SOURCE: Citadel Security Software

August 17, 2005 06:00 ET

Citadel's 2 Minute Warning Provides Early Defense Intelligence Against Worms and Other Cyber Security Threats

Free Daily Security News Service Alerted Subscribers to Current Threat and Recommended Steps to Defend Networks Nearly One Week Before Companies Were Hit

DALLAS, TX -- (MARKET WIRE) -- August 17, 2005 -- In response to the recent series of major computer system attacks due to the Zotob worm and its variants, Citadel Security Software Inc. (NASDAQ: CDSS), a leader in enterprise vulnerability management and policy enforcement solutions, has stepped up its efforts to educate companies about ways to adopt proactive measures that will protect their networks against known computer system vulnerabilities. On August 10, 2005, Citadel's "2 Minute Warning - A Daily Security Briefing" first reported a critical vulnerability in Microsoft operating systems and has repeatedly warned subscribers of the potential of a worm to be launched to exploit these vulnerabilities. In addition, the 2 Minute Warning provided detailed steps to remove the vulnerabilities from targeted computer systems and has reported on developments relating to this threat throughout the week.

These recent attacks are further evidence of the speed at which computer system vulnerabilities are being exploited. On August 9, 2005, Microsoft alerted their customers to vulnerabilities in their operating systems. Within two days the first exploit was identified and within five days the first worm was detected "in the wild" exploiting these previously identified vulnerabilities. To date, approximately seven variations of this worm have been identified and more variations are expected.

"This rapid release of malicious code is made possible by scores of automated tools that aid in the research, development and testing of vulnerability exploits as well as the plethora of freely downloadable source code for bots," said Carl Banzhof, Chief Technology Officer at Citadel Security Software. "To combat these exploits, organizations must have the intelligence and automated tools to eliminate vulnerabilities before attacks occur. As evidenced by this week's attacks, companies no longer have the benefit of time to respond to such threats before they are exploited."

Citadel's 2 Minute Warning is a daily security news service that provides up-to-the-minute threat alerts, recommended actions to thwart attacks, and headline news in a radio-style broadcast. This free subscription service enables management and security professionals to stay abreast of new vulnerabilities and quickly develop plans to mitigate risk and maintain security compliance.

Because of the serious and ongoing nature of security breaches at some of the country's leading businesses, Citadel decided to offer its 2 Minute Warning free to customers and non-customers alike. By doing so, Citadel aims to build awareness of the ever-widening range of exploitable vulnerabilities, promote the aggressive implementation of security measures, and minimize the damage caused by security exploits. In addition, Citadel customers can proactively remove any vulnerabilities before they are exploited using the company's award-winning Hercules automated vulnerability remediation solution.

"This latest attack is yet another wake up call for organizations to take proactive steps to protect their computer networks," said Steve Solomon, CEO of Citadel Security Software. "Unreported and often undetected attacks are occurring daily. With early warning systems such as our 2 Minute Warning and the availability of automated remediation and security compliance tools such as Hercules, organizations can dramatically reduce the risk associated with network vulnerabilities."

Interested parties may sign up for Citadel's free 2 Minute Warning service at

About Citadel Hercules

With its award-winning Hercules Security Compliance and Vulnerability Remediation software solutions, Citadel helps protect an organization's network against all five classes of vulnerabilities -- software defects or patches, unsecured accounts, unnecessary services, mis-configurations and backdoors -- across a multi-platform, multi-device environment. By automating vulnerability remediation and policy enforcement processes, Citadel's customers, including the US Department of Defense, US Department of Veterans Affairs, MCI and AutoZone, have a more effective approach to protecting sensitive data and enforcing security policies across their network.

About Citadel

Citadel Security Software (NASDAQ: CDSS) delivers security solutions that enable organizations to manage risk, reduce threats and enforce compliance with security policies and regulations. Citadel's proven architecture provides a business process to manage the increasing volume, frequency and complexity of cyber security attacks. Citadel combines the world's largest active library of remediations spanning all classes of vulnerabilities with a proven delivery methodology to dramatically streamline vulnerability management and security compliance and provide ROI from the first use. Citadel solutions are used across the Department of Defense, US Department of Veterans Affairs, MCI and AutoZone in addition to other government and commercial organizations. For more information on Citadel, visit, or call 888-8CITADEL.

Safe Harbor/Forward-looking Statements:

This press release may contain forward-looking statements that are intended to be subject to the safe harbor protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: the economic and geopolitical environment; changes in the information technology spending trends; the uncertainty of funding of government and corporate information technology security projects; the variability of the product sales cycle, including longer sales cycles for government and large commercial contracts; the uncertainty that the company's prospective deals will result in final contracts; the potential changes in the buying decision makers during a customer purchasing cycle; the complexities in scope and timing for finalization of contracts; the fluctuations in product delivery schedules; a lack of Citadel operating history; uncertainty of product development and acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; the effects of inflation; changes in laws and regulations; changes in the company's business plans, including shifts to new pricing models that may cause delays in licenses; interest rates and the availability of financing; liability, legal and other claims asserted against the company; labor disputes; the company's ability to attract and retain qualified personnel; and adjustments to the amounts presented in the unaudited financial tables as a result of the completion of the audit process. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2004 and the company's Quarterly Report on Form 10-Q for the quarter ended June 30, 2005. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results.

Editors Note: Citadel is a trademark and Hercules® is a registered trademark of Citadel Security Software

Contact Information