Internet Security Systems provides protection against security vulnerability in Microsoft Internet Explorer

Business Wire, March 5, 1997

ATLANTA--(BUSINESS WIRE)--March 5, 1997--

-- Automated Security Assessment Is Critical

To Eliminating Security Threat --

Internet Security Systems, Inc. (ISS), the leader in network security assessment tools, has announced an immediate solution to the security vulnerability recently discovered in Version 3.0 of Internet Explorer, the Web browser from Microsoft.

To help combat this problem and enable organizations to take quick, corrective action, ISS has identified two important solutions for assessing the security threat for organizations' using Internet Explorer.

This serious security vulnerability, if exploited, could allow a malicious Web site administrator to alter files on a browser's computer. In response to the awareness of this major security hole, Microsoft has announced the immediate availability of a "software patch" to correct the problem. However, with a significantly large installed base, it will take time for all users of Internet Explorer 3.0 to upgrade.

"An important issue for IS management as they deal with this problem will be to not only have the capability to detect an attack during this critical time period but, to also identify who on their network is using a known vulnerable version of Internet Explorer," said Christopher Klaus, CEO and founder of ISS.

"These kinds of security problems will continue to appear with new technology being deployed on the network, and the only long term solution is to have the tools for assessment and monitoring to quickly identify these vulnerabilities as they become known and swiftly take corrective action."

To protect organizations from potential security breaches caused by this vulnerability, ISS has made immediately available a new version of RealSecure(TM) (Version 1.1), a real-time, network-based, attack recognition tool. This new version will enable network professionals to detect in real-time when a Web site attempts to exploit this vulnerability and respond in real-time to the attack by performing a user-definable response ranging from logging the session to terminating the attack.

In addition to constant monitoring of networks for unauthorized activity, it is crucial that network professionals totally eliminate the security threat by identifying users that have not downloaded the upgrade. To help determine whether or not a user is still vulnerable, ISS has integrated the capability of proactively testing a network to detect which machines have a vulnerable version of Internet Explorer in the next version of its award-winning Internet Scanner(TM).

Availability

The new version of RealSecure, is available now for free evaluation on Internet Security System's Web site (www.iss.net). The new version of Internet Scanner will be available in April.

About Internet Security Systems

Internet Security Systems, Inc., (ISS) is the pioneer and leading supplier of network security assessment tools, providing comprehensive and innovative auditing, monitoring, and response software. The Atlanta-based company's flagship product, Internet Scanner, is the leading commercial attack simulation and security auditing tool used to facilitate continuous network security improvement in corporations, financial institutions, and government agencies worldwide. ISS SAFEsuite(TM) product portfolio provides a comprehensive security framework specifically designed to identify various network security issues that could adversely affect Web, firewall, and Internet security. For more information about ISS and its portfolio of Internet security products, contact the company at (800) 776-2362 or visit the ISS Web site at http://www.iss.net . -0-

Internet Security Systems, Inc., Internet Scanner, and RealSecure are trademarks of Internet Security Systems, Inc.

All other products and companies mentioned are trademarks of their respective companies.

CONTACT: Internet Security Systems Inc., Atlanta

Michele Weakley Norwood

770/395-0150, ext. 142

Internet: mnorwood@iss.net

or

Network Associates, Provo, Utah

Amy Neuberger, 801/373-7888

Internet: amyn@netassoc.com