the RBI Service or to any website or web-based application; or Customer is using the RBI Service in breach of this Supplement. In no event shall Cato or its licensor suspend access to the RBI Service without first notifying Customer of the nature of the problem and providing a reasonable period of time for Customer to take remedying actions.  
• Customer acknowledges that Cato or its licensor owns all right, title and interest in and to the RBI Service and any applicable application(s), including all worldwide intellectual property rights therein. This Agreement does not convey to Customer, or it’s Authorized Users, any proprietary interest in or to any Cato or its licensor’s intellectual property or rights of entitlement to the use thereof except as expressly set forth herein.  
• Customer acknowledges that Cato or its licensor will treat any feedback or suggestions provided by Customer, or its Authorized Users, to Cato or its licensor, regarding the RBI Service and any applicable application(s) as nonconfidential and non-proprietary.  Thus, in the absence of a written agreement with Cato or its licensor to the contrary, you agree that you will not submit to Cato or its licensor any information or ideas that you consider to be confidential or proprietary.  
• Customer acknowledges that, despite the security features of the RBI Service, no service can provide a completely secure mechanism of electronic transmission and that there are persons and entities that may attempt to breach Cato or its licensor’s security measures.  

If the Customer or its Authorized Users are US Federal Government Customers, the following terms apply:  

• Customer acknowledges that the RBI Service offerings are “commercial items” as that term is defined at FAR 2.101, and to the extent applicable to you, FAR 52.212-4 (e) (Definitions) are incorporated by reference. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Cato and its licensor(s) provides the RBI Service, including any related technical data and/or professional services in accordance with the following: If a right to access the RBI Service is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Cato or its licensor’s customers as such rights are described in this Section. If a right to access the RBI Service is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Cato or its licensor’s customers as such rights are described in this Section (U.S. Government Rights).  
• Customer acknowledges that DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Cato or its licensor(s) to an Executive Agency within the DoD. Except as expressly permitted in writing, by Cato or its licensor(s), no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Section must be separately agreed in writing with Cato or its licensor(s). This Section of these Customer Terms is in lieu of any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in computer software or technical data.

Gold and Premium Support packages shall be subject to the following:

GOLD SUPPORT PACKAGE SUPPLEMENT

In addition to the Cato commitments set forth in the Service Level Agreement as contained in the MSA between Cato and Customer (or, where applicable, Partner), Customer will also be entitled to the following as part of the Gold Support Package:

1. Gold Support Package

i. 24/7 access to an Advanced Support Engineer 
• Cato Support has three levels of Support Engineer. The Standard Support Engineer, Advanced Support Engineer, and the Senior Support Engineer. As part of the Gold Support Package, the Customer may request to have all their cases initially owned by an Advanced Support Engineer.

ii. Phone Support 24×365 
• Customer is entitled to contact Cato Support by phone to report issues, check on issue status, and initiate contact with support to discuss an issue. This is supported 24 hours a day, 365 days a year. All calls will be answered by the first available engineer regardless of level. Should a Standard Support Engineer answer a call, they will attempt to locate the issue owning engineer or the Customer can request to speak to/work with any Advanced Support Engineer for new issues or existing issues.

iii. Critical Initial Response Time and Status Updates 
• Upgrades SLA’s Level 1 – Critical Initial Response Time and Status Update times from the MSA’s 2 hour to 1 hour for both.

PLATINUM SUPPORT PACKAGE SUPPLEMENT

In addition to the Cato commitments set forth in the Service Level Agreement as contained in the MSA between Cato and Customer (or, where applicable, Partner), Customer will also be entitled to the following as part of the Platinum Support Package:

1. Platinum Support Package

i. 24/7 access to a Senior Support Engineer 
• Cato Support has three levels of Support Engineer: the Standard Support Engineer, Advanced Support Engineer, and the Senior Support Engineer. As part of the Platinum Support Package, the Customer is entitled to have all their cases handled by a Senior Support Engineer.

ii. Assigned to a Premium Support Manager (“PSM”) 
• Specific, assigned individual responsible for: 
• Oversight of support tickets and incidents 
• Onboarding of Customer to Cato Support 
• Technical focal point for Customer support issues 
• Escalation of Customer or Cato operational issues 
• Maintaining documentation on the Customer use cases and critical applications for support 
• Available for up to 8 hours per week in PSM’s specified time zone

iii. Phone Support 24×365 
• Customer is entitled to contact Cato Support by phone to report issues, check on issue status, and initiate contact with support to discuss an issue. This is supported 24 hours a day 365 days a year. All calls will be answered by the first available engineer regardless of level. Should a Support Engineer or Advanced Support engineer answer a call they will attempt to locate the issue owning Senior Support engineer or the customer can request to speak to/work with any Senior Support Engineer for new issues or existing issues.

iv. Priority Call Routing 
• Platinum calls will have highest routing among all customer calls.

v. Critical Initial Response Time and Status Updates 
• Upgrades SLA’s Level 1 – Critical Initial Response Time and Status Update times from the MSA’s 2 hour to 30 minutes for both.

Customer Success Engineer (“CSE) services shall be subject to and governed by the following:

CUSTOMER SUCCESS ENGINEER (“CSE”)

SUPPLEMENT 

1.Customer Success Engineer

(i) Cato shall provide the services in accordance with the MSA through a Customer Success Engineer that will be assigned by Cato (the “Customer Success Engineer” or “CSE”). 
(ii) The CSE is an engineer that has been provided information regarding the Customer’s objectives, business requirements and technology landscape and seeks to align the Customer’s usage, deployment and configuration of the Cato Solution to optimally achieve those objectives. The CSE is a proactive engineer that supplements the Customer team with deep Cato technical expertise. The CSE provides architectural guidance, proactively analyzes the Customer environment and provides technical recommendation, is aware of Customer needs and product usage, and plans and maps current and newly released functionality to those needs. 
(iii) Subject to the foregoing, the CSE will be available to support the Customer, in accordance with the terms set forth herein, and as set forth in the Schedule 1 to this Supplement, attached and made part hereof, during the Subscription Term. Weekly time allocations are non-cumulative and are provided as a “use-it-or-lose-it” service based on a 40 hour-workweek allocation percentage as described in Schedule 1. 
(iv) The CSE shall be available during Business Hours in accordance with the Customer Time Zone and based on normal business hours. 
(v) Cato agrees to make every commercially reasonable effort to provide the Customer with advance notice of any planned leave with at least two-weeks’ notice.

2. Miscellaneous

(i) Terms used herein and not otherwise defined shall have the meaning ascribed thereto in the MSA; 
(ii) Cato will provide the CSE services, on a remote basis, and on a mutually agreed upon schedule, in accordance with this Supplement and applicable Order. Cato is responsible for the provision of the CSE services in accordance with this Supplement and applicable Order, and Cato will control the method and manner of performing all work necessary for completion of the CSE Services. Cato will allocate the resource within 15 business days from the date of execution of the applicable Order. 
(iii) Customer will comply with the terms of this Supplement, the applicable Order, and the MSA. Customer will cooperate reasonably and in good faith with Cato in its provision of the CSE services by, without limitation: (a) providing Cato sufficient resources, knowledgeable employees, or staff of Customer; (b) timely access to accurate and complete Customer materials; (c) timely, accurate, and complete responses to inquiries or requests for feedback or information from Cato; (d) appointing a primary point of contact for Cato that can make authorized decisions on behalf of Customer; and (e) actively participating in scheduled project meetings with Cato. If Customer’s failure to comply with this Section prevents Cato from providing the CSE services, as determined by Cato in its sole discretion, Cato’s obligation to provide the CSE services will be excused until Customer remedies such failure and Cato will not be responsible for any delays resulting therefrom. 
(iv) CATO WILL PROVIDE THE CSE SERVICES IN FURTHERANCE OF THE PARTIES’ MUTUALLY AGREED OBJECTIVES, BUT DOES NOT GUARANTEE COMPLETION OF2 ANY SPECIFIC RESULT(S) NOR OFFER ANY WARRANTY THEREOF. THE SERVICES ARE PROVIDED TO CUSTOMER “AS IS.” THE CSE SERVICES DO NOT CONSTITUTE COMPLIANCE ADVICE OR GUIDANCE. 
(v) Each of the parties acknowledges and agrees that, except for the supplemental provisions specified above, the provisions of the Order Form and MSA remain in full force and effect. 
(vi) In any case of contradiction between the terms of this Supplement, the Order Form and the MSA, as far as the CSE is concerned, the terms of this Supplement shall prevail.

Schedule 1 – CSE Descriptions