Citadel Responds to Latest Cyber Theft Events With New Security Service to Protect Computer Networks

Market Wire, June, 2005

In response to the recent series of major computer system breaches, Citadel Security Software Inc. (NASDAQ: CDSS), a leader in enterprise vulnerability management and policy enforcement solutions, has increased its efforts to educate public, private and academic organizations about network security best practices. Today Citadel introduced a daily security news service that provides up-to-the-minute threat alerts, recommended actions to thwart attacks, and headline news in a radio-style broadcast. This free subscription service enables network security professionals to stay abreast of new vulnerabilities and quickly develop plans to mitigate risk and maintain security compliance.

Because of the serious and ongoing nature of security breaches at some of the country's leading businesses, Citadel decided to offer its "Citadel 2 Minute Warning - A Daily Security Briefing" free to customers and non-customers alike. By doing so, Citadel aims to build awareness of the ever-widening range of exploitable vulnerabilities, promote the aggressive implementation of security measures, and minimize the damage caused by security exploits. In addition, Citadel customers can proactively remove any vulnerabilities before they are exploited using the company's award-winning Hercules automated vulnerability remediation solution.

"When I testified before a Congressional panel a year ago, I warned that the dangerous state of exploitable vulnerabilities in computer systems presented serious risks to the U.S. economy and even our way of life," said Steve Solomon, CEO of Citadel Security Software. "The technology sector is responding to this danger with tools that have proven to be successful in protecting networks from the constant onslaught of security threats. This country and its leaders must act with urgency to invest in security measures that will defend our nation's critical infrastructures."

While progress has been made in the government and private sectors, the recent string of significant breaches demonstrates there is more to be done -- and quickly -- to prevent attacks that may threaten economic stability and national security. The latest breach announced by MasterCard International at its credit card processing provider, CardSystems Solutions, Inc., underscores the importance of enforcing minimum security requirements for participating companies throughout the credit card industry supply chain. This step would "operationalize" information security as a routine business process and improve compliance with current statutory and regulatory requirements for security and privacy.

"Improving the cyber security profile of this nation must be a collaborative effort among public, private and academic sectors that are entrusted with personal information and other sensitive data," said Bob Dix, Citadel Vice President and former Staff Director of the House Government Reform Subcommittee on Technology during the 108th Congress. "Awareness through education is the first step in the development of a consistent and repeatable process for security compliance. We also need incentives that recognize the proactive efforts organizations are taking to protect networks against security threats and exploits."

"The recent highly publicized exploits, including the breach announced by MasterCard at its third-party credit card processing provider, is a manifestation of our nation's unprotected infrastructure resulting from the lack of investment in proactive technology to not only identify and respond to threats but to automate the removal of known vulnerabilities," said James C Foster, Deputy Director of Global Security Solutions for CSC and author of the best-selling book, "Buffer Overflow Attacks." "Companies need to implement technologies that not only create but enforce comprehensive security compliance policies to eliminate vulnerabilities from their networks before events like this occur."

About Citadel's 2 Minute Warning - A Daily Security Briefing

Citadel's 2 Minute Warning is an enhanced service offering that leverages Citadel's vast library of 23,000 remedies to known system vulnerabilities. These remedies, when applied in a timely manner, strengthen the security posture of an organization's network. Citadel's V-Flash Team of security analysts and remediation experts fuel the daily briefings with around-the-clock research to alert subscribers to their current threat exposure, identify new exploits, worms and viruses, and recommend specific security measures to prevent attacks.

Citadel's 2 Minute Warning is composed of five major sections:

1) Security In The News provides the top security news stories, updates and editorials describing how vulnerabilities may affect subscribers and ways to protect their networks.

2) The Internet Alert Regulator averages all Internet alert monitoring systems to provide an accurate daily alert status based on four levels: Low / Normal, Medium, High and Extreme.

3) The Internet Traffic Report gives up-to-date global Internet traffic numbers for Asia, Australia, Europe, South America and North America, as well as the overall global rating.