SOURCE: Citadel Security Software

June 06, 2005 08:00 ET

Citadel Security Software Announces Hercules 4.0 With Fully Integrated Security Policy Compliance and Vulnerability Management

Hercules Compliance Manager and Remediation Manager Components Meet Requirements of Both Security and IT Operations for Reducing IT Security Risks

DALLAS, TX -- (MARKET WIRE) -- June 6, 2005 -- Citadel Security Software Inc. (NASDAQ: CDSS), a leader in enterprise vulnerability management and security policy compliance solutions, today announced the general availability of Hercules 4.0, with significant new enhancements that help organizations manage security compliance audits, risk assessments, automated vulnerability remediation and endpoint security. Citadel continues to expand the Hercules product with two new offerings, Hercules Compliance Manager, a solution for auditing and reporting security policy compliance, and Hercules Remediation Manager, a flexible, automated solution for managing vulnerability remediation and enforcing security policies.

"Organizations looking to implement security configuration audit and policy compliance to address regulatory requirements such as Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley, as well as looking to improve their security posture, should evaluate vendors offering security configuration and vulnerability management functions," said Amrit Williams, Research Director, Gartner, Inc.

With these new offerings, Hercules 4.0 is the first solution that facilitates cooperative interaction across organizational boundaries to assess security policy compliance, perform automated vulnerability remediation and enforce security policies through a common platform and user interface. Hercules 4.0 is available as a comprehensive suite or in flexible, modular components to suit users' business needs. Additionally, Citadel's unique Security-On-Demand pricing model allows users to pay for compliance audits and remediation actions as they are performed, further minimizing upfront expenditures.

Hercules 4.0 New Features

--  Hercules Compliance Manager audits compliance against security
    policies and configuration baselines, enabling security managers to assess
    the state of their networks from a single console. Compliance Manager
    includes pre-configured policies for Sarbanes-Oxley, HIPAA, FISMA, SANS Top
    20, DISA, NSA, and other security configuration guidelines and allows
    organizations the flexibility to create and manage their own internal
    security policies and guidelines. In addition, enterprise-class reports
    deliver executive level information to assess current security compliance
    status and risk analysis. Compliance Manager is fully integrated with
    Hercules Remediation Manager to provide automated enforcement and
    remediation of non-compliant systems.
--  Hercules Remediation Manager manages and automates the remediation
    process for vulnerabilities identified using Hercules Compliance Manager or
    vulnerabilities detected by industry-leading vulnerability assessment
    tools. Remediation Manager aggregates vulnerability data from these
    disparate sources, and provides a streamlined workflow for reviewing,
    prioritizing, scheduling automated remediations, and reporting on
    remediation activities. Remediation Manager includes the world's largest
    library of 23,000 tested remediation actions that resolve vulnerabilities
    related to unsecured accounts, unnecessary services, backdoors, unsecured
    configurations and missing patches.
--  Hercules Visual Security Dashboard provides a collection of visual
    instrument displays to help users monitor their overall security policy
    compliance and remediation status.  Each instrument display provides the
    ability to drill down to the next layer of detail which enables the
    appropriate personnel to review or take action based upon the current
    status. Users can customize the Visual Security Dashboard to personalize
    the information presented.
--  Hercules AssetGuard Risk Analysis performs inventory and risk
    assessment. It collects and stores intelligence about the hardware,
    software and services running on network devices and prioritizes key assets
    for scheduling compliance validation or remediation. AssetGuard identifies
    high-risk devices based on three criteria: the technical asset rating, the
    vulnerability rating and its relative impact on business operations. With
    this detailed risk analysis, AssetGuard can improve productivity by helping
    organizations to focus efforts on the most critical devices that need
    remediation or configuration changes to meet IT policies and regulations.
--  Hercules Enterprise Reporting enables enterprise customers to
    aggregate data from multiple Hercules servers into a single data repository
    and provides enterprise-level reporting. Reports can be scheduled on
    recurring intervals and delivered via email to key stakeholders within an
    organization. Hercules 4.0 also includes a well-defined reporting schema to
    allow customers to create custom reports using any standard ODBC compliant
    reporting package.
--  Enhanced Endpoint Security gives customers a choice on the technology
    that they employ for managing admission to their network. Customers have
    the ability to select Citadel's ConnectGuard endpoint security or Cisco
    Network Admission Control (NAC) framework.  Hercules 4.0 provides a new
    user-defined network access policy that allows administrators to set
    minimum requirements for network admission such as anti-virus requirements,
    minimum patch levels and security configurations. Hercules 4.0 has also
    achieved Cisco NAC certification.
--  Security-On-Demand is an innovative, usage-based pricing model that
    allows customers to deploy the full Hercules offering and pay for the
    number of remediation or compliance audits performed.
"With extensive experience securing the world's largest government and commercial networks, Citadel understands the scope, scale and urgency of threats that organizations of all sizes face every day," said Steve Solomon, CEO of Citadel Security Software. "In Hercules 4.0, we are delivering a policy-based solution that bridges the gap between security and operations professionals, making it possible to assess an organization's security posture, take steps to mitigate risk and enforce compliance, and verify and report on IT security and policy status. By delivering the first true pay-as-you-go pricing model, Citadel continues to be a pioneer in the security software industry. With our Security-On-Demand offering, customers now benefit from the use of the full suite of the Hercules solution while only paying for the security compliance, enforcement and remediation actions that Hercules performs."

Pricing and Availability

Hercules 4.0 is available now direct from Citadel and will be available through Citadel's network of Secure Channel Partners consisting of regional and national security services providers who resell security products to complement their existing security, networking and consulting services. Customers may choose from several pricing options to suit their business needs:

--  Security-On-Demand. Under this plan, customers will be billed for each
    compliance audit, enforcement action or vulnerability remediation
    conducted. This provides a fast and easy way for organizations of all sizes
    to initiate a process for ensuring compliance and securing their networks.
--  Subscription. One, two or three year subscriptions are available,
    giving companies the confidence of a proven solution with predictable
--  Perpetual licensing. Available for enterprise-wide deployments, this
    plan is most attractive to organizations with large numbers of devices that
    require compliance audits and remediations.

Citadel also offers architectural design, planning and implementation, training and long-term technical and customer support.

About Citadel

Citadel Security Software (NASDAQ: CDSS) delivers security solutions that enable organizations to manage risk, reduce threats and enforce compliance with security policies and regulations. Citadel's proven architecture provides a business process to manage the increasing volume, frequency and complexity of cyber security attacks. Citadel combines the world's largest active library of remediations spanning all classes of vulnerabilities with a proven delivery methodology to dramatically streamline vulnerability management and security compliance and provide ROI from the first use. For more information, visit or contact the company at (214) 520-9292.

Safe Harbor/Forward-looking Statements:

This press release may contain forward-looking statements that are intended to be subject to the safe harbor protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: the economic and geopolitical environment; changes in the information technology spending trends; the uncertainty of funding of government and corporate information technology security projects; the variability of the product sales cycle, including longer sales cycles for government and large commercial contracts; the uncertainty that the company's prospective deals will result in final contracts; the potential changes in the buying decision makers during a customer purchasing cycle; the complexities in scope and timing for finalization of contracts; the fluctuations in product delivery schedules; a lack of Citadel operating history; uncertainty of product development and acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; the effects of inflation; changes in laws and regulations; changes in the company's business plans, including shifts to new pricing models that may cause delays in licenses; interest rates and the availability of financing; liability, legal and other claims asserted against the company; labor disputes; the company's ability to attract and retain qualified personnel; and adjustments to the amounts presented in the unaudited financial tables as a result of the completion of the audit process. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2004 and the company's Quarterly Report on Form 10-Q for the quarter ended March 31, 2005. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results.

Editors Note: Citadel is a trademark and Hercules® is a registered trademark of Citadel Security Software

Contact Information