Back to GetFilings.com




1

- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
---------------------

FORM 10-K



(MARK ONE)
[X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE
SECURITIES EXCHANGE ACT OF 1934
FOR THE FISCAL YEAR ENDED DECEMBER 31, 1999
OR
[ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF
THE SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM ____________TO ____________


Commission file number 0-23655
ISS GROUP, INC.
(Exact Name of Registrant as Specified in Its Charter)



DELAWARE 58-2362189
(State or other jurisdiction of (I.R.S. Employer Identification No.)
incorporation or organization)

6600 PEACHTREE-DUNWOODY ROAD 30328
300 EMBASSY ROW, SUITE 500 (Zip code)
ATLANTA, GEORGIA
(Address of principal executive offices)


Registrant's telephone number, including area code: (678) 443-6000
Securities registered pursuant to Section 12(b) of the Act:



NAME OF EACH EXCHANGE
TITLE OF EACH CLASS ON WHICH REGISTERED
------------------- ---------------------

None None


Securities registered pursuant to Section 12(g) of the Act:
COMMON STOCK, $0.001 PAR VALUE
(Title of Class)
Indicate by check mark whether the Registrant (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
Registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days.

Yes [X] No [ ]

Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to the
best of Registrant's knowledge, in definitive proxy or information statements
incorporated by reference in Part III of this Form 10-K or any amendment to this
Form 10-K. [ ]

The aggregate market value of the voting stock held by non-affiliates of the
Registrant, based upon the closing sale price of Common Stock on March 24, 2000
as reported on the Nasdaq National Market, was approximately $3.9 billion
(affiliates being, for these purposes only, directors, executive officers and
holders of more than 5% of the Registrant's Common Stock).

As of March 24, 2000, the Registrant had 41,766,717 outstanding shares of
Common Stock.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the Proxy Statement for the Registrant's 2000 Annual Meeting of
Stockholders are incorporated by reference into Part III of this Form 10-K.
- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
2

PART I

ITEM 1. BUSINESS

BUSINESS

OVERVIEW

We are a leading global provider of security management solutions for
protecting e-business. Our Adaptive Security Management approach to information
security protects distributed computing environments, such as internal corporate
networks, inter-company networks and electronic commerce environments, from
attacks, misuse and security policy violations, while ensuring the
confidentiality, privacy, integrity and availability of proprietary information.
We deliver an end-to-end security management solution through our SAFEsuite
security management platform coupled with around-the-clock remote security
monitoring through our industry-leading managed security services offerings,
consulting and education services.

Our SAFEsuite family of products is a critical element of an active
Internet and networking security program within today's world of global
connectivity, enabling organizations to proactively monitor, detect and respond
to risks to enterprise information. We currently provide remote management of
the industry's best-of-breed security technology including firewalls, VPNs,
anti-virus and URL filtering software, security assessment and intrusion
detection systems.

ISS is a trusted security provider to its customers, protecting digital
assets and ensuring the availability, confidentiality and integrity of computer
systems and information critical to e-business success. ISS' lifecycle security
management solutions' protect more than five thousand customers including 21 of
the 25 largest US commercial banks, 9 of the 10 largest telecommunications
companies and over 35 government agencies. We also have established strategic
relationships with industry leaders, including Check Point, GTE, IBM, MCI
WorldCom (Embratel), iXL, BellSouth, Microsoft, Nortel and Nokia to enable
worldwide distribution of our core monitoring technology.

INDUSTRY BACKGROUND

Network computing has evolved from client/server-based local area networks
to distributed computing environments based on the integration of inter-company
wide area networks via the Internet. The proliferation and growth of corporate
intranets and the increasing importance of electronic commerce have dramatically
increased the openness of computer networks, with the Internet becoming a widely
accepted platform for many business-to-business, or B2B, and direct-to-customer,
or B2C, transactions. International Data Corporation ("IDC") estimates that the
number of Internet users will grow from 132 million in 1999 (up from 97 million
in 1998) to 320 million in 2002, and that the value of electronic commerce
transactions will grow from $67 billion to $426 billion over the same period.
Additionally, it estimates that the number of devices accessing the Web will
increase from 120 million in 1998 to 515 million in 2002. To capitalize on these
trends, organizations of all sizes and types are increasingly connecting their
enterprise networks to the Internet to facilitate and support strategic business
objectives, often called "e-business" in the popular press, including:

- business process re-engineering -- both inter- and intra-company
processes -- on a massive scale;

- "buy-side" activities such as supply chain partner integration; on-line
purchasing and the use of digital marketplaces

- "sell-side" activities such as web-based customer self-service which is
access to account information and delivery schedules, integrated,
closed-loop marketing; auction and dynamic pricing systems to clear
excess inventory fast, and

- secure messaging (via virtual private networks) for telecommuters and
widely disbursed workforces.

With the increased use of the Internet by businesses and consumers,
organizations increasingly network their key systems in order to reduce costs
and increase revenues. For example, businesses can implement supply chain
management applications through standards enabled by the Internet. To optimize
the supply

1
3

chain, businesses use the Internet to provide suppliers with access to sensitive
internal information, such as engineering designs, product development plans,
raw material inventories and product schedules. Organizations also strengthen
their ties with customers through "corporate Internet portals" that provide
comprehensive information for purchasing products, checking order status and
managing customer billings. This increased level of access provided by open
systems carries with it the risk of unauthorized access to and use of sensitive
information or malicious disruptions of important information-exchange systems.

THE NEED FOR NETWORK SECURITY

Although open computing environments have many business advantages and
businesses are depending on them more and more, their accessibility and the
relative anonymity of users make these systems, and the integrity of the
information that is stored on them, vulnerable to security threats. Open systems
present inviting opportunities for computer hackers, curious or disgruntled
employees, contractors and competitors to compromise or destroy sensitive
information within the system or to otherwise disrupt the normal operation of
the system. In addition, open computing environments are complex and typically
involve a variety of hardware, operating systems and applications supplied by a
multitude of vendors, making these networks difficult to manage, monitor and
protect from unauthorized access. Each new addition of operating system
software, applications or hardware products to the distributed computing
environment may introduce a vast number of new vulnerabilities and security
risks. To adequately secure a network, information technology, or information
technology, managers must have the resources to not only correctly configure the
security measures in each system, but also to understand the risks created by
any change to existing systems on the network. This situation is made worse by
the limited supply of personnel knowledgeable in information security issues.
And as more and more executives drive their businesses on-line, the need for
network and information security gets greater and the shortages and lack of
skills get more acute. With high profile "denial of service" attacks on web
sites like YAHOO and CNN.com, security has moved to the forefront, and sometimes
the front page, as a critical piece of the enabling infrastructure of doing
business on-line. Executives must understand and manage the risks involved when
integrating their systems with the systems of suppliers and customers to achieve
strategic objectives. According to the annual Information
Week/PricewaterhouseCoopers LLP 1999 Global Information Security Survey of
information technology managers and professionals, 64% of those surveyed who are
associated with sites selling products or services on the Web reported at least
one security breach in the past year. In addition, sites integrated with
supply-chain network or enterprise resource planning applications reported
security violations 10% more often than sites without such applications. In a
separate PricewaterhouseCoopers survey of chief executive officers, 84% cited
security concerns as a barrier to deployment of information technology
initiatives. Despite the convenience and the compelling economic incentives for
the use of Internet-protocol networks, they cannot reach their full potential as
a platform for global communication and commerce until organizations can
implement an effective platform to manage information risk.

Historically, organizations with sophisticated, well-funded information
systems departments have responded to perceived security threats by implementing
passive point tools, such as encryption, firewall, authentication and other
technologies designed to protect individual components of their internal
networks from unauthorized use or outside attacks. These technologies address
some security concerns, but are often ineffective because:

- encryption protects information during transmission; however, it does not
typically protect information at either the source or the destination;

- a firewall, which controls the flow of data between an internal network
and outside networks or the Internet, is necessary for rudimentary access
control, but must be regularly reconfigured to accommodate new business
applications, users and business partners on the network. Thus, firewalls
can be left vulnerable to hackers and others seeking to compromise
network integrity and fail to protect against improper use by authorized
users;

- operating system security mechanisms, such as user authentication,
passwords and multi-level access rights, can prevent unauthorized access
by internal and external users. However, deployment issues

2
4

such as easily guessed passwords or default accounts left on newly
installed devices diminish the effectiveness of these measures.

Passive point tools do not address the fundamental issue that the inherent
utility of open systems is itself the source of their vulnerability. This
conflict between the benefits of open systems and the risks of their
unauthorized use or disruption has not been widely recognized or addressed by
passive security tools.

Many organizations have developed security policies that define the
appropriate use of network resources, establish the proper configuration of
network services, operating systems and applications and describe the actions to
be taken if there is an attack on the network. These security policies attempt
to define the organization's acceptable level of risk. Organizations, however,
have not had the systems to automatically enforce and implement such policies
across their entire information technology infrastructure. Without such systems,
the dynamic nature of enterprise networks causes the organization's actual
security practice to diverge from the stated security policy, potentially
exposing the organization to additional unanticipated risks.

To be effective, passive point tools need to be coordinated through
enterprise-wide systems that automatically evaluate and eliminate the
vulnerabilities and threats. Direct observation of vulnerabilities and threats
can allow an organization to define and automatically enforce an integrated,
enterprise-wide information risk management process that can be managed
centrally and implemented on a distributed basis. Any security solution must be:

- easy to use by both management and the organization's existing
information technology personnel or service provider;

- compatible with existing security technologies as well as be flexible
enough to incorporate new technologies; and

- able to provide a comprehensive and accurate picture of security issues
across the organization's entire distributed network such that the
managers of the system trust the objectivity of the security system in
monitoring, detecting and responding to vulnerabilities and threats.
These challenges are magnified tremendously when one begins to consider
the challenges faced by many less sophisticated and under-manned MIS
organizations. These groups, trying to support business initiatives
focused on taking advantage of the Internet, have great difficulty
staying abreast of the fast-moving and complex security technology
landscape.

THE ISS SOLUTION

The enormous potential benefits of "e-business" have driven the Internet
into the "main stream" and with it, the need for security. However, "main
stream" organizations -- unlike our early customers -- are not necessarily
interested in managing information security themselves. Instead, we believe they
want to concentrate on their core business competence and purchase security as a
turnkey solution. For this market-driven reason, we have dramatically increased
our emphasis on providing total lifecycle security solutions and have entered
the managed security services market.

In 1999, we adopted British Standard 7799, or BS7799. BS7799 is a blueprint
for wrapping various interpretations of information security policy management
into one unified methodology. The British Standard divides security policy into
a five-step, cyclical process: (1) assess, (2) design, (3) deploy, (4)
manage/support and (5) educate. Our customer life cycle methodology, based on
BS7799, permeates our approach to providing total solutions to our customers.
Our implementation of BS7799 consists of the following:

Assess. (Where Are We?) Many companies do not know what information
resides on their network. They do not know where it is located, who has access
to it or what would be the cost to them if the information were compromised in
any way. During this phase of the life cycle, our experts identify all of a
customer's network devices and resources and establish valuations for all groups
of data on the customer's network. The value of assessment lies in turning
general descriptions of security needs and network structures into

3
5

measurable sets of data that we use to design verifiable security policy and
information technology infrastructure.

Design. (Where Do We Need to Be?) In this phase of the life cycle, our
teams convert the data gathered during the assessment phase into lists of
information security solutions, deployment locations, implementation strategies
and configuration guidelines for each network device or security application.
When the solution road map is complete, our customer has a security policy,
accompanied by a plan for deploying it and concrete metrics for measuring
compliance.

Deploy. (How Do We Get There?) During this period, our experts test and
install the devices and security applications into the customer's production
environment. Deployment is the place where many organizations traditionally
concentrate their security efforts, giving short shrift to the other stages.
Such a narrow view of network security can easily lead to inefficient or
inadequate protection. Our comprehensive perspective on information security
ensures that the security management solution reaches the breadth of the
customer's needs, while simultaneously providing a cost-effective framework for
future growth.

Manage and Support. (How Do We Maintain and Improve?) At this stage, a
customer can either choose to run an in-house security management solution, or
outsource information security through our managed security services. This
ongoing stage is where our experts measure performance data from the information
security infrastructure against the goals stated in the security policy mapped
out earlier. Non-compliant systems and events trigger specific actions, as
stated in the policy. These include a re-evaluation of the policy and a restart
of the policy generation process.

Education. (How Do We Enhance our Understanding?) Education is a critical
component of the customer life cycle methodology. This ongoing effort to raise
awareness of the need for information security at the executive, management,
administrator and end-user levels cuts across all the steps listed above. It
includes both continuing training for administrators in emerging threats to
their systems and awareness among end users of the benefits of working within
the security architecture.

Our dynamic, process-driven lifecycle approach to enterprise-wide
information risk management relies on the principles of monitoring, detection
and response to the ever-changing vulnerabilities in and threats to the hardware
products, operating systems and applications that comprise every network system.
We designed our SAFEsuite family of products to enable an organization to
centrally define and manage an information risk policy for its existing network
system infrastructure, including all Internet protocol-enabled devices. Our
solutions provide the ability to visualize, measure and analyze real-time
security vulnerabilities and control threats across the entire enterprise
computing infrastructure, keeping the organization's information technology
personnel informed of changing risk conditions and automatically making
adjustments as necessary. Through custom policies or by using our "best
practice" templates, our customers can minimize security risks without closing
off their networks to the benefits of open computing environments and the
Internet.

Our solutions reach beyond the traditional approaches to network security
and are predicated on a proactive, risk management-based approach to enterprise
security that links security practice and security policy through a continuous
improvement process:

- continuously monitoring network, system and user activity and configuring
devices, systems and applications on the network;

- detecting security risks in network traffic and within systems;

- responding to security threats to minimize risks; and

- analyzing and reporting dynamic risk conditions and response actions and
updating security policies.

Comprehensive Enterprise Security Solution

We combine the above principles with our extensive knowledge of network,
system and application vulnerabilities and threats to provide scalable security
solutions. Our SAFEsuite family of products provides a comprehensive network and
system security framework. In addition, we sell our products individually as

4
6

solutions for a particular function. We also offer a broad range of professional
services to assist in the development and enforcement of an effective security
policy and to facilitate the deployment and use of our software. Our solutions
are interoperable with a broad range of platforms and complement the products of
leading security and network management vendors. They provide a single point of
management and control for an enterprise-wide security policy. In this manner,
our SAFEsuite family of products serves as a critical enhancement to traditional
passive point tools, such as encryption, firewalls and authentication. We have
designed our products to be easily installed, configured, managed and updated by
a system administrator through an intuitive graphical user interface without
interrupting or affecting network operation. The software automatically
identifies systems and activities that do not comply with a customer's policies,
and provides a critical feedback mechanism for adjusting the security levels of
networked systems based upon its findings. Our products generate
easy-to-understand reports ranging from executive-level trend analysis to
detailed step-by-step instructions for eliminating security risks.

The X-Force

Because there are few information technology professionals specifically
trained in network and system security issues, we have assembled a senior
research and development team composed of security experts who are dedicated to
understanding new vulnerabilities and real-time threats and attacks, and
developing solutions to address these security issues. The team is known in the
industry as the "X-Force" and represents one of our competitive advantages.
Because of the collective knowledge and experience of the members of the
X-Force, we believe that they comprise one of the largest and most sophisticated
groups of information technology security experts currently researching
vulnerability and threat science. Organizations such as CERT (Computer Emergency
Response Team), the FBI and leading technology companies routinely consult the
X-Force on network security issues. Through the X-Force, we maintain a
proprietary and comprehensive knowledge base of computer exploits and attack
methods, including what we believe is the most extensive publicly available
collection of Windows NT vulnerabilities and threats in existence. To respond to
an ever-changing risk profile, the X-Force continually updates this knowledge
base with the latest network vulnerability information, which aids in the design
of new products and product enhancements.

STRATEGY

Our objective is to be the leader in security management for the Internet.
This means providing information risk management systems that proactively
protect the integrity and security of enterprise-wide information systems from
vulnerabilities, misuse, attacks and other information risks. This is regardless
of whether the system is run "in-house" by the management information systems
organization or is outsourced to ISS for remote 24-by-7 management and
monitoring. We focus on developing innovative and automated software and service
solutions to provide customers with a comprehensive framework for protecting
their networks and systems by monitoring for vulnerabilities and real-time
threats. Our solutions allow customers to enforce "best practice" network and
system security policies. Key elements of our strategy include:

Continue Our Leadership Position in Security Technology

We intend to maintain and enhance our technological leadership in the
enterprise security market by hiring additional network and Internet security
experts, broadening our proprietary knowledge base, continuing to invest in
product development and product enhancements and acquiring innovative companies
and technologies that complement our solutions. By remaining independent of
other providers of system software, applications and hardware and by solidifying
our position as a best-of-breed provider of monitoring, detection and response
software, we believe that customers and potential customers will view us as the
firm of choice for establishing and maintaining effective security practices and
policies.

Establish Leadership in Managed Security Services

During 1999, we extended our market leadership position with the August
acquisition of Netrex, Inc., a pioneer and leading provider of remote, security
monitoring services. The Managed Security Services

5
7

(MSS) we acquired are designed for businesses that need security but do not have
the time, internal resources or expertise to effectively protect networked
systems and information through an in-house solution.

This acquisition enables us to deliver end-to-end security management
solutions by extending our market-leading SAFEsuite security management platform
into around-the-clock managed services. In return, our customers now can entrust
their security to ISS experts who monitor and manage their networks 24 hours a
day, seven days a week, 365 days a year.

International Data Corp. (IDC) projects that demand for managed security
services will reach more than $2.2 billion annually by 2003, with a compounded
growth rate of 45 percent. As e-business continues to penetrate the economy,
security management will come to be viewed as an essential system on the
network, just as network and systems management and storage management are
today. We're poised to take advantage of this inevitability.

Expand Domestic Sales Channels

We intend to increase the distribution and visibility of our products by
expanding our regional direct sales program and increasing our market coverage
through the establishment of additional indirect channels with key managed
service providers, Internet service providers, systems integrators, resellers,
OEMs and other channel partners. We believe that a multi-channel sales approach
will build customer awareness of the need for our products and enable us to more
rapidly build market share across a wide variety of industries.

Enhance and Promote Professional Services Capabilities

We establish long-term relationships with our customers by serving as a
"trusted advisor" in addressing network security issues. To continue to fulfill
this responsibility to our customers, we are expanding our professional services
capabilities. These capabilities will allow us to maximize the return on
investment we've made in standardizing on BS7799. As previously mentioned,
BS7799 is a blueprint for wrapping various interpretations of information
security policy management into one unified methodology. It is our customer life
cycle methodology, built on this standard, that permeates our approach to
providing total solutions to our customers and provides them with effective
information risk management solutions. By providing professional services, we
also can heighten customer awareness about network security issues, which
creates opportunities for us to sell new products or product enhancements to our
existing customers.

Expand International Operations

We plan to continue to aggressively expand our international operations to
address the rapid global adoption of distributed computing environments. Many
foreign countries do not have laws recognizing network intrusion or misuse as a
crime or the resources to enforce such laws if they do exist. As a consequence,
we believe that organizations in such countries will have greater need for
effective security solutions. We currently maintain international offices in
Australia, Belgium, Brazil, Canada, England, France, Germany, Japan and Mexico
and plan to expand in those regions where businesses, governments and other
institutional users are using distributed networks and the Internet for their
mission-critical needs.

PRODUCT ARCHITECTURE

The SAFEsuite family of products applies our information security
methodology through a flexible architecture designed to be integrated with
existing security and network system infrastructures. Our SAFEsuite products
enhance the effectiveness of passive point tools by monitoring them for threats
and vulnerabilities and responding with actions that align customers' security
practices and policies. SAFEsuite complements network and security management
frameworks by providing information required for informed decisions to minimize
security risks while maintaining the desired level of network functionality.
Thus, our products provide a risk management-based approach to security with
scalable deployment of best-of-breed products and integrated enterprise-wide
implementations.

6
8

The SAFEsuite product architecture includes a policy management interface
that lets customers choose among "best practice" templates or policies that
establish the acceptable level of risk appropriate for their networks. Our
individual products then automatically verify compliance with the chosen policy
in terms of actual system configuration and network activity. Graphical reports
describe the deviations from the established policy, including the measures
required to reduce the risk.

This product architecture allows all the SAFEsuite technologies to connect
directly into common standards, providing comprehensive security reports for the
entire enterprise. To ensure communication confidentiality between individual
SAFEsuite components and to prevent their misuse, SAFEsuite components use RSA
encryption algorithms, which have become de facto encryption standards, among
other encryption technologies. The SAFEsuite Security Knowledge Base, a database
containing information about the devices and security risks on a customer's
network, utilizes open database connectivity, or ODBC, interface and allows
customers to select their preferred database such as Informix, Microsoft SQL
Server, Oracle, Sybase or any ODBC-compliant database for data storage. The
various SAFEsuite products consolidate security data, enabling users to quickly
determine their risk profiles and respond. In addition, SAFEsuite products
provide automated decision support by assessing priorities and providing a
graphical representation of important security risk data sets. This feature
allows key decision-makers to prioritize their program strategies for effective
deployment of resources to minimize security risks.

Each SAFEsuite product can be deployed as a stand-alone, best-of-breed
solution to meet the needs of the local administrator or departmental user.
Enterprise-level users can analyze security risk conditions for the entire
network through support for remote, multi-level management consoles and the
SAFEsuite Security Knowledge Base. The SAFEsuite Security Knowledge Base allows
the customer to address vulnerabilities and threats, thereby minimizing network
security risk and associated costs. SAFEsuite's frequent updates integrate the
latest identified security vulnerabilities and threats into the operations of an
existing product installation.

7
9

PRODUCTS

The following table lists our current offering of SAFEsuite products, and
includes a brief description of each product's functionality and current list
prices (dollar amounts are for the indicated scope of use, with prices
discounted for larger networks):




INTRODUCTION
DESCRIPTION SCOPE U.S. LIST PRICE DATE

- -----------------------------------------------------------------------------------------------------------------
NETWORK SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING
- -----------------------------------------------------------------------------------------------------------------
Internet Scanner Comprehensive security 50 devices $ 3,495 October 1992
assessment for all 1000 devices 19,945
devices on an enterprise 3000 devices 39,500
network
- -----------------------------------------------------------------------------------------------------------------

INTERNAL SYSTEM SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING
- -----------------------------------------------------------------------------------------------------------------
System Scanner Internal security assessment 5 computers $ 3,250 January 1997
for server operating systems 30 computers 17,500
100 computers 50,000
- -----------------------------------------------------------------------------------------------------------------

DATABASE SECURITY VULNERABILITY DETECTION, ANALYSIS AND RESPONSE
- -----------------------------------------------------------------------------------------------------------------
Database Scanner Comprehensive security 5 servers $ 4,475 December 1998
assessment for SQL, Oracle 10 servers 8,500
and Sybase databases 50 servers 41,250
- -----------------------------------------------------------------------------------------------------------------

NETWORK SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE
- -----------------------------------------------------------------------------------------------------------------
RealSecure Engine Real-time attack recognition, 1 engine $ 8,995 December 1996
misuse detection and 10 engines 69,900
response for network traffic 25 engines 149,900
- -----------------------------------------------------------------------------------------------------------------

INTERNAL SYSTEM SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE
- -----------------------------------------------------------------------------------------------------------------
RealSecure Agent Real-time attack recognition, 5 computers $ 3,750 December 1998
misuse detection and 25 computers 15,000
response for activities within 100 computers 50,000
systems
- -----------------------------------------------------------------------------------------------------------------

ENTERPRISE INFORMATION RISK MANAGEMENT
- -----------------------------------------------------------------------------------------------------------------
SAFEsuite Decisions Decision support system Small enterprise $ 25,000 December 1998
for information risk Medium enterprise 100,000
management Large enterprise 250,000
- -----------------------------------------------------------------------------------------------------------------


Internet Scanner

Internet Scanner quickly identifies security vulnerabilities in a network
and non-compliance with security policy, plus provides appropriate information
for correcting these potential security exposures, through automated and
comprehensive network security vulnerability detection and analysis. Internet
Scanner scans and detects vulnerabilities, prioritizes security risks and
generates an array of meaningful reports ranging from executive-level trend
analysis to detailed step-by-step instructions for eliminating security risks.
Internet Scanner initiates a scan from a workstation placed inside or outside a
corporate firewall. These scans measure the actual implementation of an
organization's security policies. Scans may be as simple as determining the
basic computing services available on the network or as comprehensive as a
thorough testing using the full range of Internet Scanner's vulnerability
database. Internet Scanner's intranet module methodically examines intranet
servers, routers, operating systems and key applications for potential
violations in security policy. The

8
10

firewall module works through the network to find firewalls and provide an
accurate assessment of their configuration and degree of protection. Finally,
the Web security module locates intranet, extranet and Internet Web servers,
checking them for possible mis-configurations and security weaknesses. The
product uses Smart Scan, a technique that uses the results of prior scans, as
well as current scans of other devices, to provide a more thorough investigation
of each device. After completing their scans, the Internet Scanner modules
return lists of discovered vulnerabilities and prepare in-depth reports to
assist administrators with follow-up and review. We frequently release new
security tests for Internet Scanner via X-Press Updates(TM) which are downloaded
and installed from the ISS World Wide Web site. Internet Scanner also works
cooperatively with the ISS Database Scanner; any new database server that
Internet Scanner discovers can automatically be tested for database weaknesses
by the ISS Database Scanner.

System Scanner

System Scanner serves as a security assessment system that helps manage
security risks through comprehensive detection and analysis of operating system,
application and user-controlled security weaknesses. System Scanner identifies
potential security risks by comparing security policy with actual host computer
configurations. Potential vulnerabilities include missing security patches,
dictionary-crackable passwords, inappropriate user privileges, incorrect file
system access rights, unsecure service configurations and suspicious log
activity that might indicate an intrusion. System Scanner stores scanned
operating system configurations, placing an electronic "fingerprint" on
individual hosts. Routine reviews of these records help identify damaged or
maliciously altered systems before they become a security or performance
liability. Furthermore, System Scanner helps restore suspicious or damaged
systems, generating automated fix scripts for file ownerships and permissions.
System Scanner augments its automated policy compliance testing with an
extensive database of vendor patches and other system enhancements. This
powerful built-in knowledge base quickly pinpoints high-risk activity, such as
password sniffing, remote access programs or unauthorized dial-up modems and
remote control software. System Scanner returns a list of discovered
vulnerabilities and prepares in-depth reports to assist administrators with
follow-up and review. System Scanner supports over 25 versions of Unix servers,
as well as Microsoft Windows NT and Windows 2000 servers. Like Internet Scanner,
System Scanner can be updated with new security tests via X-Press Updates
downloaded from the ISS World Wide Web site.

Database Scanner

Database Scanner provides security risk assessment for database management
systems. Database Scanner allows a user to establish a database security policy,
audit a database and present a database's security risks and exposures in
easy-to-read reports. Most database security violations occur not because
databases have inherently weak security, but rather because systems are not set
up correctly and security policies are not established and enforced. Even in a
properly configured system, settings can be changed -- either accidentally or
maliciously -- leaving sensitive information at risk. Database Scanner develops,
implements and maintains appropriate database system security strategies,
policies and procedures. It examines database systems for adherence to accepted
operational standards for account creation, access control, account suspensions
and renewals, along with software upgrades, patches and hot fixes. Database
Scanner also measures and manages the security risks in internal applications
utilizing database management systems. The easy to read reports provide detailed
graphical analysis with recommended fixes and promote effective communication of
security risks across departments and levels of management. Database Scanner
supports Microsoft SQL server, Oracle and Sybase database servers.

RealSecure

RealSecure is an integrated network- and host-based intrusion detection and
response system. RealSecure's around-the-clock surveillance extends
unobtrusively across the enterprise, allowing administrators to automatically
monitor network traffic and host logs, detect and respond to suspicious activity
and intercept and respond to internal or external host and network abuse before
system security is compromised. RealSecure's multi-point management architecture
allows for rapid enterprise-wide deployment and operation across

9
11

geographic and organizational boundaries in both Unix and Windows NT
environments. RealSecure's innovative Manager-Engine-Agent architecture provides
flexible deployments to meet the requirements of diverse corporate networks.

RealSecure Engine. The RealSecure Engine runs on dedicated workstations to
provide network intrusion detection and response. Each RealSecure Engine
monitors the packet traffic on a specific network segment for attack
signatures -- telltale evidence that an intrusion attempt is taking place.
Recognition occurs in real time and triggers user-definable alarms and responses
as soon as the attack is detected. RealSecure utilizes proprietary technology to
recognize and efficiently manage a large number of attack patterns on high-
speed networks. Additionally, our Adaptive Filtering Algorithm tunes the packet
filter rules in response to network load, allowing the engine to effectively
function during bursts in network traffic. When a RealSecure Engine detects an
attack or misuse, it transmits an alarm to the RealSecure Manager or a
third-party network management console for administrative follow-up and review.
In addition, RealSecure responds immediately by terminating the connection,
sending email or pager alerts, recording the session, reconfiguring select
firewalls or taking other user-definable actions.

RealSecure Agent. RealSecure Agent is a host-based complement to
RealSecure Engine. RealSecure Agent analyzes host logs to recognize attacks,
determine whether an attack was successful and provide other forensic
information not available in real time. Based on what is discovered, RealSecure
Agent reacts to prevent further incursions by terminating user processes and
suspending user accounts. It also logs events, sends, alarms and emails and
executes user-defined actions. Each RealSecure Agent installs on a workstation
or host, thoroughly examining that system's logs for telltale patterns of
network misuse and breaches of security. Like RealSecure Engine, RealSecure
Agent sends an alarm to the RealSecure Manager or third-party network management
console when it detects evidence of improper usage. Based on what it discovers,
RealSecure Agent also automatically reconfigures RealSecure Engines and select
firewalls to prevent future incursions.

SAFEsuite Decisions

SAFEsuite Decisions is the initial product in our SAFEsuite Enterprise
family of enterprise security management solutions. SAFEsuite Decisions provides
information security decision support services that consolidate and simplify the
task of maintaining complex information security implementations across an
enterprise network environment. SAFEsuite Decisions integrates critical security
data generated by our Internet Scanner, System Scanner, RealSecure and
third-party firewalls, into a closed, automated feedback loop. This information
is condensed into a comprehensive reporting system, enabling timely, focused and
informed decisions for effective information risk management. By automating the
process of collecting, collating, correlating and analyzing data generated by
multiple information security engines and applications. SAFEsuite Decisions
enables managers and administrators to focus security resources where they are
needed most.

MANAGED SECURITY SERVICES

We provide comprehensive managed security services, or MSS, for
organizations without a compelling reason to develop an in-house information
security solution. MSS allows a company to start with basic security needs at
low cost, then expand as the business grows. Since the security infrastructure
is disbursed across a large managed services customer base, monthly security
costs are minimized while each aspect of the enterprise is secured against
attack and misuse in accordance with the customer's security policy.

MSS ensures that online assets are being properly protected. MSS is similar
to outsourced security, but if offers unique advantages that make it an ideal
resource for e-business. Instead of separate vendors for security consulting
services, firewalls, anti-virus and intrusion detection, MSS combines these
basic business necessities with thorough information security analysis to
deliver a complete, customized information security solution. MSS delivers key
advantages for both e-business start-ups and established enterprise players with
massive online operations. Since all security operations take place at Network
Operations Centers, clients

10
12

don't have to worry about hardware, software, staff or operations. Our unique
web-based management console allows client oversight of all security operations,
plus rapid response to changing network conditions.

PROFESSIONAL SERVICES

We enhance the value of our products by offering professional consulting
services to assure customers' success in establishing, implementing and
maintaining their security policy. We have network security professionals ready
to assist customers with their particular security policy development and
enforcement needs. Our professional services can range from providing network
security resources for overburdened information technology departments to
conducting investigations of serious breaches in security. Our professional
services offerings include:

- Information Security Analysis and Assessment -- includes enterprise
security audits, enterprise security assessment and strategy workshops
and risk assessment analysis

- Information Security Design Services -- includes security policy and
configuration guideline development; information security architecture
design; and risk management process integration

- Information Security Deployment Services -- security deployment strategy
workshop; project "Jump-Start" -- hands-on training and assistance with
deployment and use of ISS' SAFEsuite products; and enterprise deployment
of ISS' SAFEsuite solutions throughout an enterprise-level organization.

- Emergency Response Services -- subscription service that helps customers
avoid security breaches while helping them prepare in case they do
experience a break-in.

- Knowledge Services -- the Savant Security Guide provides administrators
and staff with critical information regarding security of Windows NT and
Windows 2000.

We complement our service offerings with a full range of training and
certification programs. These programs include courses in the fundamentals of
security and networking, vulnerability management, threat management and
intrusion detection, public key infrastructures, firewalls and others. Each
course offers the option of certification via standardized examinations. Our
courses are available at our education centers in Atlanta, Detroit, Chicago,
Denver, Miami, New York, San Francisco, Dallas and Washington, DC, as well as at
customer sites with our mobile training labs, and at approved training centers
around the world. These classes address planning, installation and basic
operation of our products in a hands-on, interactive environment. For more
advanced needs, our ISS Certified Engineer training courses cover advanced
topics specific to each SAFEsuite or SAFEsuite Enterprise product. Our training
goes beyond simple "how to" exercises. Upon completion of instructor-led
discussions and exercises, students respond to actual, on-the-job scenarios.
These simulations allow students to apply their new skills to real-world
situations, reinforcing both basic and advanced skills. Our training courses
encompass the complete life cycle of our SAFEsuite products, from installation
and operations to advanced troubleshooting.

PRICING

We use a range of fee structures to license our products, depending on the
type of product and the intended use. We license our vulnerability detection
products, Internet Scanner, System Scanner and Database Scanner, based on the
number of devices being scanned. The pricing scheme is scalable, providing low
entry points for departmental users without limiting our revenue potential from
customers with large networks. Pricing for our threat detection products,
RealSecure Engine and RealSecure Agent, is based on the number of engines
deployed on the network. Thus, licensing fees for our products are ultimately
determined by the size of the customer's network, as size dictates the number of
devices to be scanned or the number of engines to be deployed. In addition to
license fees, customers virtually always purchase maintenance agreements in
conjunction with their initial purchase of a software license, with annual
maintenance fees typically equal to 20% of the product's license fee.
Maintenance agreements include annually renewable telephone support, product
updates, access to our X-Force Security Alerts and error corrections. Our
continuing research into new security risks and resulting product updates
provide significant ongoing value. As a result, a substantial majority of our
customers renew their maintenance agreements. Customers who use our

11
13

products to provide information technology consulting services have license
agreements that are based on a revenue sharing model. We have historically sold
fully-paid perpetual licenses with a renewable annual maintenance fee and, more
recently, have licensed our products on a subscription basis, including
maintenance, for one or two year periods and are exploring other alternatives
for customers desiring longer term arrangements or multi-year commitments.

Our professional services fees are calculated using an hourly standard rate
per consultant that can be discounted based on the scope of the engagement,
market sector and geographical territory. Our security technology training is
generally priced per-student, per-day, based on the course format, technical
content and the amount of "hands-on" exposure provided to the student in either
our classrooms or at the customer's location.

Managed Security Services include Managed Firewall, Managed Intrusion
Detection and Response, Automated Remote Vulnerability Assessment and several
related offerings. Service pricing is based on a monthly monitoring and
management fee per managed security device for the term of the service
subscription, typically a minimum of 12 months. In addition, we can provide the
customer the security device itself (i.e., firewall, intrusion detection system,
anti-virus gateway, etc.) and in such case there are additional charges for
hardware, software licenses, maintenance, and installation fees.

PRODUCT DEVELOPMENT

We developed our SAFEsuite products to operate in heterogeneous computing
environments. Products are compatible with other vendors' products across a
broad range of platforms, including HP-UX, IBM AIX, Linux, SGI IRIX, SunOS, Sun
Solaris, Windows 95/98 and Windows NT. We have incorporated a modular design in
our products to permit plug-and-play capabilities, although customers often use
our professional services or our strategic partners to install and configure
products for use in larger or more complex network systems.

We employ a two-pronged product development strategy to achieve our goal of
providing the most comprehensive security coverage within the monitoring,
detection and response market. First, we continue to develop best-of-breed
security products to address particular network configurations. Such new
products, and our existing products like Internet Scanner, System Scanner and
RealSecure, are updated approximately every four to six months to add new
features, improve functionality and incorporate timely responses to
vulnerabilities and threats that have been added to our vulnerability and threat
database. These updates are usually provided as part of separate maintenance
agreements sold with the product license.

Second, to complement our existing products and provide more comprehensive
network security coverage, we are expanding our existing SAFEsuite products by
developing additional enterprise-level products. These products will allow
customers to protect their networks by continuously measuring and analyzing the
status of their network's security, and by monitoring and controlling the
security risks in real time across the enterprise network. These SAFEsuite
enterprise products will be interoperable with our existing products, allowing
modular implementation.

Expenses for product development were $3.9 million, $9.7 million and $20.4
million in 1997, 1998 and 1999, respectively. All product development activities
are conducted at either our principal offices in Atlanta, or at our research and
development facilities in Mountain View, California, Southfield, Michigan and
Reading, England. At December 31, 1999 253 personnel were employed in product
development teams. Our personnel include members of the Computer Security
Institute, Forum for Incident Response and Security Technicians (FIRST), Georgia
Tech Industrial Partners Association, Georgia Tech Information Security Center
and the International Computer Security Association (ICSA), enabling us to
actively participate in the development of industry standards in the emerging
market for network and Internet security systems and products.

12
14

CUSTOMERS

As of December 31, 1999, we had licensed versions of our SAFEsuite family
of products to over 5,000 customers. No customer accounted for more than 10% of
our consolidated revenues in 1997, 1998 or 1999. Our target customers include
both public and private sector organizations that utilize Internet protocol-
enabled information systems to facilitate mission-critical processes in their
operations. Our customers represent a broad spectrum of organizations within
diverse sectors, including financial services, technology, telecommunications,
and government and information technology services.

The following is a list of certain of our customers that have purchased
licenses and services from us with an aggregate price of at least $15,000 and
which we believe are representative of our overall customer base:



FINANCIAL SERVICES INFORMATION TECHNOLOGY GOVERNMENT
Charles Schwab SERVICES NASA
First Union EDS Salt River Project
KeyCorp KPMG U.S. Department of the
Merrill Lynch Perot Systems Air Force
PNC Bank PricewaterhouseCoopers U.S. Department of the
SAIC Army
TELECOMMUNICATIONS SITA U.S. Department of
America Online Defense
Bell Atlantic TECHNOLOGY U.S. State Department
GTE Internetworking Hewlett-Packard
NETCOM On-Line IBM OTHER
Communications Intel Lockheed Martin
Nippon Telephone & Lucent Technologies Merck
Telegraph Microsoft REI
NCR
Siemens
VeriSign
Xerox


SALES AND MARKETING

Sales Organization

Our sales organization is divided regionally among the Americas, Europe and
the Asia/Pacific regions. In the Americas, we market our products primarily
through our direct sales organization augmented by our indirect channels,
including security consultants, resellers, OEMs and systems consulting and
integration firms. The direct sales organization for the Americas consists of
regionally based sales representatives and sales engineers and a telesales
organization located in Atlanta. As of December 31, 1999, we maintained sales
offices in the Atlanta, Austin, Boston, Chicago, Cincinnati, Dallas, Denver, Los
Angeles, Minneapolis, Monterrey, Mexico, New York, Palo Alto, Philadelphia,
Portland, San Francisco, Sao Paulo, Brazil, Seattle, Toronto, Canada and
Washington, D.C. metropolitan areas. A dedicated group of professionals in our
Atlanta headquarters covers Latin America. As of December 31, 1999, we employed
approximately 270 people in the Americas direct sales and professional services
organization. The regionally based direct sales representatives focus on
opportunities where we believe we can realize more than $200,000 in revenues per
year.

In Europe and the Asia/Pacific region, substantially all of our sales occur
through authorized resellers. Internationally, we have established regional
sales offices in Brussels, London, Munich, Paris, Reading, England, Stuttgart,
Sydney and Tokyo. Personnel in these offices are responsible for market
development, including managing our relationships with resellers, assisting them
in winning and supporting key customer accounts and acting as a liaison between
the end user and our marketing and product development organizations. As of
December 31, 1999, approximately 95 employees were located in our European and
Asia/ Pacific regional offices. We expect to continue to expand our field
organization into additional countries in these regions.

13
15

Security Partners Program

We have established a Security Partners Program to train and organize
security consulting practices, Internet service providers, systems integrators
and resellers to match our products with their own complementary products and
services. By reselling SAFEsuite products, Security Partners provide additional
value for specific market and industry segments, while maintaining our ongoing
commitment to quality software and guaranteed customer satisfaction. We have
established three different levels of partnership opportunities:

- Premier Partners. Premier Partners are value-added resellers and systems
integrators with focused security practices. Many Premier Partners are
experienced in the sales and implementation of leading firewall
technology, as well as authentication and encryption technologies. These
partners leverage their expertise with our vulnerability assessment and
intrusion detection products. Premier Partners receive direct
distribution of our products, sales training, financial incentives,
access to our Web site for placing orders and partner-only
communications, including a link to the ISS Partner Web site.

- Authorized Partners. Authorized Partners generally consist of
organizations that provide security-focused consulting services, but
elect not to commit to the minimum annual purchase commitments and entry
fees applicable to Premier Partners. Authorized Partners may purchase
products directly from us and may access our Web site to place orders and
receive partner-only communications.

- Registered Partners. Unlike Premier Partners and Authorized Partners,
Registered Partners are not required to maintain an ISS Certified
Engineer on their staffs. Registered Partners receive partner-only
communications and may purchase products directly from us, including
through our online Web order system.

In addition, we maintain a strategic technology alliance where beneficial
to improve and extend our technology in the following four key areas:

- Active Response. Security breaches require rapid response to identify
and stop threats before they place critical online assets at risk.
Through these alliances, firewalls, routers, switches, virtual private
networks and other technologies can be enabled to be reconfigured
automatically and in real time to break off the attack and prevent future
penetrations.

- Lock Down. Improper configurations can make any technology vulnerable to
attack and misuse. Our alliances help develop customized templates that
enable the secure configuration of network devices. With this "lock down"
functionality, customers can be assured that information security
products will function as designed and will be securely configured.

- Decision Support. Effective security decision-making and planning
requires timely analysis of enormous amounts of data across disparate
systems and network devices. Our alliances help enable fast and informed
enterprise-wide security decisions by collecting, integrating and
analyzing data from security and network infrastructure products.
Resulting high value information is routed to network and systems
management consoles for immediate action.

- System and Network Management Technology Integration. Our alliances help
integrate ISS information security solutions with enterprise system
management platforms. This integration simplifies the enforcement and
implementation of security policies across the enterprise leveraging
existing information technology resources.

Marketing Programs

We conduct a number of marketing programs to support the sale and
distribution of our products. These programs are designed to inform existing and
potential end-user customers, OEMs and resellers about the capabilities and
benefits of our products. Marketing activities include:

- press relations and education;

- publication of technical and educational articles in industry journals
and our on-line magazine, ISS Alert;

14
16

- participation in industry tradeshows;

- product/technology conferences and seminars;

- competitive analysis;

- sales training;

- advertising and development and distribution of marketing literature; and

- maintenance of our Web site.

A key element of our marketing strategy is to establish our products and
information security methodology as the leading approach for enterprise-wide
security management. We have implemented a multi-faceted program to leverage the
use of our SAFEsuite product family and Managed Security Services to increase
their acceptance through relationships with various channel partners:

- Strategic Resellers. Although we have numerous resellers, certain of
these relationships have generated significant leverage for us in
targeted markets. Our strategic resellers, which include EDS, IBM,
Lucent, Siemens and Softbank, provide broad awareness of our brand
through enhanced marketing activity, access to large sales forces,
competitive control points and access to larger strategic customer
opportunities.

- Consultants. The use of our products by security consultants not only
generates revenue from the license sold to the consultant, but also
provides us with leads to potential end users with a concern for network
security. Consultants who have generated substantial leads for our sales
organization include Andersen Consulting, Arthur Andersen, Deloitte
Touche Tohmatsu International, Ernst & Young, IBM, KPMG Peat Marwick,
PricewaterhouseCoopers and SAIC Global Integrity.

- OEMs. A number of vendors of security products, including Check Point,
Entrust, Lucent, NCR and Nortel, have signed OEM agreements with us.
These agreements enable OEMs to incorporate our products into their own
product offerings to enhance their security features and functionality.
We receive royalties from OEM vendors and increased acceptance of our
products under these arrangements, which, in turn, promote sales of our
other products to the OEM's customers.

We typically enter into written agreements with our strategic resellers,
consultants, managed service providers, Internet service providers and OEMs.
These agreements generally do not provide for firm dollar commitments from the
strategic parties, but are intended to establish the basis upon which the
parties will work together to achieve mutually beneficial objectives.

ADVISORY BOARD

We established an Advisory Board in February 1998 to further our sales and
recruiting efforts. The Advisory Board consists solely of:

John P. Imlay, Jr. Mr. Imlay is Chairman of Imlay Investments, and serves
on the board of directors of the Atlanta Falcons, Gartner Group, Metromedia
International Group, and several other organizations. He was Chairman of
Dun & Bradstreet Software Services from March 1990 until November 1996.
Prior to that, Mr. Imlay served as Chairman and Chief Executive Officer of
Management Science America, a company that was acquired by Dun & Bradstreet
Software Services.

Sam Nunn was a member of the Advisory Board until joining the Board of
Directors in October 1999. The Advisory Board members advise us on long-term
strategic growth, including strategies for selling to key industries,
recruitment of board members and other key personnel, and trends in national and
international policy influencing our products and services. We also anticipate
that Advisory Board members will provide high visibility for us at industry
events and will play key roles in leading customer user groups to support our
growth and industry prominence. Members of the Advisory Board meet individually
or as a group with our management from time to time and have historically been
compensated through issuances of common stock or options to acquire common
stock.

15
17

CUSTOMER SERVICE AND SUPPORT

We provide ongoing product support services under license agreements.
Maintenance contracts are typically sold to customers for a one-year term at the
time of the initial product license and may be renewed for additional periods.
Under our maintenance agreements with our customers, we provide, without
additional charge, telephone support, documentation and software updates and
error corrections. Customers that do not renew their maintenance agreements but
wish to obtain product updates and new version releases are generally required
to purchase such items from us at market prices. In general, major new product
releases come out annually, minor updates come out every four to six months and
new vulnerability and threat checks come out every two to four weeks. Customers
with current maintenance agreements may download product updates from our Web
site.

We believe that providing a high level of customer service and technical
support is necessary to achieve rapid product implementation, which, in turn, is
essential to customer satisfaction and continued license sales and revenue
growth. Accordingly, we are committed to continued recruiting and maintenance of
a high-quality technical support team. We provide telephone support to customers
who purchase maintenance agreements along with their product license. A team of
dedicated engineers trained to answer questions on the installation and usage of
the SAFEsuite products provides telephone support from 8:00 a.m. to 8:00 p.m.,
Eastern time, Monday through Friday, from our corporate office in Atlanta. We
provide telephone support 24 hours a day, seven days a week through a callback
procedure to certain customers who pay an additional fee for the service. In the
United States and internationally, our resellers provide telephone support to
their customers with technical assistance from us. For our managed services
security solutions, customer support is available in several offerings up to 24
hours a day, seven days a week for customers electing this coverage. Support is
offered via phone, email or secures web form and includes access to an online
knowledge base as well as direct contact with qualified support personnel.

COMPETITION

The market for information security, including monitoring, detection and
response solutions and managed security services is intensely competitive, and
we expect competition to increase in the future. We believe that the principal
competitive factors affecting the market for information security include
security effectiveness, manageability, technical features, performance, ease of
use, price, scope of product offerings, professional services capabilities,
distribution relationships and customer service and support. Although we believe
that our solutions generally compete favorably with respect to such factors, we
cannot guarantee that we will compete successfully against current and potential
competitors, especially those with greater financial resources or brand name
recognition. Our chief competitors generally fall within one of four categories:

- internal information technology departments of our customers and the
consulting firms that assist them in formulating security systems;

- relatively smaller software companies offering relatively limited
applications for network and Internet security and managed security
services;

- large companies, including Axent Technologies and Network Associates,
that sell competitive products and services, as well as other large
software companies that have the technical capability and resources to
develop competitive products; and

- software or hardware companies that could integrate features that are
similar to our products and services into their own products and
services.

Mergers or consolidations among our competitors, or acquisitions of small
competitors by larger companies, would make such combined entities more
formidable competitors to us. Large companies may have advantages over us
because of their longer operating histories, greater name recognition, larger
customer bases or greater financial, technical and marketing resources. As a
result, they may be able to adapt more quickly to new or emerging technologies
and changes in customer requirements. They can also devote greater resources to
the promotion and sale of their products than we can. In addition, these
companies have reduced, and could continue to reduce, the price of their
security monitoring, detection and response products, and/or

16
18

managed security services, which increases pricing pressures within our market.
We believe that the entry of larger, more established companies into our market
will require these competitors to undertake operations that are currently not
within their core areas of expertise, thus exposing them to significant
uncertainties in the product development process.

Several companies currently sell software products, such as encryption,
firewall, operating system security and virus detection software that our
customers and potential customers have broadly adopted. Some of these companies
sell products that perform the same functions, or similar functions to, our
products. In addition, vendors of operating system software or networking
hardware may enhance their products to include the same kinds of functions that
our products currently provide. The widespread inclusion in operating system
software or networking hardware of features comparable to our software could
render our products obsolete, particularly if such features are of a high
quality. Even if security functions integrated into operating system software or
networking hardware are more limited than those of our software, a significant
number of customers may accept more limited functionality to avoid purchasing
additional software.

For the above reasons, we may not be able to compete successfully against
our current and future competitors. Increased competition may result in price
reductions, reduced gross margins and loss of market share.

PROPRIETARY RIGHTS AND TRADEMARK ISSUES

We rely primarily on copyright and trademark laws, trade secrets,
confidentiality procedures and contractual provisions to protect our proprietary
rights. We have obtained one United States patent and have a patent application
under review. We also believe that the technological and creative skills of our
personnel, new product developments, frequent product enhancements, our name
recognition, our professional services capabilities and delivery of reliable
product maintenance are essential to establishing and maintaining a technology
leadership position. We cannot assure you that our competitors will not
independently develop technologies that are similar to ours. We generally
license our SAFEsuite products to end users in object code (machine-readable)
format. Certain customers have required us to maintain a source-code escrow
account with a third-party software escrow agent, and a failure by us to perform
our obligations under any of the related license and maintenance agreements, or
our insolvency, could conceivably cause the release of our product source code
to such customers. The standard form agreement allows the end user to use our
SAFEsuite products solely on the end user's computer equipment for the end
user's internal purposes, and the end user is generally prohibited from
sublicensing or transferring the products.

Despite our efforts to protect our proprietary rights, unauthorized parties
may attempt to copy aspects of our products or to obtain and use information
that we regard as proprietary. Policing unauthorized use of our products is
difficult. While we cannot determine the extent to which piracy of our software
products occurs, we expect software piracy to become a persistent problem. In
addition, the laws of some foreign countries do not protect our proprietary
rights to as great an extent as do the laws of the United States and many
foreign countries do not enforce these laws as diligently as U.S. government
agencies and private parties.

EMPLOYEES

As of December 31, 1999, we had 785 employees, of whom 253 were engaged in
product research and development, 228 were engaged in sales, 55 were engaged in
customer service and support, 152 were engaged in professional services, 35 were
engaged in marketing and business development and 62 were engaged in
administrative functions. We believe that we have good relations with our
employees.

ITEM 2. PROPERTIES

Our Atlanta headquarters and research and development facilities consist of
approximately 72,000 square feet of office space occupied pursuant to a lease
and a sublease expiring in June 2002, which provide for minimum annual lease
obligations of approximately $1,240,000. We also lease office space in Chicago,
Illinois, Mountain View, California, Southfield, Michigan, Denver, Colorado, New
York City, San Francisco,

17
19

California, Washington, D.C., Brussels, London, Paris, Reading, England,
Stuttgart and Tokyo, as well as small executive suites in several United States
cities.

In November 1999 we signed an eleven and one-half year lease for a new
Atlanta headquarters and research and development facility. This new facility
consists of approximately 240,000 square feet which we anticipate beginning
occupying in varying phases beginning in November 2000. Annual minimum payments
under the lease increase as occupied space increases, with total minimum
payments due under the lease of approximately $64 million over the lease term.

We believe that our existing facilities and our upcoming new headquarters
are adequate for our current needs and that additional space will be available
as needed.

ITEM 3. LEGAL PROCEEDINGS

On July 13, 1999 ISS and Network Associates, Inc. announced that the patent
infringement suit filed by Network Associates, Inc. in July 1998 against
Internet Security Systems, Inc. was resolved to the parties' mutual
satisfaction. The resolution of this previously pending litigation had no
material adverse effect on our business, operating results, or financial
condition.

Except as noted above, we are not a party to any material legal
proceedings.

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

No matter was submitted to a vote of our shareholders during the fourth
quarter of 1999.

18
20

PART II

ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS

The Common Stock has been quoted on the Nasdaq National Market under the
symbol "ISSX" since our initial public offering on March 24, 1998. Prior to the
initial public offering, there had been no public market for the Common Stock.
The following table lists the high and low per share sales prices for the Common
Stock as reported by the Nasdaq National Market for the periods indicated
(prices have been adjusted for the 2-for-1 stock split in May 1999):



1999: HIGH LOW
----- ------ ------

First Quarter............................................... $46.25 $22.19
Second Quarter.............................................. 45.00 20.13
Third Quarter............................................... 40.63 20.00
Fourth Quarter.............................................. 71.13 26.25




1998: HIGH LOW
----- ------ ------

First Quarter (from March 24, 1998)......................... $21.25 $18.50
Second Quarter.............................................. 28.31 15.81
Third Quarter............................................... 25.25 12.69
Fourth Quarter.............................................. 30.31 8.50


As of March 24, 2000, there were 41,766,717 shares of the Common Stock
outstanding held by 386 stockholders of record.

We have not declared or paid cash dividends on our capital stock during the
last two years. The Company currently intends to retain any earnings for use in
its business and does not anticipate paying any cash dividends in the
foreseeable future. The Company's Board of Directors, if any, will determine
future dividends.

During 1997 and 1998, the Company issued an aggregate of 289,500 shares of
its Common Stock to employees and a director pursuant to exercises of stock
options, with exercise prices ranging from $0.075 to $3.50 per share,
principally under the Company's Restated 1995 Stock Incentive Plan which were
deemed exempt from registration under Section 5 of the Securities Act of 1933 in
reliance upon Rule 701 there under. The recipients of securities in each such
transaction represented their intentions to acquire the securities for
investment only and not with a view to, or for sale in connection with, any
distribution thereof and appropriate legends were affixed to the share
certificates issued in each such transaction.

The Company issued 2,444,174 shares of its Common Stock as consideration
for all the issued and outstanding stock of Netrex, Inc. on August 30, 1999. The
Company also issued 141,479 shares of its Common Stock in September 1999 as
consideration for all the issued and outstanding stock of NJH Security
Consulting, acquired by the Company in September 1999. As part of the terms of
these acquisitions, the Company filed a shelf registration statement in October
1999 on Form S-3 covering 723,987 shares issued in connection with the
acquisitions of Netrex and NJH. In addition to the issuance of stock pursuant to
stock options in 1997 and 1998, the Company issued (i) 239,988 shares of its
Common Stock as partial consideration for all the issued and outstanding capital
stock of March Information Systems Limited on October 6, 1998, and (ii) 76,000
shares of its Common Stock in exchange for substantially all the assets of
DbSecure, Inc. on October 28, 1998.

19
21

ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA

The financial data set forth below for each of the three years in the
period ended December 31, 1999, and as of December 31, 1998 and 1999, has been
derived from the audited consolidated financial statements appearing elsewhere
in this Annual Report on Form 10-K. The financial data for the years ended
December 31, 1995 and December 31, 1996, and as of December 31, 1995, 1996, and
1997 has been derived from unaudited financial statements not included herein.
The data should be read in conjunction with the consolidated financial
statements, related notes, and other financial information included herein.



YEAR ENDED DECEMBER 31,
------------------------------------------------
1995 1996 1997 1998 1999
------- ------- ------- ------- --------
(AMOUNTS IN THOUSANDS, EXCEPT PER SHARE AMOUNTS)

CONSOLIDATED STATEMENT OF OPERATIONS DATA:
Revenues:
Product licenses and sales.............................. $ 1,028 $ 6,503 $16,074 $36,908 $ 74,050
Subscriptions........................................... 296 1,077 4,488 12,037 24,141
Professional services................................... 672 1,945 4,863 8,143 18,296
------- ------- ------- ------- --------
1,996 9,525 25,425 57,088 116,487
Costs and expenses:
Cost of revenues........................................ 980 2,948 7,275 19,951 37,700
Research and development................................ 97 1,225 3,855 9,655 20,412
Sales and marketing..................................... 507 4,549 14,096 25,998 43,124
General and administrative.............................. 382 1,704 3,668 6,557 9,230
Amortization............................................ -- -- -- 230 992
Charges for in-process research and development......... -- -- -- 802 --
Merger costs............................................ -- -- -- -- 2,329
------- ------- ------- ------- --------
1,966 10,426 28,894 63,193 113,787
------- ------- ------- ------- --------
Operating income (loss)................................... 30 (901) (3,469) (6,105) 2,700
Interest income, net...................................... (12) 28 163 2,274 5,902
Exchange loss............................................. -- -- -- -- (136)
------- ------- ------- ------- --------
Income (loss) before income taxes......................... 18 (873) (3,306) (3,831) 8,466
Provision for income taxes................................ -- -- -- 62 976
------- ------- ------- ------- --------
Net income (loss)......................................... $ 18 $ (873) $(3,306) $(3,893) $ 7,490
======= ======= ======= ======= ========
Basic net income (loss) per share(1)...................... $ -- $ (0.05) $ (0.18) $ (0.12) $ 0.19
======= ======= ======= ======= ========
Diluted net income (loss) per share(1).................... $ -- $ (0.05) $ (0.18) $ (0.12) $ 0.17
======= ======= ======= ======= ========
Weighted average shares:(2)
Basic................................................... 12,446 18,276 18,399 32,351 39,996
======= ======= ======= ======= ========
Diluted................................................. 12,446 18,276 18,399 32,351 43,691
======= ======= ======= ======= ========
Unaudited pro forma net loss per share(1)................. $ (0.11) $ (0.11)
======= =======
Unaudited weighted average shares used in unaudited pro
forma net loss per share calculation(1)................. 29,873 34,963
======= =======




DECEMBER 31,
------------------------------------------------
1995 1996 1997 1998 1999
------- ------- ------- ------- --------
(IN THOUSANDS)

CONSOLIDATED BALANCE SHEET DATA:
Cash and cash equivalents................................. $ 27 $ 2,051 $ 4,174 $53,056 $ 70,090
Working capital........................................... 168 2,403 1,523 53,157 127,135
Total assets.............................................. 673 5,931 13,816 84,724 184,845
Long-term debt, net of current portion.................... -- 140 521 710 253
Redeemable, Convertible Preferred Stock................... -- 3,614 8,878 -- --
Stockholders' equity (deficit)............................ 275 (620) 4,468 66,505 155,153


- ---------------

(1) Computed on the basis described in Note 1 of Notes to Consolidated Financial
Statements.
(2) See Note 10 of Notes to Consolidated Financial Statements for the
determination of shares used in computing basic and diluted net income
(loss) per share.

20
22

ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS
OF OPERATIONS

The following discussion should be read in conjunction with the
Consolidated Financial Statements and related Notes thereto included elsewhere
in this document. Except for the historical financial information, the matters
discussed in this document may be considered "forward-looking" statements. Such
statements include declarations regarding our intent, belief or current
expectations. Such forward-looking statements are not guarantees of future
performance and involve a number of risks and uncertainties. Actual results may
differ materially from those indicated by such forward-looking statements as a
result of certain factors, including, but not limited to, those set forth under
the "Risk Factors" heading below.

OVERVIEW

We are a leading source for e-business security management solutions. Our
Security Management approach to information security protects distributed
computing environments, such as internal corporate networks, inter-company
networks and electronic commerce environments, from attacks, misuse and security
policy violations, while ensuring the confidentiality, privacy, integrity and
availability of proprietary information. We deliver an end-to-end security
management solution through our SAFEsuite security management platform coupled
with around-the-clock remote security monitoring through our managed security
services offerings. Our SAFEsuite family of products is a critical element of an
active Internet and networking security program within today's world of global
connectivity, enabling organizations to proactively monitor, detect and respond
to risks to enterprise information. Our managed security services offerings
currently provide remote management of the industry's best-of-breed security
technology including firewalls, virtual private networks, or VPNs, anti-virus,
URL filtering software, and security assessment and intrusion detection systems.
We focus on serving as the trusted security provider to our customers by
maintaining within our existing products the latest counter-measures to security
risks, creating new innovative products based on our customers' needs and
providing education, consulting and managed security services.

We generate a majority of our revenues from our SAFEsuite family of
products in the form of perpetual licenses and subscriptions, and sales of
best-of-breed technology products developed by our partners. We recognize
perpetual license revenues from ISS developed products upon delivery of software
or, if the customer has evaluation software, delivery of the software key and
issuance of the related license, assuming that no significant vendor obligations
or customer acceptance rights exist. When payment terms are extended over
periods greater than 12 months, revenue is recognized as such amounts are
billable. Product sales, consisting of software developed by third-party
partners combined in some instances with associated hardware appliances and
partner maintenance services, are recognized upon shipment to the customer. If
maintenance is subcontracted, as with partner maintenance services, the revenue
less the related subcontract expense is recognized when the contract is placed
in service.

Annual renewable maintenance is a separate component of each perpetual
license agreement for ISS products with revenue recognized ratably over the
maintenance term. Subscription revenues include maintenance, term licenses, and
managed service arrangements. Term licenses allow customers to use our products
and receive maintenance coverage for a specified period, generally 12 months. We
recognize revenues from these term agreements ratably over the subscription
term. Managed services consist of monitoring services of information assets and
systems and are recognized as such services are provided. Professional services
revenues include consulting services and training. Consulting services,
typically billed on a time-and-materials basis, assist in the successful
deployment of our products within customer networks, the development of
customers' security policies and the assessment of security policy decisions. We
recognize such professional services revenues as the related services are
rendered.

We believe that our total solutions approach will grow all of our revenue
categories. This includes our products and managed services offerings, as well
as maintenance, consulting and education. While we expect the expansion of these
product and service offerings to originate primarily from internal development,
our strategy includes acquiring products, technologies and service capabilities
that fit within our strategy and that potentially accelerate the timing of the
commercial introduction of such products and technologies. Over the

21
23

last 12 months, we have made four different acquisitions, each of which included
such products, technologies or service capabilities.

Two of these acquisitions, Netrex, Inc. and NJH Security Consulting
("NJH"), were completed in the third quarter of 1999. Founded in 1992 with a
current services customer base of more than 500 customers, Netrex is a leading
provider of remote, security monitoring services of digital assets. NJH Security
Consulting includes a technology foundation to provide an outsourced solution
for the automatic detection and management of customers' security risks using
ISS software solutions. This technology is being incorporated into our managed
security service offerings. These transactions have been accounted for using the
pooling-of-interests method of accounting. Our consolidated financial statements
have been restated for all periods presented to include the results of Netrex.
The acquisition of NJH was not material to our consolidated operations and
financial position and, therefore, our operating results have not been restated
for this transaction. Our operating results include the results of operations of
NJH since the date of acquisition.

Our business has been growing rapidly. Although we continue to experience
significant revenue growth, we cannot assure our stockholders that such growth
can be sustained and, therefore, investors should not rely on our past growth as
a predictor of future performance. We expect to continue to expand our domestic
and international sales and marketing operations, increase our investment in
product development, including our proprietary threat and vulnerability database
and managed services capabilities, seek acquisition candidates that will enhance
our products and market share, and improve our internal operating and financial
infrastructure in support of our strategic goals and objectives. All of these
initiatives will increase operating expenses. Thus, our prospects must be
considered in light of the risks and difficulties frequently encountered by
companies in new and rapidly evolving markets. As a result, while we narrowed
our operating losses over the course of 1998 and achieved profitability
throughout 1999, we cannot be certain that we can sustain such profitability.

RESULTS OF OPERATIONS

The following table sets forth our consolidated historical operating
information, as a percentage of total revenues, for the periods indicated:



YEAR ENDED DECEMBER 31,
-----------------------
1997 1998 1999
----- ----- -----

Product licenses and sales................................ 63.2% 64.6% 63.6%
Subscriptions............................................. 17.7 21.1 20.7
Professional services..................................... 19.1 14.3 15.7
----- ----- -----
Total revenues.................................. 100.0 100.0 100.0
----- ----- -----
Cost of revenues.......................................... 28.6 34.9 32.4
Research and development.................................. 15.2 16.9 17.5
Sales and marketing....................................... 55.4 45.6 37.0
General and administrative................................ 14.4 11.5 7.9
Amortization.............................................. -- 0.4 0.9
Charge for in-process research and development............ -- 1.4 --
Merger costs.............................................. -- -- 2.0
----- ----- -----
Total costs and expenses........................ 113.6 110.7 97.7
----- ----- -----
Operating income (loss)................................... (13.6)% (10.7)% 2.3%
===== ===== =====


REVENUES

Our total revenues increased from $25.4 million in 1997 to $57.1 million in
1998, and to $116.5 million in 1999. Revenues from product licenses and sales
increased from $16.1 million in 1997 to $36.9 million in 1998, and to $74.1
million in 1999. Historically we have generated most of our revenues from
product licenses and sales, which represented 63% of total revenues in 1997, 65%
in 1998 and 64% in 1999.

22
24

Licenses of our SAFEsuite product family represented between 66% and 70% of
product licenses and sales from 1997 through 1999. Our vulnerability assessment
products continued to grow each year in absolute dollars but decreased as a
percent of total revenues, offset by the rapid growth of our RealSecure
intrusion detection products and initial sales of our security management
application, SAFEsuite Decisions, which was introduced in late 1998. Our
revenues from sales of partner software and hardware appliances increased each
year in absolute dollars, while representing between 30% and 34% of overall
product licenses sales and in each period.

We continued to add significant functionality to our SAFEsuite product
family, providing customers with more powerful and easier to use solutions for
security management across the enterprise. The sales of partner software and
hardware appliances are a part of our total solution approach whereby we
provision partner products to provide a single solution source for our
customers.

Subscription revenues grew from $4.5 million in 1997 to $12.0 million in
1998, and to $24.1 million in 1999, increasing from 18% to 21% of total revenues
over this period. Subscription revenues consist of maintenance, term licenses of
product usage and managed services.

Professional services revenue increased from $4.9 million in 1997 to $8.1
million in 1998, and to $18.3 million in 1999, representing 19% in 1997, 14% in
1998 and 16% in 1999 of total revenues. We continue to build our service
capabilities to address the demand from our customers for assessment,
deployment, management and education services.

Geographically, we derived the majority of our revenues from sales to
customers within North America; however, international operations continued to
be a significant contributor to revenues and a growing percentage of the
business. Revenues from customers outside of North America represented 11% in
1997, 12% in 1998 and 17% in 1999 of total revenues. No customer represented
more than 10% of our total revenues in any of these periods.

COSTS AND EXPENSES

Cost of revenues

Cost of revenues consists of several components. Substantially all of the
cost of product licenses and sales represents payments to partners for their
products that we provision to our customers. Costs associated with licensing ISS
products are minor. Costs of product revenues as a percentage of total revenues
decreased from 18% in 1997 to 16% in 1998 and remained at the 16% level in 1999.
The decrease in 1998 was principally the result of improvement in gross margin
on partner product sales.

Cost of subscription and services includes the cost of our technical
support personnel who provide assistance to customers under maintenance
agreements, the operations center costs of providing managed services and the
costs related to professional services and training. These costs represented 10%
in 1997, 19% in 1998 and 16% in 1999 of total revenues, with the percentage
fluctuation due primarily to initiatives in the professional services area.
Prior to 1998, professional services represent training and implementation
services provided by Netrex. In 1998, we addressed the demand from customers for
consulting services by building an ISS professional services capability. With
that building effort behind us, the cost, as a percentage of revenues, declined
in 1999 as staff utilization improved.

Research and development

Research and development expenses consist of salary and related costs of
research and development personnel, including costs for employee benefits, and
depreciation on computer equipment. These costs include those associated with
maintaining and expanding the "X-Force," experts dedicated to counter-
intelligence against hacker threats. X-Force experts focus solely on researching
and publishing information on the latest security risks, providing customers and
the industry at large with critical data and protection measures to address the
latest global security issues. We continue to increase these expenditures, as we
perceive primary research and product development and managed services offerings
as essential ingredients for retaining our leadership position in the market. We
also increased the number of our development personnel

23
25

focused on our best-of-breed products, enterprise applications, managed services
offerings and research for future product offerings. Accordingly, research and
development expenses increased in absolute dollars from $3.9 million in 1997 to
$9.7 million in 1998, and to $20.4 million in 1999. These costs increased
slightly as a percentage of total revenues, and we expect this percentage to
stabilize in 2000 near the 1999 level.

We have reflected a charge of $802,000 in our 1998 statement of operations
for identified in-process research and development in connection with our
October 1998 acquisitions of two companies engaged in Microsoft Windows NT, Unix
and database security assessment technologies. The charge was based on a
valuation of products under development using estimated future cash flows,
reduced for the core technology component of such products and the percentage of
product development remaining at the time of acquisition.

Sales and marketing

Sales and marketing expenses consist primarily of salaries, travel
expenses, commissions, advertising, maintenance of the our Website, trade show
expenses, costs of recruiting sales and marketing personnel and costs of
marketing materials. Sales and marketing expenses were $14.1 million in 1997,
$26.0 million in 1998 and $43.1 million in 1999. Sales and marketing expenses
increased in total dollars during these periods primarily from our larger
workforce, which has increased each quarter since 1997, both domestically and
internationally. Sales and marketing expenses have decreased as a percentage of
total revenues from 55% in 1997 to 46% in 1998, and to 37% in 1999. The decrease
in sales and marketing expenses as a percentage of total revenues is due to
greater levels of productivity achieved by our sales force. This is due to more
experience in selling our broadening enterprise offering of products and
services and the interest of the marketplace in such offerings. In 2000, our
efforts will include the successful integration of the Netrex sales personnel
and continuing improvement of the quality of our sales force.

General and administrative

General and administrative expenses of $3.7 million in 1997, $6.6 million
in 1998 and $9.2 million in 1999, represented approximately 14% in 1997, 12% in
1998 and 8% in 1999 of our total revenues. General and administrative expenses
consist of personnel-related costs for executive, administrative, finance, human
resources, information systems and other support services costs and legal,
accounting and other professional service fees. The increase in these expenses
in absolute dollars is attributable to our effort, through additional employees
and systems, to enhance our management's ability to obtain and analyze
information about our domestic and international operations, as well as the
expansion of our facilities.

Merger costs of $2.3 million represented the direct out-of-pocket costs
incurred in connection with two acquisitions that were completed in the third
quarter of 1999. These costs are principally investment advisor, legal and
accounting fees. We also incurred amortization expense of $230,000 in 1998 and
$992,000 in 1999 related to goodwill and intangible assets resulting from 1998
acquisitions.

Interest income, net and exchange loss

Net interest income increased from $163,000 in 1997 to $2.3 million in
1998, and to $5.9 million in 1999 primarily due to increased amounts of cash
invested in interest-bearing securities. This increase in cash primarily
resulted from the sale of equity securities. The exchange loss of $136,000 in
1999 is a result of fluctuations in currency exchange rates between the U.S.
Dollar and other currencies, primarily the Japanese Yen.

Income taxes

We recorded a provision for income taxes of $62,000 in 1998 and $976,000 in
1999. These provisions relate primarily to European operations. Prior to the
merger, Netrex profits were taxed at the shareholder level.

In 1999, we utilized loss carryforwards to offset tax expense that would
otherwise be recorded on profits from certain operations for 1999. As of
December 31, 1999 substantially all loss carryforwards that would reduce future
income tax expense related to United States operations have been utilized;
however, we have

24
26

approximately $32 million of carryforwards related to the exercise of stock
options which expire in 2014 and 2015. While income tax expense will be recorded
on any future income before taxes related to United States operations, these
carryforwards will reduce the related income tax payable and their use will be
recorded as additional paid-in-capital. We also have approximately $1.2 million
of net operating loss carryforwards related to certain foreign operations and
approximately $1.3 million of research and development tax credit carryforwards
which expire between 2011 and 2019.

QUARTERLY RESULTS OF OPERATIONS

The following table sets forth certain unaudited consolidated quarterly
statement of operations data for the eight quarters ended December 31, 1999, as
well as such data expressed as a percentage of our total revenues for the
periods indicated. This data has been derived from unaudited consolidated
financial statements that, in our opinion, include all adjustments (consisting
only of normal recurring adjustments) necessary for a fair presentation of such
information when read in conjunction with our consolidated financial statements
and related notes appearing elsewhere in this document. As a result of our
limited operating history and the risks associated with the new and rapidly
evolving market that we serve, the operating results for any quarter below are
not necessarily indicative of results for any future period.



1998 1999
---------------------------------------- ----------------------------------------
MAR. JUNE SEPT DEC. MAR. JUNE SEPT DEC.
31 30 30 31 31 30 30 31
------- ------- ------- ------- ------- ------- ------- -------
(AMOUNTS IN THOUSANDS)

CONSOLIDATED STATEMENT OF
OPERATIONS DATA:
Revenues:
Product and license sales...... $ 6,946 $ 7,865 $8,335 $13,762 $14,458 $17,606 $19,200 $22,786
Subscriptions.................. 2,161 2,597 3,312 3,967 4,883 5,497 6,202 7,559
Professional services.......... 1,370 1,362 2,165 3,246 3,634 4,176 4,599 5,887
------- ------- ------ ------- ------- ------- ------- -------
10,477 11,824 13,812 20,975 22,975 27,279 30,001 36,232
Costs and expenses:
Cost of revenues............... 3,604 4,248 4,487 7,612 6,518 9,206 9,856 12,120
Research and development....... 1,724 1,907 2,616 3,408 4,062 4,785 5,315 6,250
Sales and marketing............ 5,305 6,224 6,511 7,958 9,437 10,161 10,991 12,535
General and administrative..... 1,443 1,592 1,456 2,066 2,311 2,140 2,105 2,674
Amortization................... -- -- -- 230 251 248 247 246
Charge for in-process research
and development.............. -- -- -- 802 -- -- -- --
Merger costs................... -- -- -- -- -- -- 2,329 --
------- ------- ------ ------- ------- ------- ------- -------
Total costs and
expenses............... 12,076 13,971 15,070 22,076 22,579 26,540 30,843 33,825
------- ------- ------ ------- ------- ------- ------- -------
Operating income (loss).......... (1,599) (2,147) (1,258) (1,101) 396 739 (842) 2,407
Interest income, net............. 60 828 730 656 861 1,513 1,640 1,888
Exchange loss.................... -- -- -- -- -- -- -- (136)
------- ------- ------ ------- ------- ------- ------- -------
Income (loss) before taxes....... (1,539) (1,319) (528) (445) 1,257 2,252 798 4,159
Provision for income taxes....... -- -- -- 62 81 125 105 665
------- ------- ------ ------- ------- ------- ------- -------
Net income (loss)................ $(1,539) $(1,319) $ (528) $ (507) $ 1,176 $ 2,127 $ 693 $ 3,494
======= ======= ====== ======= ======= ======= ======= =======
AS A PERCENTAGE OF TOTAL
REVENUES:
Revenues:
Product and license sales...... 66.3% 66.5% 60.3% 65.6% 62.9% 64.5% 64.0% 62.9%
Subscriptions.................. 20.6 22.0 24.0 18.9 21.3 20.2 20.7 20.9
Professional services.......... 13.1 11.5 15.7 15.5 15.8 15.3 15.3 16.2
------- ------- ------ ------- ------- ------- ------- -------
100.0 100.0 100.0 100.0 100.0 100.0 100.0 100.0
Costs and expenses:
Cost of revenues............... 34.4 35.9 32.5 36.3 28.4 33.8 32.9 33.5
Research and development....... 16.5 16.1 19.0 16.3 17.7 17.6 17.7 17.2
Sales and marketing............ 50.6 52.6 47.1 37.9 41.1 37.2 36.6 34.6
General and administrative..... 13.8 13.5 10.5 9.8 10.0 7.8 7.0 7.4
Amortization................... -- -- -- 1.1 1.1 0.9 0.8 0.7
Charge for in-process research
and development.............. -- -- -- 3.8 -- -- -- --
Merger costs................... -- -- -- -- -- -- 7.8 --
------- ------- ------ ------- ------- ------- ------- -------
Total costs and
expenses............... 115.3 118.1 109.1 105.2 98.3 97.3 102.8 93.4
Operating income (loss).......... (15.3)% (18.1)% (9.1)% (5.2)% 1.7 2.7 (2.8)% 6.6
======= ======= ====== ======= ======= ======= ======= =======


25
27

LIQUIDITY AND CAPITAL RESOURCES

We have historically financed our operations primarily through the sale of
equity securities, including an initial public offering in 1998.

In 1999 we met our working capital needs and capital equipment needs with
cash provided by operations. Cash provided by operations in 1999 totaled $11.8
million, resulting primarily from net income of $7.5 million and non-cash
depreciation and amortization expense of $5.0 million.

Our investing activities of $74.4 million in 1999 included the purchase of
$68.0 million of marketable securities, primarily interest-bearing government
obligations and commercial paper. We also invested in equipment totaling $6.4
million as we provided existing and new personnel with the computer hardware and
software environment necessary to perform their job functions. We expect a
similar level of equipment investment in 2000, assuming continued growth in our
number of employees.

Our financing activities provided $79.7 million of cash in 1999, which
consisted of net proceeds of $77.4 million from our March 1999 secondary stock
offering, and $3.9 million from the exercise of stock options by our employees.

At December 31, 1999, we had $126.8 million of cash and cash equivalents
and marketable securities, consisting primarily of United States government
agency securities, money market accounts and commercial paper carrying the
highest investment grade rating. We believe that such cash and cash equivalents
and marketable securities will be sufficient to meet our working capital needs
and capital expenditures for the foreseeable future. We expect to evaluate
possible acquisition and investment opportunities in businesses, products or
technologies that are complementary to ours. Although we have not identified any
specific businesses, products or technologies that we intend to acquire or
invest in, nor are there any current agreements with respect to any such
transactions, from time to time we expect to evaluate such opportunities. In the
event we determine to pursue such opportunities, we may use our available cash
and cash equivalents. Pending such uses, we will continue to invest our
available cash in investment grade, interest-bearing investments.

Additionally, we have restricted marketable securities of $12.5 million
securing a $10 million letter of credit issued in connection with our commitment
to a long-term lease of our future Atlanta corporate operations.

RISK FACTORS

Forward-looking statements are inherently uncertain; as they are based on
various expectations and assumptions concerning future events and are subject to
known and unknown risks and uncertainties. Our forward-looking statements should
be considered in light of the following important risk factors. Variations from
our stated intentions or failure to achieve objectives could cause actual
results to differ from those projected in our forward-looking statements. We
undertake no obligation to update publicly any forward-looking statements for
any reason, even if new information becomes available or other events occur in
the future.

We Have Only Recently Achieved Profitability

We began operations in 1994 and have only achieved profitability in 1999.
We operate in a new and rapidly evolving market and must, among other things:

- respond to competitive developments;

- continue to upgrade and expand our product and services offerings; and

- continue to attract, retain and motivate our employees.

We cannot be certain that we will successfully address these risks. As a
result, we cannot assure our investors that we will be able to continue to
operate profitably in the future.

26
28

Our Future Operating Results Will Likely Fluctuate Significantly

As a result of our limited operating history, we cannot predict our future
revenues and operating results. However, we do expect our future revenues and
operating results to fluctuate due to a combination of factors, including:

- the growth in the acceptance of, and activity on, the Internet and the
World Wide Web, particularly by corporate, institutional and government
users;

- the extent to which the public perceives that unauthorized access to and
use of online information are threats to network security;

- the volume and timing of orders, including seasonal trends in customer
purchasing;

- our ability to develop new and enhanced products, managed services
offerings and expand our professional services;

- foreign currency exchange rates that affect our international operations;

- product and price competition in our markets; and

- general economic conditions, both domestically and in our foreign
markets.

We increasingly focus our efforts on sales of enterprise-wide security
solutions, which consist of our entire security management software platform and
related professional services, rather than on the sale of component products. As
a result, we expect that each sale may require additional time and effort from
our sales staff. In addition, the revenues associated with particular sales vary
significantly depending on the number of products licensed by a customer, the
number of devices used by the customer and the customer's relative need for our
professional services. Large individual sales, or even small delays in customer
orders, can cause significant variation in our license revenues and results of
operations for a particular period. The timing of large orders is usually
difficult to predict and, like many software companies, many of our customers
typically license most of our products in the last month of a quarter.

We cannot predict our operating expenses based on our past results.
Instead, we establish our spending levels based in large part on our expected
future revenues. As a result, if our actual revenues in any future period fall
below our expectations, our operating results likely will be adversely affected
because very few of our expenses vary with our revenues. Because of the factors
listed above, we believe that our quarterly and annual revenues, expenses and
operating results likely will vary significantly in the future.

We Face Intense Competition in Our Market

The market for network security monitoring, detection and response
solutions is intensely competitive, and we expect competition to increase in the
future. We cannot guarantee that we will compete successfully against our
current or potential competitors, especially those with significantly greater
financial resources or brand name recognition. Our chief competitors generally
fall within one of four categories:

- internal information technology departments of our customers and the
consulting firms that assist them in formulating security systems;

- relatively smaller software companies offering relatively limited
applications for network and Internet security;

- large companies, including Axent Technologies and Network Associates,
that sell competitive products and offerings, as well as other large
software companies that have the technical capability and resources to
develop competitive products; and

- software or hardware companies that could integrate features that are
similar to our products into their own products.

Mergers or consolidations among these competitors, or acquisitions of small
competitors by larger companies, would make such combined entities more
formidable competitors to us. Large companies may

27
29

have advantages over us because of their longer operating histories, greater
name recognition, larger customer bases or greater financial, technical and
marketing resources. As a result, they may be able to adapt more quickly to new
or emerging technologies and changes in customer requirements. They can also
devote greater resources to the promotion and sale of their products than we
can. In addition, these companies have reduced and could continue to reduce, the
price of their security monitoring, detection and response products and managed
security services, which increases pricing pressures within our market.

Several companies currently sell software products (such as encryption,
firewall, operating system security and virus detection software) that our
customers and potential customers have broadly adopted. Some of these companies
sell products that perform the same functions as some of our products. In
addition, the vendors of operating system software or networking hardware may
enhance their products to include the same kinds of functions that our products
currently provide. The widespread inclusion of comparable features to our
software in operating system software or networking hardware could render our
products obsolete, particularly if such features are of a high quality. Even if
security functions integrated into operating system software or networking
hardware are more limited than those of our software, a significant number of
customers may accept more limited functionality to avoid purchasing additional
software.

For the above reasons, we may not be able to compete successfully against
our current and future competitors. Increased competition may result in price
reductions, reduced gross margins and loss of market share.

We Face Rapid Technological Change in Our Industry and Frequent
Introductions of New Products

Rapid changes in technology pose significant risks to us. We do not control
nor can we influence the forces behind these changes, which include:

- the extent to which businesses and others seek to establish more secure
networks;

- the extent to which hackers and others seek to compromise secure systems;

- evolving computer hardware and software standards;

- changing customer requirements; and

- frequent introductions of new products and product enhancements.

To remain successful, we must continue to change, adapt and improve our
solutions in response to these and other changes in technology. Our future
success hinges on our ability to both continue to enhance our current line of
products and professional services and to introduce new products and services
that address and respond to innovations in computer hacking, computer technology
and customer requirements. We cannot be sure that we will successfully develop
and market new products that do this. Any failure by us to timely develop and
introduce new products, to enhance our current products or to expand our
professional services capabilities in response to these changes could adversely
affect our business, operating results and financial condition.

Our products involve very complex technology, and as a consequence, major
new products and product enhancements require a long time to develop and test
before going to market. Because this amount of time is difficult to estimate, we
have had to delay the scheduled introduction of new and enhanced products in the
past and may have to delay the introduction of new products and product
enhancements in the future.

The techniques computer hackers use to gain unauthorized access to, or to
sabotage, networks and intranets are constantly evolving and increasingly
sophisticated. Furthermore, because new hacking techniques are usually not
recognized until used against one or more targets, we are unable to anticipate
most new hacking techniques. To the extent that new hacking techniques harm our
customers' computer systems or businesses, affected customers may believe that
our products are ineffective, which may cause them or prospective customers to
reduce or avoid purchases of our products.

28
30

Risks Associated with Our Global Operations

The expansion of our international operations includes our presence in
dispersed locations throughout the world, including throughout Europe and the
Asia/Pacific and Latin America regions. Our international presence and expansion
exposes us to risks not present in our U.S. operations, such as:

- the difficulty in managing an organization spread over various countries
located across the world;

- unexpected changes in regulatory requirements in countries where we do
business;

- excess taxation due to overlapping tax structures;

- fluctuations in foreign currency exchange rates; and

- export license requirements and restrictions on the export of certain
technology, especially encryption technology and trade restrictions.

Despite these risks, we believe that we must continue to expand our
operations in international markets to support our growth. To this end, we
intend to establish additional foreign sales operations, expand our existing
offices, hire additional personnel, expand our international sales channels and
customize our products for local markets. If we fail to execute this strategy,
our international sales growth will be limited.

We Must Successfully Integrate Acquisitions

We acquired Netrex, Inc. and NJH Security Consulting in 1999. As part of
our growth strategy, we may continue to acquire or make investments in companies
with products, technologies or professional services capabilities complementary
to our solutions. In our recent acquisitions as well as in future acquisitions,
we could encounter difficulties in assimilating new personnel and operations
into our company. These difficulties may disrupt our ongoing business, distract
our management and employees, increase our expenses and adversely affect our
results of operations. These difficulties could also include accounting
requirements, such as amortization of goodwill or in-process research and
development expense. We cannot be certain that we will successfully overcome
these risks with respect to any of our recent or future acquisitions or that we
will not encounter other problems in connection with our recent or any future
acquisitions. In addition, any future acquisitions may require us to incur debt
or issue equity securities. The issuance of equity securities could dilute the
investment of our existing stockholders.

We Depend on Our Intellectual Property Rights and Use Licensed Technology

We rely primarily on copyright and trademark laws, trade secrets,
confidentiality procedures and contractual provisions to protect our proprietary
rights. We have obtained one United States patent and have a patent application
under review. We also believe that the technological and creative skills of our
personnel, new product developments, frequent product enhancements, our name
recognition, our professional services capabilities and delivery of reliable
product maintenance are essential to establishing and maintaining our technology
leadership position. We cannot assure you that our competitors will not
independently develop technologies that are similar to ours.

Despite our efforts to protect our proprietary rights, unauthorized parties
may attempt to copy aspects of our products or to obtain and use information
that we regard as proprietary. Policing unauthorized use of our products is
difficult. While we cannot determine the extent to which piracy of our software
products occurs, we expect software piracy to be a persistent problem. In
addition, the laws of some foreign countries do not protect our proprietary
rights to as great an extent as do the laws of the United States and many
foreign countries do not enforce these laws as diligently as U.S. government
agencies and private parties.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

We have not entered into any transactions using derivative financial
instruments or derivative commodity instruments and believe that our exposure to
market risk associated with other financial instruments (such as investments)
are not material.

29
31

ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

See the index to Consolidated Financial Statements at Item 14

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND
FINANCIAL DISCLOSURE

None.

30
32

PART III

Certain information required by Part III is omitted from this Form 10-K
because the Company will file a definitive Proxy Statement pursuant to
Regulation 14A not later than 120 days after the end of the fiscal year covered
by this Form 10-K, and certain information to be included therein is
incorporated herein by reference.

ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT

The information required by this Item is incorporated by reference to the
Proxy Statement under the sections captioned "Proposal 1 -- Election of
Directors," "Executive Compensation -- Directors and Executive Officers" and
"Compliance with Section 16(a) of the Securities Exchange Act of 1934."

ITEM 11. EXECUTIVE COMPENSATION

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation."

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Principal Stockholders."

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation -- Certain
Transactions with Management."

31
33

PART IV

ITEM 14. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K

(a) The following documents are filed as part of this Form 10-K:

1. Consolidated Financial Statements. The following consolidated
financial statements of ISS Group, Inc. are filed as part of this Form 10-K
on the pages indicated:



PAGE
----

ISS GROUP, INC.
Report of Independent Auditors.............................. 34
Consolidated Balance Sheets as of December 31, 1998 and
1999...................................................... 35
Consolidated Statements of Operations for the Years Ended
December 31, 1997, 1998 and 1999.......................... 36
Consolidated Statements of Stockholders' Equity (Deficit)
for the Years Ended December 31, 1997, 1998 and 1999...... 37
Consolidated Statements of Cash Flows for the Years Ended
December 31, 1997, 1998 and 1999.......................... 38
Notes to Consolidated Financial Statements.................. 39
2. Consolidated Financial Statement Schedules:
Schedule II -- Valuation and Qualifying Accounts............ 52


Schedules other than the one listed above are omitted as the required
information is inapplicable or the information is presented in the
consolidated financial statements or related notes.

3. Exhibits. The exhibits to this Annual Report on Form 10-K have
been included only with the copy of this Annual Report on Form 10-K filed
with the Securities and Exchange Commission. Copies of individual exhibits
will be furnished to stockholders upon written request to the Company and
payment of a reasonable fee.



EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------

2.1* -- Stock Purchase Agreement dated October 6, 1998, by and among
the Company, March Information Systems and its shareholders
(filed as Exhibit 2.1 to the Company's Current Report on
Form 8-K dated October 20, 1998).
3.1* -- Certificate of Incorporation (filed as Exhibit 3.1 to the
Company's Registration Statement on Form S-1, Registration
No. 333-44529 (the "Form S-1").
3.2* -- Bylaws (filed as Exhibit 3.2 to the Form S-1).
4.1* -- Specimen Common Stock certificate (filed as Exhibit 4.1 to
the Form S-1).
4.2 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate
of Incorporation and Bylaws of the Company defining the
rights of holders of the Company's Common Stock.
10.1* -- Restated 1995 Stock Incentive Plan (filed as Exhibit 10.1 to
the Form S-1).
10.2* -- Internet Security Systems, Inc. Amended and Restated Rights
Agreement (filed as Exhibit 10.3 to the Form S-1).
10.3* -- Stock Exchange Agreement dated December 9, 1997 (filed as
Exhibit 10.4 to the Form S-1).
10.4* -- Amended and Restated Agreement Regarding Acceleration of
Vesting of Future Optionees (filed as Exhibit 10.5 to the
Form S-1).
10.5* -- Forms of Non-Employee Director Compensation Agreement,
Notice of Stock Options Grants and Stock Option Agreement
(filed as Exhibit 10.6 to the Form S-1).
10.6* -- Sublease for Atlanta facilities (filed as Exhibit 10.7 to
the Form S-1).


32
34



EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------

10.7* -- Form of Indemnification Agreement for directors and certain
officers (filed as Exhibit 10.8 to the Form S-1).
10.8* -- Series B Preferred Stock Purchase Agreement (filed as
Exhibit 10.9 to the Form S-1).
10.9* -- Sublease for additional Atlanta facilities (filed as Exhibit
10.9 to the Company's Registration Statement on Form S-1,
Registration No. 333-71471).
10.10 -- Lease for Atlanta headquarters and research and development
facility
10.11 -- Restated 1995 Stock Incentive Plan (Amended and Restated
through January 18, 1999).
21.1 -- Subsidiaries of the Company.
23.1 -- Consent of Ernst & Young LLP.
23.2 -- Consent of PricewaterhouseCoopers LLP
23.3 -- Report of PricewaterhouseCoopers LLP
24.1 -- Power of Attorney, pursuant to which amendments to this
Annual Report on Form 10-K may be filed, is included on the
signature page contained in Part IV of the Form 10-K.
27.1 -- Restated Financial Data Schedule (for SEC use only)


- ---------------

* Incorporated herein by reference to the indicated filing.

(b) Reports on Form 8-K

No Reports on Form 8-K were filed in the last quarter of the period covered
by this report.

33
35

REPORT OF INDEPENDENT AUDITORS

Board of Directors
ISS Group, Inc.

We have audited the accompanying consolidated balance sheets of ISS Group,
Inc. as of December 31, 1999 and 1998, and the related consolidated statements
of operations, stockholders' equity (deficit), and cash flows for each of the
three years in the period ended December 31, 1999. Our audit also included the
financial statement schedule listed in the Index at Item 14(a). These financial
statements and schedule are the responsibility of the Company's management. Our
responsibility is to express an opinion on these financial statements and
schedule based on our audits. We did not audit the 1998 financial statements or
schedule of Netrex, Inc., a wholly owned subsidiary, which statements reflect
total assets constituting 8% and total revenues constituting 37% of the related
consolidated totals. Those statements and schedule were audited by other
auditors whose report has been furnished to us, and our opinion, insofar as it
relates to the 1998 data included for Netrex, Inc., is based solely on the
report of the other auditors.

We conducted our audits in accordance with auditing standards generally
accepted in the United States. Those standards require that we plan and perform
the audit to obtain reasonable assurance about whether the financial statements
are free of material misstatement. An audit includes examining, on a test basis,
evidence supporting the amounts and disclosures in the financial statements. An
audit also includes assessing the accounting principles used and significant
estimates made by management, as well as evaluating the overall financial
statement presentation. We believe that our audits and the report of other
auditors provide a reasonable basis for our opinion.

In our opinion, based on our audits and, for 1998, the report of other
auditors, the financial statements referred to above present fairly, in all
material respects, the consolidated financial position of ISS Group, Inc. at
December 31, 1999 and 1998, and the consolidated results of its operations and
its cash flows for each of the three years in the period ended December 31,
1999, in conformity with accounting principles generally accepted in the United
States. Also, in our opinion, based on our audits and the report of the other
auditors, the related financial statement schedule, when considered in relation
to the basic financial statements taken as a whole, presents fairly in all
material respects the information set forth therein.

/s/ Ernst & Young LLP

Atlanta, GA
January 21, 2000

34
36

ISS GROUP, INC.

CONSOLIDATED BALANCE SHEETS



DECEMBER 31,
--------------------------
1998 1999
----------- ------------

ASSETS
Current assets:
Cash and cash equivalents................................. $53,056,000 $ 70,090,000
Marketable securities..................................... -- 56,693,000
Accounts receivable, less allowance for doubtful accounts
of $412,000 and $848,000, respectively................. 16,590,000 26,934,000
Inventory................................................. 48,000 473,000
Prepaid expenses and other current assets................. 806,000 2,122,000
----------- ------------
Total current assets.............................. 70,500,000 156,312,000
Property and equipment:
Computer equipment........................................ 5,706,000 10,108,000
Office furniture and equipment............................ 3,139,000 5,232,000
Leasehold improvements.................................... 565,000 870,000
----------- ------------
9,410,000 16,210,000
Less accumulated depreciation............................. 3,265,000 7,277,000
----------- ------------
6,145,000 8,933,000
Restricted marketable securities............................ -- 12,500,000
Goodwill, less accumulated amortization of $77,000 and
$396,000, respectively.................................... 3,094,000 2,775,000
Other intangible assets, less accumulated amortization of
$154,000 and $827,000, respectively....................... 4,692,000 4,019,000
Other assets................................................ 293,000 306,000
----------- ------------
Total assets...................................... $84,724,000 $184,845,000
=========== ============






LIABILITIES AND STOCKHOLDERS' EQUITY
Current liabilities:
Accounts payable.......................................... $ 3,149,000 $ 5,144,000
Accrued expenses.......................................... 4,941,000 6,298,000
Deferred revenues......................................... 8,333,000 17,155,000
Current portion of long-term debt and capital lease
obligations............................................ 470,000 580,000
Other current liabilities................................. 450,000 --
----------- ------------
Total current liabilities......................... 17,343,000 29,177,000
Long-term debt, including capital lease obligations......... 742,000 435,000
Other non-current liabilities............................... 134,000 80,000

Commitments and contingencies

Stockholders' equity:
Preferred stock; $.001 par value; 20,000,000 shares
authorized, none issued or outstanding................. -- --
Common stock, $.001 par value, 120,000,000 shares
authorized, 37,169,000 and 40,980,000 shares issued and
outstanding, respectively.............................. 37,000 41,000
Additional paid-in capital................................ 76,152,000 157,467,000
Deferred compensation..................................... (662,000) (288,000)
Accumulated other comprehensive income.................... 142,000 100,000
Accumulated deficit....................................... (9,164,000) (2,167,000)
----------- ------------
Total stockholders' equity........................ 66,505,000 155,153,000
----------- ------------
Total liabilities and stockholders' equity........ $84,724,000 $184,845,000
=========== ============


See accompanying notes.

35
37

ISS GROUP, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS



YEAR ENDED DECEMBER 31,
---------------------------------------
1997 1998 1999
----------- ----------- -----------

Revenues:
Product licenses and sales............................ $16,074,000 $36,908,000 $74,050,000
Subscriptions......................................... 4,488,000 12,037,000 24,141,000
Professional services................................. 4,863,000 8,143,000 18,296,000
----------- ----------- -----------
25,425,000 57,088,000 116,487,000
Costs and expenses:
Cost of revenues:
Product licenses and sales......................... 4,673,000 8,875,000 18,842,000
Subscriptions and services......................... 2,602,000 11,076,000 18,858,000
----------- ----------- -----------
Total cost of revenues........................ 7,275,000 19,951,000 37,700,000
Research and development.............................. 3,855,000 9,655,000 20,412,000
Sales and marketing................................... 14,096,000 25,998,000 43,124,000
General and administrative............................ 3,668,000 6,557,000 9,230,000
Amortization.......................................... -- 230,000 992,000
Charge for in-process research and development........ -- 802,000 --
Merger costs.......................................... -- -- 2,329,000
----------- ----------- -----------
28,894,000 63,193,000 113,787,000
----------- ----------- -----------
Operating income (loss)................................. (3,469,000) (6,105,000) 2,700,000
Interest income, net.................................... 163,000 2,274,000 5,902,000
Exchange loss........................................... -- -- (136,000)
----------- ----------- -----------
Income (loss) before income taxes....................... (3,306,000) (3,831,000) 8,466,000
Provision for income taxes.............................. -- 62,000 976,000
----------- ----------- -----------
Net income (loss)....................................... $(3,306,000) $(3,893,000) $ 7,490,000
=========== =========== ===========
Basic net income (loss) per share of Common Stock....... $ (0.18) $ (0.12) $ 0.19
=========== =========== ===========
Diluted net income (loss) per share of Common Stock..... $ (0.18) $ (0.12) $ 0.17
=========== =========== ===========
Weighted average shares:
Basic................................................... 18,399,000 32,351,000 39,996,000
=========== =========== ===========
Diluted................................................. 18,399,000 32,351,000 43,691,000
=========== =========== ===========
Unaudited pro forma net loss per share of Common
Stock................................................. $ (0.11) $ (0.11)
=========== ===========
Unaudited weighted average number of shares used in
calculating unaudited pro forma net loss per share of
Common Stock.......................................... 29,873,000 34,963,000
=========== ===========


See accompanying notes.

36
38

ISS GROUP, INC.

CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (DEFICIT)


ACCUMULATED RETAINED
COMMON STOCK ADDITIONAL OTHER EARNINGS
-------------------- PAID-IN DEFERRED COMPREHENSIVE (ACCUMULATED
SHARES AMOUNT CAPITAL COMPENSATION INCOME DEFICIT)
---------- ------- ------------ ------------ ------------- ------------

Balance at December 31, 1996....... 18,248,000 $18,000 $ 168,000 $ -- $ -- $(1,311,000)
Comprehensive income:
Net loss....................... -- -- -- -- -- (3,306,000)
Accretion related to Redeemable,
Convertible Preferred Stock.... -- -- (11,000) -- -- --
Deferred compensation related to
stock options.................. -- -- 571,000 (571,000) -- --
Issuance of Common Stock......... 38,000 -- 32,000 -- -- --
---------- ------- ------------ --------- -------- -----------
Balance at December 31, 1997....... 18,286,000 18,000 760,000 (571,000) -- (4,617,000)
Comprehensive income:
Net loss....................... -- -- -- -- -- (3,893,000)
Translation adjustment......... -- -- -- -- 142,000 --
Issuance of Common Stock:
Initial public offering........ 6,140,000 6,000 61,525,000
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... 11,474,000 12,000 8,866,000
Exercise of stock options...... 810,000 1,000 292,000 -- -- --
Acquisitions................... 316,000 -- 3,901,000 -- -- --
Issuance to consultant......... 2,000 -- 11,000 -- -- --
Subchapter S distributions of a
pooled entity.................. -- -- -- -- -- (216,000)
Buyout of former Subchapter S
shareholder.................... -- -- (14,000) -- -- (438,000)
Deferred compensation related to
stock options.................. -- -- 811,000 (811,000) -- --
Amortization of deferred
compensation................... -- -- -- 720,000 -- --
---------- ------- ------------ --------- -------- -----------
Balance at December 31, 1998....... 37,028,000 37,000 76,152,000 (662,000) 142,000 (9,164,000)
Comprehensive income:
Net income..................... -- -- -- -- -- 7,490,000
Translation adjustment......... -- -- -- -- (42,000) --
Issuance of Common Stock:
Secondary public offering...... 2,778,000 3,000 77,361,000 -- -- --
Exercise of stock options...... 1,033,000 1,000 3,948,000 -- -- --
Pooling-of-interests........... 141,000 -- 6,000 -- -- 164,000
Subchapter S distributions of a
pooled entity.................. -- -- -- -- -- (657,000)
Amortization of deferred
compensation................... -- -- -- 374,000 -- --
---------- ------- ------------ --------- -------- -----------
Balance at December 31, 1999....... 40,980,000 $41,000 $157,467,000 $(288,000) $100,000 $(2,167,000)
========== ======= ============ ========= ======== ===========



TOTAL
COMPREHENSIVE STOCKHOLDERS'
INCOME EQUITY
------------- -------------

Balance at December 31, 1996....... $ -- $ (1,125,000)
Comprehensive income:
Net loss....................... $(3,306,000) (3,306,000)
===========
Accretion related to Redeemable,
Convertible Preferred Stock.... -- (11,000)
Deferred compensation related to
stock options.................. -- --
Issuance of Common Stock......... -- 32,000
------------
Balance at December 31, 1997....... (4,410,000)
Comprehensive income:
Net loss....................... (3,893,000) (3,893,000)
Translation adjustment......... 142,000 142,000
-----------
$(3,751,000)
===========
Issuance of Common Stock:
Initial public offering........ 61,531,000
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... 8,878,000
Exercise of stock options...... -- 293,000
Acquisitions................... -- 3,901,000
Issuance to consultant......... -- 11,000
Subchapter S distributions of a
pooled entity.................. -- (216,000)
Buyout of former Subchapter S
shareholder.................... -- (452,000)
Deferred compensation related to
stock options.................. -- --
Amortization of deferred
compensation................... -- 720,000
------------
Balance at December 31, 1998....... -- 66,505,000
Comprehensive income:
Net income..................... 7,490,000 7,490,000
Translation adjustment......... (42,000) (42,000)
-----------
$ 7,448,000
===========
Issuance of Common Stock:
Secondary public offering...... -- 77,364,000
Exercise of stock options...... -- 3,949,000
Pooling-of-interests........... -- 170,000
Subchapter S distributions of a
pooled entity.................. -- (657,000)
Amortization of deferred
compensation................... -- 374,000
------------
Balance at December 31, 1999....... $155,153,000
============


See accompanying notes.

37
39

ISS GROUP, INC.

CONSOLIDATED STATEMENTS OF CASH FLOWS



YEAR ENDED DECEMBER 31,
----------------------------------------
1997 1998 1999
----------- ----------- ------------

OPERATING ACTIVITIES
Net income (loss)...................................... $(3,306,000) $(3,893,000) $ 7,490,000
Adjustments to reconcile net income (loss) to net cash
(used in) provided by operating activities:
Depreciation......................................... 796,000 2,162,000 3,989,000
Amortization of goodwill and intangibles............. -- 230,000 992,000
Accretion of discount on marketable securities....... -- -- (1,176,000)
Charge for in-process research and development....... -- 802,000 --
Deferred compensation expense........................ -- 720,000 374,000
Other non-cash expense............................... 46,000 118,000 (47,000)
Changes in assets and liabilities, excluding the
effects
of acquisitions:
Accounts receivable............................. (2,801,000) (10,590,000) (10,241,000)
Inventory....................................... (28,000) 106,000 (425,000)
Prepaid expenses and other assets............... (213,000) (541,000) (1,312,000)
Accounts payable and accrued expenses........... 3,767,000 2,679,000 3,303,000
Deferred revenues............................... 1,727,000 5,299,000 8,822,000
----------- ----------- ------------
Net cash (used in) provided by operating
activities................................. (12,000) (2,908,000) 11,769,000
----------- ----------- ------------
INVESTING ACTIVITIES
Acquisitions, net of cash received..................... -- (5,206,000) --
Purchases of marketable securities..................... -- -- (55,517,000)
Purchase of restricted marketable securities........... -- -- (12,500,000)
Purchases of property and equipment.................... (3,317,000) (4,166,000) (6,356,000)
----------- ----------- ------------
Net cash used in investing activities........ (3,317,000) (9,372,000) (74,373,000)
----------- ----------- ------------
FINANCING ACTIVITIES
Net proceeds from (payments on) long-term debt......... 425,000 161,000 (250,000)
Net borrowings (payments) under line of credit......... 320,000 (320,000) --
Net proceeds from Redeemable, Convertible Preferred
Stock issuances...................................... 5,253,000 -- --
Payments on long term debt and capital leases.......... (145,000) (326,000) (276,000)
Capital transactions of merged entity.................. (402,000) (318,000) (1,107,000)
Proceeds from exercise of stock options................ -- 292,000 3,949,000
Net proceeds from public offerings..................... -- 61,531,000 77,364,000
Other Common Stock activities.......................... 1,000 -- --
----------- ----------- ------------
Net cash provided by financing activities.... 5,452,000 61,020,000 79,680,000
----------- ----------- ------------
Foreign currency impact on cash........................ -- 142,000 (42,000)
----------- ----------- ------------
Net increase in cash and cash equivalents.............. 2,123,000 48,882,000 17,034,000
Cash and cash equivalents at beginning of year......... 2,051,000 4,174,000 53,056,000
----------- ----------- ------------
Cash and cash equivalents at end of year............... $ 4,174,000 $53,056,000 $ 70,090,000
=========== =========== ============
SUPPLEMENTAL CASH FLOW DISCLOSURE
Interest paid.......................................... $ 82,000 $ 134,000 $ 33,000
=========== =========== ============
Capital lease obligations incurred during the period... -- $ 468,000 $ 329,000
=========== =========== ============
Income taxes paid...................................... -- -- $ 47,000
=========== =========== ============


38
40

ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
DECEMBER 31, 1999

1. SIGNIFICANT ACCOUNTING POLICIES

DESCRIPTION OF BUSINESS

ISS's business is focused on maintaining the latest security threat and
vulnerability checks within existing products and creating new products and
services that are consistent with ISS's goal of providing security management
solutions. This approach entails continuous security risk monitoring and
response to develop an active and informed network security policy.

ISS Group, Inc. was incorporated in the State of Delaware on December 8,
1997 to be a holding company for Internet Security Systems, Inc., a Georgia
company incorporated in 1994 to design, market, and sell computer network
security assessment software. In addition, ISS has various other subsidiaries in
the United States, Europe and the Asia/Pacific regions with primary marketing
and sales responsibilities for ISS's products and services in their respective
markets. ISS is organized as, and operates in, a single business segment that
provides products, technical support, managed security services, and consulting
and training services as components of providing security management solutions.

On March 27, 1998 ISS completed an initial public offering ("IPO") of its
Common Stock. A total of 6,900,000 shares were sold at $11 per share. ISS
completed a second public offering of its Common Stock on March 2, 1999. A total
of 5,178,000 shares were sold at $29.50 per share. The net proceeds of these
offerings to ISS were approximately $138,895,000 and such proceeds will be used
for general corporate purposes. ISS's shares are traded on the NASDAQ National
Market under the ticker symbol "ISSX".

BASIS OF CONSOLIDATION AND FOREIGN CURRENCY TRANSLATIONS

The consolidated financial statements include the accounts of ISS Group,
Inc. and its subsidiaries ("ISS"). All significant intercompany investment
accounts and transactions have been eliminated in consolidation.

Assets and liabilities of international operations are translated from the
local currency into U.S. dollars at the approximate rate of currency exchange at
the end of the fiscal period. Translation gains and losses of foreign operations
that use local currencies as the functional currency are included in accumulated
other comprehensive income (loss) as a component of stockholders' equity.
Revenues and expenses are translated at average exchange rates for the period.
Transaction gains and losses arising from exchange rate fluctuations on
transactions denominated in currency other than the local functional currency
are included in results of operations.

USE OF ESTIMATES

The preparation of financial statements in conformity with generally
accepted accounting principles requires management to make estimates and
assumptions that affect the amounts reported in the financial statements and
accompanying notes. Actual results may differ from those estimates, and such
differences may be material to the consolidated financial statements.

REVENUE RECOGNITION

ISS recognizes its perpetual license revenue upon (i) delivery of software
or, if the customer has evaluation software, delivery of the software key, and
(ii) issuance of the related license, assuming no significant vendor obligations
or customer acceptance rights exist. For perpetual license agreements, when
payment terms extend over periods greater than twelve months, revenue is
recognized as such amounts are billable. Product sales consist of software
developed by third-party partners, combined in some instances with

39
41
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
associated hardware appliances and partner maintenance services. These sales are
recognized upon shipment to the customer.

Subscriptions revenue includes maintenance, term licenses and managed
services. Annual renewable maintenance is a separate component of perpetual
license agreements for which the revenue is recognized ratably over the
maintenance contract term. Term licenses allow customer use of the product and
maintenance for a specified period, generally twelve months, for which revenues
are also recognized ratably over the contract term. Managed services consist of
security monitoring services of information assets and systems and are
recognized as such services are provided. Professional services revenue,
including consulting and training, are recognized as such services are
performed.

COSTS OF REVENUES

Costs of revenues include the costs of products and services. Cost of
products represents the cost of product sales, which are incurred upon
recognition of the associated product revenues. Cost of services includes the
cost of ISS's technical support group who provide assistance to customers with
maintenance agreements, the operations center costs of providing managed
services and the costs related to ISS's professional services.

CASH AND CASH EQUIVALENTS

Cash equivalents include all highly liquid investments with maturity of
three months or less when purchased. Such amounts are stated at cost, which
approximates market value.

MARKETABLE SECURITIES

ISS's investment in marketable securities consists of debt instruments of
the U.S. Treasury, U.S. government agencies and corporate commercial paper. All
such marketable securities have a maturity of less than one year. These
investments are classified as available-for-sale and reported at fair market
value. The amortized cost of securities classified as available-for-sale is
adjusted for amortization of premiums and accretion of discounts to maturity.
Such amortization is included in interest income. Unrealized gains and losses on
available-for-sale securities were immaterial for 1999. Realized gains and
losses, and declines in value judged to be other-than-temporary are included in
net securities gains (losses) and are included in our results of operations.
There were no securities sold in 1999. Interest and dividends on securities
classified as available-for-sale are included in interest income.

CONCENTRATIONS OF CREDIT RISK

Financial instruments that potentially subject ISS to significant
concentrations of credit risk consist principally of cash and cash equivalents,
marketable securities and accounts receivable. ISS maintains cash and cash
equivalents in short-term money market accounts with two financial institutions
and short-term, investment grade commercial paper. Marketable securities consist
of United States government agency securities, money market accounts and
investment grade commercial paper. ISS's sales are primarily to companies
located in the United States, Europe, Brazil and the Asia/Pacific regions. ISS
performs periodic credit evaluations of its customer's financial condition and
does not require collateral. Accounts receivable are due principally from large
U.S. companies under stated contract terms. ISS provides for estimated credit
losses at the time of sale, which have not been significant to date.

40
42
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
FAIR VALUE OF FINANCIAL INSTRUMENTS

The carrying amounts reported in the balance sheets for cash and cash
equivalents, marketable securities, accounts receivable and accounts payable
approximate their fair values. The carrying amounts reported in the balance
sheets for long-term debt approximate their fair values, as the interest rate
related to such debt is variable and commensurate with the credit worthiness of
ISS.

PROPERTY AND EQUIPMENT

Property and equipment are stated at cost less accumulated depreciation.
Depreciation is computed using the straight-line method for financial reporting
purposes over the estimated useful lives of the assets (primarily three years).

INVENTORY

Inventory consists of finished goods purchased for resale and is recorded
at the lower of cost or market.

GOODWILL AND INTANGIBLES

The major classes of intangible assets, including goodwill (excess of cost
over acquired net assets), at December 31, 1998 and 1999 are as follows:



LIFE 1998 1999
---- ---------- ----------

Goodwill................................................. 10 $3,171,000 $3,171,000
Less accumulated amortization............................ (77,000) (396,000)
---------- ----------
$3,094,000 $2,775,000
========== ==========
Core technology.......................................... 8 $3,853,000 $3,853,000
Developed technology..................................... 5 778,000 778,000
Work force............................................... 6 215,000 215,000
---------- ----------
4,846,000 4,846,000
Less accumulated amortization............................ (154,000) (827,000)
---------- ----------
$4,692,000 $4,019,000
========== ==========


Goodwill and other intangible assets are amortized using the straight-line
method for the period indicated. They are reviewed for impairment whenever
events indicate that their carrying amount may not be recoverable. In such
reviews, undiscounted cash flows associated with their carrying value are
compared with their carrying values to determine if a write-down to fair value
is required.

RESEARCH AND DEVELOPMENT COSTS

Research and development costs are charged to expense as incurred. ISS has
not capitalized any such development costs under Statement of Financial
Accounting Standards ("SFAS") No. 86, Accounting for the Costs of Computer
Software to Be Sold, Leased, or Otherwise Marketed, because the costs incurred
between the attainment of technological feasibility for the related software
product through the date when the product is available for general release to
customers has been insignificant.

41
43
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
ADVERTISING COSTS

ISS incurred advertising costs $619,000 in 1997, $517,000 in 1998 and
$1,312,000 in 1999, which are expensed as incurred and are included in sales and
marketing expense in the statements of operations.

STOCK BASED COMPENSATION

SFAS No. 123, Accounting for Stock-Based Compensation establishes
accounting and reporting standards for stock-based employee compensation plans.
As permitted by SFAS 123, ISS continues to account for stock-based compensation
in accordance with APB Opinion No. 25, Accounting for Stock Issued to Employees,
and has elected the pro forma disclosure alternative of SFAS 123.

INCOME (LOSS) PER SHARE

On April 1, 1999 the Company's Board of Directors declared a two-for-one
stock split affected in the form of a stock dividend paid on May 19, 1999 to
stockholders of record on May 5, 1999. Accordingly, all share and income (loss)
per share amounts have been retroactively restated for this 100% stock dividend.

Basic historical net income (loss) per share (see Note 10) was computed by
dividing net income (loss) plus accretion of the Series A and Series B
Redeemable, Convertible Preferred Stock by the weighted average number of shares
outstanding of Common Stock. Diluted historical net income (loss) per share was
computed by dividing net income (loss) by the weighted average shares
outstanding, including common equivalents (when dilutive).

Unaudited pro forma net loss per share was computed by dividing net loss by
the unaudited weighted average number of shares of Common Stock outstanding plus
the assumed conversion of the Redeemable, Convertible Preferred Stock into
11,474,000 shares of Common Stock as of the later of (i) January 1, 1997 or (ii)
the date of issuance of such preferred stock, instead of March 27, 1998 when
such shares of preferred stock automatically converted into Common Stock.

RECENTLY ISSUED ACCOUNTING STANDARDS

In December 1999, the Securities and Exchange Commission Staff released
Staff Accounting Bulletin ("SAB") No. 101, Revenue Recognition in Financial
Statements. SAB No. 101 provides guidance on the recognition, presentation and
disclosure of revenue in financial statements and is effective immediately.
Adoption of SAB No. 101 is not expected to have a material impact on results of
operations or financial position.

2. BUSINESS COMBINATION AND ASSET ACQUISITION

On August 31, 1999, ISS acquired Netrex, Inc., ("Netrex") a leading
provider of remote, security monitoring services of digital assets, in a
transaction that was accounted for as a pooling-of-interests. To affect the
business combination, ISS issued approximately 2,450,000 shares of ISS stock in
exchange for all of the outstanding stock of Netrex. Additionally, options
outstanding under the Netrex Stock Plan were assumed by ISS resulting in
approximately 510,000 additional ISS shares being reserved for outstanding
grants under the Netrex Stock Plan. The consolidated financial statements of
ISS, including share and per share data, have been restated for all periods
presented to include the results of Netrex with all intercompany transactions
eliminated in such restatement.

42
44
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

2. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED)
Revenues and net income (loss) of the separate companies that includes
periods preceding the Netrex merger were as follows:



YEAR ENDED DECEMBER 31,
----------------------------------------
1997 1998 1999
----------- ----------- ------------

Total revenues:
ISS.................................................. $13,467,000 $35,929,000 $ 74,204,000
Netrex............................................... 11,958,000 21,159,000 42,283,000
----------- ----------- ------------
Total revenues, as reported.................. $25,425,000 $57,088,000 $116,487,000
=========== =========== ============
Net income (loss):
ISS.................................................. $(3,919,000) $(4,102,000) $ 7,326,000
Netrex............................................... 613,000 209,000 164,000
----------- ----------- ------------
Combined............................................. $(3,306,000) $(3,893,000) $ 7,490,000
Business combination expenses.......................... -- -- 2,329,000
Pro forma income tax expense........................... -- -- (368,000)
----------- ----------- ------------
Pro forma net income (loss)............................ $(3,306,000) $(3,893,000) $ 9,451,000
=========== =========== ============


Pro forma net income (loss) reflects adjustments to net income (loss) to
record an estimated provision for income taxes for each period presented
assuming Netrex was a taxpaying entity and excludes merger costs.

In September 1999, ISS acquired privately held NJH Security Consulting
("NJH"), which was based in Atlanta, Georgia. NJH is a consulting firm focused
on providing information security services to organizations worldwide. Upon
closing the acquisition in September 1999, approximately 142,000 shares of ISS
common stock with a value of approximately $3.9 million were issued in exchange
for all of the outstanding stock of NJH. The transaction is being accounted for
using the pooling-of-interests method of accounting; however, this transaction
was not material to ISS's consolidated operations and financial position and,
therefore, the operating results of ISS have not been restated for this
transaction. The operating results of ISS include the results of operations of
NJH since the date of acquisition.

The consolidated statements of operations include merger costs of
$2,329,000 in 1999 that represent the direct out-of-pocket costs of these
business combinations. These costs are principally investment advisor, legal and
accounting fees.

In October 1998, ISS acquired March Information Systems Limited ("March"),
a United Kingdom-based developer of Windows NT and Unix-based security
assessment technologies. Also in October 1998, ISS acquired the technology of
DbSecure, Inc., a developer of database security risk assessment solutions. ISS
issued 316,000 shares of ISS Common Stock and paid $5,206,000 in cash
consideration and direct transaction costs for these acquisitions.

Both of these acquisitions have been accounted for as purchases and their
results have been included in the results of ISS's operations from the effective
dates of acquisition. Substantially all of the aggregate consideration of
$9,144,000 was allocated to identified intangibles, including core and developed
technologies, in-process research and development, work force and goodwill (see
Note 1).

The valuations of core and developed technologies and in-process research
and development were based on the present value of estimated future cash flows
over the lesser of: (i) five years or (ii) the period in which the product is
expected to be integrated into an existing ISS product. The resulting values
were reviewed for reasonableness based on the time and cost spent on the effort,
the complexity of the development effort and, in the case of in-process
development projects, the stage to which it had progressed. For in-process
research and development, the valuation was reduced for the core technology
component of such product and the

43
45
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

2. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED)
percentage of product development remaining at the acquisition date. The
resulting in-process research and development amount of $802,000 is reflected as
a charge in the 1998 statement of operations.

The following table summarizes the unaudited pro forma results of
operations as if the acquisition of March was concluded on January 1, 1998 (the
effect of the DbSecure acquisition is not included as its impact was
immaterial). This pro forma information is not necessarily indicative of what
the combined operations would have been if ISS had control of such combined
businesses for the periods presented.

The adjustments to the historical data reflect the following (i) reduction
of interest income in connection with the cash payments and (ii) amortization of
goodwill and intangibles.



1998
-----------
(UNAUDITED)

Revenues.................................................... $58,894,000
Operating loss.............................................. (6,537,000)
Net loss.................................................... (4,619,000)
Per share:
Basic and diluted net loss................................ $ (0.14)
Pro forma net loss........................................ $ (0.13)


3. MARKETABLE SECURITIES

The following is a summary of available-for-sale marketable securities as
of December 31, 1999:



ESTIMATED FAIR
COST VALUE
----------- --------------

Unrestricted:
U.S. Treasury securities and obligations of U.S
government agencies................................... $18,907,000 $18,907,000
U.S. corporate commercial paper.......................... $37,786,000 $37,786,000
Restricted:
U.S. corporate commercial paper.......................... $12,500,000 $12,500,000
----------- -----------
$69,193,000 $69,193,000
=========== ===========


The contractual maturities of all of these investments were less than one
year as of December 31, 1999. Marketable securities of $12,500,000 are
restricted as of December 31, 1999 as collateral for a letter of credit issued
by a financial institution related to the lease on the new ISS headquarters. The
amount of restricted marketable securities and the related letter of credit will
be reduced annually over the related lease term.

4. REDEEMABLE, CONVERTIBLE PREFERRED STOCK

All of the outstanding shares of Redeemable, Convertible Preferred Stock
were automatically converted into an aggregate of 11,474,000 shares of Common
Stock on March 27, 1998 in connection with ISS's IPO.

Redeemable, Convertible Preferred Stock consisted of the following:



SHARES ISSUED
GROSS NET AND
SERIES DATE OF ISSUANCE PROCEEDS PROCEEDS OUTSTANDING
- ------ ----------------- ---------- ---------- -------------

A............................... February 2, 1996 $3,650,000 $3,607,000 7,300,000
B............................... February 14, 1997 5,280,000 5,253,000 4,174,000
---------- ---------- -----------
$8,930,000 $8,860,000 11,474,000
========== ========== ===========


44
46
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

4. REDEEMABLE, CONVERTIBLE PREFERRED STOCK -- (CONTINUED)
Accretion related to the Series A and Series B Redeemable, Convertible
Preferred Stock was recorded over the respective redemption period by charges
against additional paid-in capital with corresponding increases to the carrying
value of the Series A and Series B Redeemable, Convertible Preferred Stock. Such
increases aggregated $11,000 for the year ended December 31, 1997 and were
immaterial in 1998.

5. STOCK OPTION PLANS

ISS's Incentive Stock Plan (the "Plan") provides for the granting of
qualified or non-qualified options to purchase shares of ISS's Common Stock.
Under the Plan, the shares reserved for future issuance increase automatically
on the first trading day of each year, beginning with 1999, by an amount equal
to 3% of the number of shares of Common Stock outstanding on the last trading
day of the preceding year.

Certain options granted under the Plan prior to the IPO are immediately
exercisable, subject to a right of repurchase by ISS at the original exercise
price for all unvested shares. Options granted after the IPO are generally
exercisable as vesting occurs. Vesting is generally in equal annual installments
over four years, measured from the date of the grant.

Deferred compensation was determined by comparing the exercise price of
stock options issued in December 1997 to the estimated price range for the IPO
as set forth in the initial filing on January 20, 1998 of ISS's Registration
Statement on Form S-1 and the exercise price of stock options issued in January
and February 1998 to the final estimated price range contained in ISS's March
pre-effective amendment to its Registration Statement for the IPO filed in March
1998. The amounts are being charged to operations proportionately over the
four-year vesting period of the related stock options. Amortization of deferred
compensation for the years ended December 31, 1998 and 1999 was $720,000 and
$374,000, respectively. All other options are issued at fair market value on the
date of grant.

On December 8, 1997, the Board of Directors granted to each of the four
non-employee directors a non-qualified option to purchase up to 40,000 shares of
Common Stock outside the Plan, on the same terms as if those options had been
granted under the program of the 1995 Plan. ISS reserved 160,000 shares of
Common Stock for issuance under these options.

A summary of ISS's stock option activity is as follows:



1997 1998 1999
--------------------- --------------------- ---------------------
WEIGHTED WEIGHTED WEIGHTED
AVERAGE AVERAGE AVERAGE
NUMBER EXERCISE NUMBER EXERCISE NUMBER EXERCISE
OF SHARES PRICE OF SHARES PRICE OF SHARES PRICE
---------- -------- ---------- -------- ---------- --------

Outstanding at beginning of
year........................... 1,620,000 $0.08 3,776,000 $ 1.36 5,205,000 $ 5.35
Granted........................ 2,206,000 2.27 1,921,000 11.37 1,719,000 33.94
Exercised...................... (14,000) 0.08 (809,000) .36 (1,033,000) 3.81
Canceled....................... (36,000) 0.25 (129,000) 4.66 (884,000) 15.45
Assumed........................ -- -- 446,000 4.00 60,000 3.51
---------- ---------- ----------
Outstanding at end of year....... 3,776,000 1.36 5,205,000 5.35 5,067,000 13.58
========== ========== ==========
Exercisable at end of year....... 3,776,000 1.36 3,219,000 1.95 2,693,000 3.00
========== ========== ==========
Weighted average fair value of
options granted during the
year........................... $ 1.17 $ 13.68 $ 29.01
========== ========== ==========


45
47
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

5. STOCK OPTION PLANS -- (CONTINUED)
The following table summarizes information about stock options outstanding
at December 31, 1999:



OPTIONS FULLY
OPTIONS OUTSTANDING VESTED AND EXERCISABLE
---------------------------- -----------------------
NUMBER OF WEIGHTED NUMBER
OPTIONS AVERAGE EXERCISABLE WEIGHTED
OUTSTANDING AT REMAINING AT AVERAGE
DECEMBER 31, CONTRACTUAL DECEMBER 31, EXERCISE
RANGE OF EXERCISE PRICES 1999 LIFE 1999 PRICE
- ------------------------ -------------- ----------- ------------ --------

$0.08-0.36............................... 1,015,000 6.61 421,000 $ 0.14
$0.50-3.59............................... 1,296,000 8.10 472,000 3.25
$4.00-11.00.............................. 890,000 8.21 225,000 7.37
$12.00-25.00............................. 425,000 8.79 93,000 17.52
$25.25-55.00............................. 1,441,000 9.42 -- --


ISS has reserved approximately 5,200,000 shares of ISS common stock for the
future exercise of stock options at December 31, 1999.

Pro forma information regarding net income and net income per share is
required by SFAS 123, which also requires that the information be determined as
if ISS had accounted for its employee stock options granted subsequent to
December 31, 1994 under the fair value method prescribed by that Statement. The
fair value for options granted was estimated at the date of grant using the
Black-Scholes option-pricing model. The following weighted average assumptions
were used for 1997, 1998 and 1999, respectively: risk-free interest rates of
6.28%, 5.27% and 6.19%, respectively; no dividend yield; volatility factors of
.60, .60 and 1.25, respectively; and an expected life of the options of 4, 5 and
5 years, respectively.

The Black-Scholes option valuation model was developed for use in
estimating the fair value of traded options that have no vesting restrictions
and are fully transferable. In addition, option valuation models require the
input of highly subjective assumptions including the expected stock price
volatility. Because employee stock options have characteristics different from
those of traded options, and because the changes in the subjective input
assumptions can materially affect the fair value estimate, in management's
opinion, the existing models do not necessarily provide a reliable single
measure of the fair value of its employee stock options.

For purposes of pro forma disclosures, the estimated fair value of the
option is amortized to expense over the options' vesting period. The following
pro forma information adjusts the net income (loss) and net income (loss) per
share of Common Stock for the impact of SFAS 123:



YEAR ENDED DECEMBER 31,
------------------------------------
1997 1998 1999
----------- ----------- --------

Pro forma net income (loss)............................... $(3,370,000) $(6,551,000) $743,000
=========== =========== ========
Pro forma net income (loss) per share..................... $ (0.18) $ (0.20) $ 0.02
=========== =========== ========


6. LONG-TERM DEBT AND CAPITAL LEASE OBLIGATIONS

ISS has an agreement with a bank providing for a revolving working capital
line of credit and a term loan facility. Under the terms of the agreement, ISS
may borrow up to $3,000,000 (subject to a borrowing formula) and $500,000,
respectively, with interest payable monthly at prime plus .5 percent. The line
of credit and the term loan facility are collateralized by certain assets of the
Company.

46
48
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

6. LONG-TERM DEBT AND CAPITAL LEASE OBLIGATIONS -- (CONTINUED)
Capital lease obligations are as follows at December 31, 1998 and 1999:



1998 1999
--------- ---------

Lease contracts payable in monthly installments aggregating
$33,000 including interest at an average rate of 8.3%,
maturing at various dates through 2004 collateralized by
related equipment......................................... $ 725,000 $ 762,000
Less amount representing interest........................... (90,000) (74,000)
--------- ---------
635,000 688,000
Less current portion........................................ (210,000) (327,000)
--------- ---------
Non-current portion......................................... $ 425,000 $ 361,000
========= =========


The future minimum lease payment commitments are $374,000, $257,000,
$69,000, $40,000 and $22,000 in 2000, 2001, 2002, 2003 and 2004, respectively.

The charge to income resulting from the depreciation of assets recorded
under capital leases is included in depreciation expense.

The following is an analysis of the leased assets included in property and
equipment:



1998 1999
-------- ---------

Computer equipment.......................................... $388,000 $ 555,000
Furniture and fixtures...................................... 364,000 364,000
Office equipment............................................ 183,000 344,000
-------- ---------
935,000 1,263,000
Less accumulated depreciation............................. 368,000 641,000
-------- ---------
Undepreciated cost.......................................... $567,000 $ 622,000
======== =========


Long-term debt at December 31, 1998 and 1999 consists of the following:



1998 1999
--------- ---------

Note payable to bank, due in monthly installments of
$13,400, balance due November 2000, at interest rate of
8.6%, collateralized by related equipment................. $ 285,000 $ 144,000
Note payable to bank, due in monthly installments of
$11,500, balance due May 2001, at interest rate of 8.29%,
collateralized by related equipment....................... 291,000 184,000
--------- ---------
576,000 328,000
Less current maturities..................................... (260,000) (254,000)
--------- ---------
Non-current portion......................................... $ 316,000 $ 74,000
========= =========


The non-current portion of long-term debt at December 31, 1999 matures in
2001.

7. COMMITMENTS AND CONTINGENT LIABILITIES

ISS has non-cancelable operating leases for facilities that expire at
various dates through April 2012. In 1999 ISS entered into an eleven and
one-half year lease for a new corporate headquarters, which it expects to occupy
in various stages beginning in November 2000.

47
49
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

7. COMMITMENTS AND CONTINGENT LIABILITIES -- (CONTINUED)
Future minimum payments under non-cancelable operating leases with initial
terms of one year or more consisted of the following at December 31, 1999:



OPERATING
LEASES
-----------

2000........................................................ $ 4,102,000
2001........................................................ 6,156,000
2002........................................................ 6,195,000
2003........................................................ 5,503,000
2004........................................................ 5,606,000
Thereafter.................................................. 44,714,000
-----------
Total minimum lease payments...................... $72,276,000
===========


Rent expense was approximately $749,000, $2,098,000 and $2,831,000 for the
years ended December 31, 1997, 1998, and 1999, respectively.

On July 13, 1999 ISS and Network Associates, Inc. announced that the patent
infringement suit filed in July 1998 by Network Associates, Inc against Internet
Security Systems, Inc. (a wholly-owned subsidiary of ISS) was resolved to the
parties' mutual satisfaction. The resolution of this previously pending
litigation had no material adverse effect on the business, operating results, or
financial condition of ISS.

8. INCOME TAXES

For financial reporting purposes, the provision for income taxes includes
the following components, all of which are current:



YEAR ENDED DECEMBER 31,
-------------------------
1997 1998 1999
---- ------- --------

Federal income taxes........................................ $ -- $ -- $730,000
State income taxes.......................................... -- -- 149,000
Foreign income taxes........................................ -- 62,000 97,000
---- ------- --------
Total provision for income taxes.................. $ -- $62,000 $976,000
==== ======= ========


A reconciliation of the provision for income taxes to the statutory federal
income tax rate is as follows:



YEAR ENDED DECEMBER 31,
---------------------------------------
1997 1998 1999
----------- ----------- -----------

Federal income taxes at 34%, applied to pretax income
(loss)................................................ $(1,332,000) $(1,440,000) $ 2,878,000
State income taxes, net of federal income tax benefit... (157,000) (160,000) 149,000
Alternative Minimum Tax................................. -- -- 230,000
Intangibles............................................. -- 345,000 209,000
Research and development tax credits.................... (159,000) (384,000) (717,000)
Merger expenses not deductible for tax purposes......... -- -- 792,000
S Corp earnings......................................... -- -- (255,000)
Foreign operations...................................... -- 62,000 97,000
Other................................................... (26,000) 42,000 --
Change in valuation allowance........................... 1,674,000 1,597,000 (2,407,000)
----------- ----------- -----------
$ -- $ 62,000 $ 976,000
=========== =========== ===========


48
50
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

8. INCOME TAXES -- (CONTINUED)
Deferred income taxes reflect the net income tax effects of temporary
differences between the carrying amounts of assets and liabilities for financial
reporting purposes and the amounts used for income tax purposes. The net income
tax effect has been computed using a combined statutory rate of 38% for federal
and state taxes. Significant components of ISS's net deferred income taxes are
as follows:



DECEMBER 31,
--------------------------
1998 1999
----------- ------------

Deferred income tax liability -- core technology............ $ 494,000 $ 419,000
----------- ------------
Deferred income tax assets:
Depreciation and amortization............................. 72,000 267,000
Accrued liabilities....................................... 410,000 121,000
Allowance for doubtful accounts........................... 109,000 165,000
Deferred compensation..................................... 274,000 142,000
Net operating loss carryforwards.......................... 5,447,000 9,986,000
AMT credit carryforwards.................................. -- 230,000
Foreign net operating loss carryforwards.................. 298,000 647,000
Research and development tax credit carryforwards......... 571,000 1,336,000
----------- ------------
Total deferred income tax assets.................. 7,181,000 12,894,000
Net deferred income tax assets.............................. 6,687,000 12,475,000
----------- ------------
Less valuation allowance.................................... (6,687,000) (12,475,000)
----------- ------------
Net deferred income tax assets.................... $ -- $ --
=========== ============


For financial reporting purposes, a valuation allowance has been recognized
to reduce the net deferred income tax assets to zero. ISS has not recognized any
benefit from the future use of the deferred income tax assets because
management's evaluation of all the available evidence in assessing the
realizability of the tax benefits of such loss carryforwards indicates that the
underlying assumptions of future profitable operations contain risks that do not
provide sufficient assurance to recognize such tax benefits currently.

The valuation allowances at December 31, 1998 and 1999 include items
resulting from both operating losses and stock option deductions. The change in
balance between December 31, 1998 and 1999 is the net result of a reduction of
the valuation allowance related to operating losses (as shown in the provision
reconciliation) and an increase in the valuation allowance related to stock
option deductions.

The deferred income tax assets include approximately $3,212,000 and
$12,124,000 at December 31, 1998 and 1999, respectively, of assets related to
stock option deductions. While income tax expense will be recorded on any future
pre-tax profits from United States operations, these deferred income tax assets
would reduce the related income taxes payable. This reduction in income taxes
payable in future periods would be recorded as additional paid-in-capital.

ISS has approximately $26,300,000 of net operating loss carryforwards for
federal income tax purposes that expire in varying amounts between 2011 and
2019. The net operating loss carryforwards may be subject to certain limitations
in the event of a change in ownership. ISS also has approximately $1,200,000 of
net operating loss carryforwards related to its foreign operations and
approximately $1,336,000 of research and development tax credit carryforwards
that expire between 2011 and 2019.

49
51
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

9. EMPLOYEE BENEFIT PLANS

ISS sponsors a 401(k) plan that covers substantially all employees over 21
years of age. ISS may make contributions to the plan at its discretion, but has
made no contributions to the plan through December 31, 1999.

10. INCOME (LOSS) PER SHARE

The following table sets forth the computation of basic and diluted net
income (loss) per share:



YEAR ENDED DECEMBER 31,
---------------------------------------
1997 1998 1999
----------- ------------ ----------

Numerator:
Net income (loss)..................................... $(3,306,000) $ (3,893,000) $7,490,000
Accretion of Series A and Series B
Redeemable, Convertible Preferred Stock............ (11,000) -- --
----------- ------------ ----------
$(3,317,000) $ (3,893,000) $7,490,000
=========== ============ ==========
Denominator:
Denominator for basic net income (loss) per share --
weighted average shares............................ 18,399,000 32,351,000 39,996,000
Effect of dilutive stock options...................... -- -- 3,695,000
----------- ------------ ----------
Denominator for diluted net income (loss) per share --
weighted average shares............................ 18,399,000 32,351,000 43,691,000
Redeemable, Convertible Preferred Stock............... 11,474,000 2,612,000 --
----------- ------------ ----------
Weighted average shares for pro forma net loss per
share................................................. 29,873,000 34,963,000 --
=========== ============
Basic net income (loss) per share....................... $ (0.18) $ (0.12) $ 0.19
=========== ============ ==========
Diluted net income (loss) per share..................... $ (0.18) $ (0.12) $ 0.17
=========== ============ ==========
Pro forma net income (loss) per share................... $ (0.11) $ (0.11)
=========== ============


Options aggregating 3,776,000 and 5,205,000 at December 31, 1997 and 1998,
respectively, are not included in the above calculations as they are
antidilutive.

11. EXPORT SALES

ISS generates export sales from the United States to the Europe,
Asia/Pacific Rim and Latin America regions. Also, revenues are generated from
ISS's foreign operations in these regions. ISS is organized as, and operates in,
a single business segment. Revenues from any one country are not material. In
the aggregate, the Europe, Asia/Pacific Rim and Latin America regions
represented the following percentages of total revenues:



1997 1998 1999
---- ---- ----

Europe...................................................... 5% 9% 11%
Asia/Pacific Rim............................................ 6 3 5
Latin America............................................... -- -- 1


50
52
ISS GROUP, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

12. QUARTERLY FINANCIAL RESULTS (UNAUDITED)

Summarized quarterly results for the two years ended December 31, 1998 and
1999 are as follows (in thousands, except per share data):



FIRST SECOND THIRD FOURTH
------- ------- ------- -------

1998 by quarter:
Revenues.................................. $10,477 $11,824 $13,812 $20,975
Operating income (loss)................... (1,599) (2,147) (1,258) (1,101)
Net income (loss)......................... (1,539) (1,319) (528) (507)

Loss per share:
Basic..................................... $ (0.08) $ (0.04) $ (0.01) $ (0.01)
Diluted................................... (0.08) (0.04) (0.01) (0.01)
Pro forma................................. (0.05) -- -- --

1999 by quarter:
Revenues.................................. $22,975 $27,279 $30,001 $36,232
Operating income (loss)................... 396 739 (842) 2,407
Net income................................ 1,176 2,127 693 3,494

Income per share:
Basic..................................... $ 0.03 $ 0.05 $ 0.02 $ 0.09
Diluted................................... 0.03 0.05 0.02 0.08


Because of the method used in calculating per share data, the quarterly per
share data will not necessarily add to the per share data as computed for the
year.

51
53

SCHEDULE II

VALUATION AND QUALIFYING ACCOUNTS



BALANCE AT
BEGINNING OF BALANCE AT
YEAR PROVISION WRITE-OFFS END OF YEAR
------------ --------- ---------- -----------

1997
Allowance for Doubtful Accounts................. $ 96,000 $210,000 $ (20,000) $286,000
======== ======== ========= ========
1998
Allowance for Doubtful Accounts................. $286,000 $229,000 $(103,000) $412,000
======== ======== ========= ========
1999
Allowance for Doubtful Accounts................. $412,000 $554,000 $(118,000) $848,000
======== ======== ========= ========


52
54

SIGNATURES

Pursuant to the requirements of the Section 13 or 15(d) of the Securities
Exchange Act of 1934, the Registrant has duly caused this Report to be signed on
its behalf by the undersigned, thereunto duly authorized.

ISS GROUP, INC.

By: /s/ RICHARD MACCHIA
------------------------------------
Richard Macchia
Vice President and Chief Financial
Officer

Dated: March 30, 2000

POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature
appears below hereby severally constitutes and appoints, Thomas E. Noonan,
Richard Macchia and Jon Ver Steeg, and each or any of them, his true and lawful
attorney-in-fact and agent, each with the power of substitution and
resubstitution, for him in any and all capacities, to sign any and all
amendments to this Annual Report (Form 10-K) and to file the same, with exhibits
thereto and other documents in connection therewith, with the Securities and
Exchange Commission, hereby ratifying and confirming all that each said
attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or
cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this
Report has been signed below by the following persons on behalf of the
Registrant and in the capacities and on the dates indicated.



NAME TITLE DATE
---- ----- ----


/s/ THOMAS E. NOONAN Chairman, President and Chief March 30, 2000
- ----------------------------------------------------- Executive (Principal
Thomas E. Noonan Executive Officer)

/s/ CHRISTOPHER W. KLAUS Chief Technology Officer, March 30, 2000
- ----------------------------------------------------- Secretary and Director
Christopher W. Klaus

/s/ RICHARD MACCHIA Vice President and Chief March 30, 2000
- ----------------------------------------------------- Financial Officer (Principal
Richard Macchia Financial and Accounting
Officer)

/s/ RICHARD S. BODMAN Director March 30, 2000
- -----------------------------------------------------
Richard S. Bodman

/s/ ROBERT E. DAVOLI Director March 30, 2000
- -----------------------------------------------------
Robert E. Davoli

/s/ SAM NUNN Director March 30, 2000
- -----------------------------------------------------
Sam Nunn


53
55



NAME TITLE DATE
---- ----- ----

/s/ KEVIN J . O'CONNOR Director March 30, 2000
- -----------------------------------------------------
Kevin J. O'Connor

/s/ DAVID N. STROHM Director March 30, 2000
- -----------------------------------------------------
David N. Strohm


54