Hurwitz Group Names Buffer Overflow Attacks as Significant Threat to Web Security; MEMCO's New SECURED for Internet Product Line Cited as Proactive Solution

Business Wire, Feb 3, 1999

REDWOOD CITY, Calif.--(BUSINESS WIRE)--Feb. 3, 1999--MEMCO Software, Inc. (Nasdaq: MEMCF), a leading provider of information security software, today announced the availability of a report issued by Hurwitz Group, a leading analyst firm specializing in strategic business applications, that explains the danger of buffer overflow attacks to Web security.

The report describes traditional and new approaches to preventing this favorite hacker technique that is growing in popularity with the expansion of the Internet. MEMCO's recently announced SECURED for Internet, a new class of "Intrusion Prevention" products, is named in the report as proactively stopping the problem of buffer overflow attacks.

The Hurwitz Group report entitled "The Buffer Overflow Problem," explores how corporate Internet servers have now become the most important line of communication with customers, partners and investors. With this increased connectivity, however, comes the real threat of criminal activity and exploitation due to unavoidable security holes and an increased knowledge of vulnerabilities on the part of hackers. Concrete examples of this security threat include the recently publicized attacks on corporate Web sites including the New York Times, the CIA and the Department of Justice. The Hurwitz report describes MEMCO's new SECURED product line with its patent-pending Stack Overflow Protection (STOP), and proven Dynamic Security Extension (DSX) technologies, as a "proactive" approach to preventing security attacks against the root or administrator account via buffer overflow. A complete copy of the Hurwitz report is available at www.memco.com.

"Buffer overflow will continue to be a security problem until all system vulnerabilities are revealed and solutions are put in place," said Steven Foote, senior vice president of Hurwitz Group Inc. "MEMCO offers a proactive solution that makes it significantly easier to protect Internet applications by locking down critical operating system and application resources, preventing both external and internal hacker attacks."

"With this report on buffer overflow, Hurwitz Group has exposed a serious obstacle for companies looking to adopt Internet technology for e-commerce and business-to-business communication," said Eli Singer, president of MEMCO software. "With SECURED for Internet, we have been able to neutralize buffer overflow attacks and place control back in the hands of our customers, enabling safe e-business."

MEMCO's new SECURED for Internet product line protects the content and availability of Web, email and firewall servers against hacker attacks. This product line features MEMCO's STOP technology. STOP is the only automated solution that protects against stack (or buffer) overflow attacks, a primary technique used by hackers to gain administrator authority and unrestricted access to server content and resources. With SECURED, companies are able to protect home pages from unauthorized modifications, prevent the hacking of Web scripts and Sendmail programs, and keep firewalls properly configured and running.

About Hurwitz Group

Hurwitz Group is the leading analyst and advisory firm focused on strategic business applications. The company provides IT organizations and solution providers with actionable information, objective research and pragmatic advice to guide information technology decisions and investments. Companies turn to Hurwitz Group for strategic guidance when buying, building, integrating, managing, and staffing business applications. Its services cover numerous areas including application development and integration, decision support, electronic business, enterprise resource planning, security strategies, component tools and architectures, and systems and applications management.

About MEMCO Software

MEMCO Software Ltd. (Nasdaq:MEMCF) is the supplier of choice for securing mission critical applications and providing enterprise-wide security for distributed computing environments. MEMCO's flagship software product, SeOS (Security for Open Systems), provides access control security for Unix and Windows NT servers. MEMCO's new SECURED for Internet product line protects the availability and content of Web, email and firewall servers. MEMCO addresses the single sign-on market with its Proxima product suite, which automates user logins and centralizes user account management. MEMCO also offers the award winning SessionWall-3 network surveillance, intrusion detection and response software. The company's customers include leaders in finance, telecommunications and other industries where information security is critical. MEMCO successfully partners with many of the world's largest software companies, systems integrators and value-added resellers, including a strategic OEM relationship with Tivoli Systems, Inc., an IBM company. In August 1998, MEMCO Software signed a definitive agreement to be acquired by PLATINUM technology International, inc. (Nasdaq:PLAT). For more information, please visit the company's Web site at site at www.memco.com.