Morphisec is pleased to offer You its professional services, subject to the terms of this Professional Services Agreement (the “Agreement”).

Morphisec” means the contracting entity hereunder, which: (a) if Customer at the time of purchase is located or established (if Customer is a corporation) in North America, shall be Morphisec Inc.; and otherwise, shall be Morphisec Information Security 2014 Ltd.;

Client” (or “You”) means the person and/or the legal entity who is being provided with Services under this Agreement;

Sales Order” means an order placed by Client to Morphisec (or, if Client purchases the solution from an authorized partner, an order placed by Client to an authorized partner) for the Services pursuant to this Agreement.

  1. Services. Morphisec offers the professional services specified in Annex A of this Agreement (the “Services”; the distinct Services provided to the Client shall be those elected to be received by the Client, as indicated in the applicable Sales Order). 
  1. Fees; Payment Terms. Morphisec shall invoice the Client for Services in accordance with the payment schedule and fee amounts specified in the Sales Order. All payments are non-cancelable and non-refundable (other than in the event of termination by the Client due to Morphisec material breach). Unless specified otherwise in the Sales Order, invoices are due within 30 days of the invoice date. Any taxes in connection with such payments, other than those imposed on Morphisec’s net income, shall be borne exclusively by the Client.
  1. Deliverables. Each Service shall include the applicable deliverables specified in Annex A (if any). In the case such deliverables include reports, each such report shall be in scope and length determined by Morphisec. The reports provided by Morphisec are solely for the Client’s internal use and benefit, and are not intended to, nor may they be relied upon by, any third party. Further, the Client may not distribute, discuss, or otherwise disclose such reports outside its organization, and Morphisec shall have no liability to any third party with respect to any reports provided by Morphisec to the Client.

    As between the parties, all reports provided by Morphisec, and all rights therein, are and shall remain in Morphisec’s exclusive ownership, provided that, as between the parties, all logs, data, and information regarding the Client’s organization, systems, machines, and networks provided or made available by the Client and reflected in the report shall remain in the Client’s exclusive ownership. Morphisec provides the Client the right, unlimited in time, to use the report internally within its organization, and the Client provides Morphisec the right, unlimited in time, to use any logs, data, and information received by or made available to Morphisec hereunder, provided Morphisec’s use (other than in the report to the Client) is in anonymized aggregated (with other data, logs, and information) manner alone.

  1. Morphisec Software. Morphisec may deem it advisable, inclusive of in the provision of Services that are not preconditioned upon the Client having a Morphisec software license or subscription, to temporarily install and run the Morphisec software on certain of the Client’s systems, machines, and networks. In such case, the Client shall allow Morphisec to install and run the Morphisec software as required by Morphisec (free of additional charge to the Client). Any use by the Client of the Morphisec software in such case shall be solely as permitted by Morphisec, and solely for the period deemed required by Morphisec for the provision of the Services, and subject to the then applicable standard Morphisec terms and agreements applying to the use of Morphisec software, which can be found at: https://www.morphisec.com/subscription-agreement (except that the software shall be granted absent any warranties). For the avoidance of doubt, no rights in any intellectual property whatsoever underlying the Morphisec Software are provided hereunder.
  1. Confidentiality. Each receiving party shall take no less than reasonable measures to ensure that all Confidential Information (as defined below) of a disclosing party that is provided or made available to the receiving party by virtue of this Agreement is kept in confidence, and is used solely as permitted in this Agreement. “Confidential Information” (a) of the Client, means any logs, data, and information provided to Morphisec in the course of the provision of the Services, and (b) of Morphisec, means any reports provided to the Client, as well as the terms of this Agreement and information regarding Morphisec’s provision of the Services. Confidential Information shall not however include information (i) publicly available at the time of disclosure or that thereafter becomes publicly available through no fault of receiving party; (ii) already in receiving party’s possession at the time of disclosure; (iii) provided to receiving party by a third party without breach of confidentiality obligation to disclosing party. Receiving party may further furnish any portion of the Confidential Information as legally required to be furnished by it in order to comply with an order of a court or governmental authority of competent jurisdiction.
  1. Client’s Obligations. The provision of the Services by Morphisec relies on the Client meeting the following requirements, as well as other obligations of the Client in this Agreement:
  • Provision of all logs, data, and information, as well as access to the Client systems, machines, and networks required by Morphisec for the provision of the Services (the Client shall be responsible to attain all consents required for the provision of such logs, data, information, and access).
  • Provision of reasonable access to, and reasonable availability of, requisite personnel in the Client’s organization related to the Services to meet and discuss the Services with Morphisec.
  • Where services require a Morphisec software license or subscription, the Client shall further be responsible for purchasing an adequate license or subscription which remains in effect for the duration of the Services. For the avoidance of doubt, the Services do not include deployment, use, or access to the Morphisec software after the Services have been concluded (or during the Services term other than as explicitly specified herein), and any such deployment use or access is subject to the purchase by Client of an adequate Morphisec software license or subscription.
Morphisec shall not be liable, nor considered to be in breach, for any failure to provide the Services due to the Client not meeting any of its obligations in this Agreement.
  1. Services Warranty; Advisory Nature of Services. Morphisec shall provide the Services in a workmanlike and professional manner, and utilize its commercially reasonable efforts to complete all deliverables of the Service within the maximal service hour amounts for such Service if applicable (as specified in Annex A). Morphisec shall assign types of personnel (researcher, consultant, etc.) as assessed by Morphisec to be required to adequality perform the specific Service (or the applicable task of such Services). The Client acknowledges that Morphisec acts in an advisory capacity, and is not responsible for any management decisions of the Client on the basis of its input or recommendations (it is the Client’s role alone to decide whether or not to act upon the recommendations provided by Morphisec and in what manner).

Any findings or recommendations provided by Morphisec are based on its own experience and professional understanding of the review it has conducted, but it cannot assure that any findings or recommendations will fit any purpose or comply with any standard. The Client further understands that Morphisec cannot and will not detect all cyber-attacks or find all other intelligence findings that apply to the Client. Morphisec does not provide any representation or warranty with respect to the success of the Service, the prevention of any adverse consequences, the detection of “cyber” events or information, or any remediation, and the Client expressly waives any claim arising therefrom or related thereto, to the fullest extent permitted by applicable law. Other than with respect to willful misconduct, Morphisec’s liability hereunder shall be limited to direct damages capped at the amounts actually paid to Morphisec for the Services.

  1. Timeframes. All the timeframes for completion of any deliverables hereunder are estimated timeframes alone, used for planning purposes, and depending on circumstances, may need to be adjusted. Such timeframes are further subject to the Client’s compliance with any of its obligations hereunder in a prompt manner. For the avoidance of doubt, where services are specified to be available only during a certain period and subject to the Client’s utilization of such Services, the Services shall only be available for the specified period, and payment is due even if the Services have not been utilized by the Client. Neither party shall be liable for any delay in performance or any nonperformance (except a failure to meet any payment obligation), if such is caused by, or if performance is rendered impracticable due to, the occurrence of any event, contingency, or condition beyond a party’s reasonable control.
  1. Early termination. Either party may terminate this Agreement and the Services hereunder in the event of a breach of any obligations hereunder by the other party, by providing a written notice of termination which shall be effective within 14 days of the receipt of such notice, provided the applicable breach is not cured within the foregoing notice period (to the extent curable). Provisions of this Agreement that by their nature are intended to survive termination or expiration, including without limitation the provisions of Sections 4, 6, 7, and 10-11 shall survive the termination or expiration of this Agreement.
  1. Notices. Any notice provided hereunder shall be provided either by hand delivery, registered mail, courier, or e-mail (a) if to the Client, to the address or e-mail address specified on page 1, or (b) if to Morphisec, to the following address if Morphisec, Inc. is the engaging entity: 303 Wyman Street, STE 300 Waltham, MA 02451, or the following address if Morphisec Information Security 2014 Ltd. is the engaging entity: 77, Haenergia St. Gav Yam Park Bldg. 1, Beer-Sheva, Israel 8470912, or in either case to the following e-mail: morphisec-ps@morphisec.com (or to an alternate address designated in writing for such purpose by the party receiving correspondence). Any notice shall be deemed received upon the earlier of (i) the date of actual receipt, (ii) the same business day (in the local of the offices of the party receiving the correspondence) if sent by e-mail, provided a non-transmittal notice was not received thereafter by the sender, or on the seventh business day (in the local of the offices of the party receiving the correspondence) thereafter for all other methods of delivery.
  1. General. This Agreement constitutes the entire understanding between the parties regarding its subject matter, and may not be amended or modified, except by the written consent of both parties. No failure or delay on the part of any party hereto in exercising any right, power or remedy hereunder shall be deemed as a waiver thereof. Any provision contained herein which is held to be invalid, void or illegal by a court of competent jurisdiction, shall be deemed severable from the remainder thereof, and shall in no way affect, impair or invalidate any other provision therein contained. This Agreement may not be assigned by either party absent the other’s written consent, except that either party may freely assign this Agreement to a successor in interest by way of merger or acquisition of all or substantially all of such party’s applicable assets. This Agreement shall be governed by the laws of the State of Israel, excluding its conflict of law rules, and the courts of Tel-Aviv-Jaffa shall have exclusive jurisdiction over all matters arising out of or relating to this Agreement (regardless of whether such are based on tort, contract, or otherwise).

Morphisec is pleased to have the opportunity to provide You with professional services, and thank you for your confidence in Morphisec’s services!

Annex A – Description of Services 

Type of Service

Scope of Work

Deliverables

Deployment & On-Boarding

 

Morphisec Deployment & On-boarding Service provides the Client with assisted deployment according to our latest best practices which is handled by our team of professional delivery engineers.

In addition, the onboarding stage provides detailed training necessary to install, use, administer and integrate Morphisec’s system according to the Client environment. Morphisec will provide the Client with a detailed work plan document that outlines the agreed objectives of the deployment according to the planning phase set by the customer and Morphisec Delivery Team. 

Morphisec Deployment & On-boarding Service normally is executed only once at the initial deployment phase, however, in case required again, like in case of product sold expansions or deploying into a new site managed by another team, these services can be re-purchased.  

  • Detailed Installation training of each OS platform protected. 
  • Product training & console walkthrough.
  • System configuration according to best industry practices. 
  • Detailed work plan for the deployment and onboarding. 
  • Regular deployment follow-up check-in, according to cadence and timeline agreed on. 
  • Assisted integration with customer third-party systems supported by Morphisec.

Technical Account Manager (TAM)

Morphisec Technical Account Manager (“TAM”) service is to assign you with a team of Morphisec experts, for the purposes of managing the Morphisec solution and maximizing the value you get from the product. The TAM is also acting as your point of contact for technical needs, extending the support service, escalation point of contact and as a bridge to product management for enhancements or roadmap questions.

  • Quarterly system health checks & reports. The TAM will go over all the system configurations to make sure they work according to our latest best practices. Every quarter, the TAM will deliver to you a set of reports that include recommendations on changes required, over a scheduled meeting, or offline if you choose to.  
  • Beta Programs & Roadmap webinar invites. The TAM will proactively contact you for participation in our latest technologies as a beta customer and support you through the beta stage. Also, invite you to our webinars, send you the recordings of webinars you could not attend, and be available to answer questions you may have following the webinars  
  • Deep Dark Web scanning. The TAM Assisted by Morphisec threat intelligence lab researchers will scan the deep dark web for intelligence about your organizational assets and provides you with targeted and actionable threat intelligence. With Morphisec Insights, you can mitigate threats in advance, prevent incidents and minimize your attack surface. Morphisec will provide you with the information upon finding, and on a quarterly basis report.  
  • New feature updates and training. The TAM will keep you updated with every new product feature which is being released and provide you with a short training session on it.  
  • Ad-hoc training needs. The dedicated TAM can cover ad-hoc training needs such as ramping up new employees coming to the team or extending the solution onto a new site to be handled by a separate admin team.  
  • Proactive support ticket creation. Following a system health check, if a problem is found that requires our R&D/Support engineering team’s attention, the dedicated TAM will become an extension of your team and will follow up with creating and managing the support ticket on your behalf providing you with the visibility needed along the way.  

Incident Response Service

Morphisec Incident response services are to assist organizations in dealing with critical incidents and use the expertise of Morphisec’s Security Researchers to quickly contain the incident and help identify the root cause of the issue and suggest corrective actions.  

Upon your prompt request to engage IR, our team will respond to you within 3 hours, and start the reconnaissance stage with your team members dedicated to this work. 

If suspicion of malicious activity is confirmed, the team will inspire to mitigate the impact of the activity and isolate its further ability to operate/spread in the environment. 

  • Morphisec IR specialists will help the customer deal with cyber-incidents that affect the continuity of businesses and provide forensics services to understand the gaps which led to the incident.
  • Identify and document the IOCs, vulnerabilities, and CnC connections. 
  • Identify the root cause of the issues and list the containment measures (subjective to the availability of the necessary information/ supporting). 
  • Provide a report recommending necessary corrective actions.
  • Assist the Client to build a plan and in to manage the incident recovery and restoration of its systems.