1
- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
---------------------
FORM 10-K
(MARK ONE)
[X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF
THE SECURITIES EXCHANGE ACT OF 1934
FOR THE FISCAL YEAR ENDED DECEMBER 31, 1998
OR
[ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF
THE SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM ____________ TO ____________
Commission file number -
ISS GROUP, INC.
(Exact Name of Registrant as Specified in Its Charter)
DELAWARE 58-2362189
(State or other jurisdiction of (I.R.S. Employer Identification No.)
incorporation or organization)
6600 PEACHTREE-DUNWOODY ROAD 30328
300 EMBASSY ROW, SUITE 500 (Zip code)
ATLANTA, GEORGIA
(Address of principal executive offices)
Registrant's telephone number, including area code: (678) 443-6000
Securities registered pursuant to Section 12(b) of the Act:
NAME OF EACH EXCHANGE
TITLE OF EACH CLASS ON WHICH REGISTERED
------------------- ---------------------
None None
Securities registered pursuant to Section 12(g) of the Act:
COMMON STOCK, $0.001 PAR VALUE
(Title of Class)
Indicate by check mark whether the Registrant (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
Registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days.
Yes [X] No [ ]
Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to the
best of Registrant's knowledge, in definitive proxy or information statements
incorporated by reference in Part III of this Form 10-K or any amendment to this
Form 10-K. [ ]
The aggregate market value of the voting stock held by non-affiliates of the
Registrant, based upon the closing sale price of Common Stock on February 5,
1999 as reported on the Nasdaq National Market, was approximately $1.03 billion
(affiliates being, for these purposes only, directors, executive officers and
holders of more than 5% of the Registrant's Common Stock).
As of February 5, 1999, the Registrant had 17,356,487 outstanding shares of
Common Stock.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the Proxy Statement for Registrant's 1999 Annual Meeting of
Stockholders are incorporated by reference into Part III of this Form 10-K.
- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
2
PART I
ITEM 1. BUSINESS
BUSINESS
OVERVIEW
We are the leading provider of monitoring, detection and response software
that protects the security and integrity of enterprise information systems,
according to market share reports by Aberdeen Group, Gartner Group and the
Yankee Group. Our SAFEsuite family of products is designed to enforce "best
practice" information risk management automatically across distributed computing
environments. Our products use an innovative Adaptive Network Security, or ANS,
approach that entails continuous security risk monitoring, detection and
response to develop and enforce an active network security policy. In addition,
we offer professional services which enable us to deliver comprehensive network
and Internet security solutions to our customers. We pioneered the technology
for vulnerability and threat detection through a dedicated security research and
development team and we believe that we have the most comprehensive
vulnerability and threat database in existence. We have licensed our network
security solutions to over 3,000 organizations worldwide, including firms in the
Global 2000, U.S. and international government agencies, and major universities.
Twenty-one of the 25 largest commercial banks in the United States, as ranked by
Fortune, have licensed our products. We also have established strategic
relationships with industry leaders, including Check Point, GTE, IBM, MCI
WorldCom, Microsoft and Nortel, to enable worldwide distribution of our core
monitoring technology.
INDUSTRY BACKGROUND
Network computing has evolved from client/server-based local area networks
to distributed computing environments based on the integration of inter-company
wide area networks via the Internet. The proliferation and growth of corporate
intranets and the increasing importance of electronic commerce have dramatically
increased the openness of computer networks, with the Internet becoming a widely
accepted platform for many business-to-business and direct-to-customer
transactions. International Data Corporation ("IDC") estimates that the number
of Internet users will grow from 97 million in 1998 to 320 million in 2002, and
that the value of electronic commerce transactions will grow from $32 billion to
$426 billion over the same period. Additionally, IDC estimates that the number
of devices accessing the Web will increase from 120 million in 1998 to 515
million in 2002. To capitalize on these trends, organizations are increasingly
connecting their enterprise networks to the Internet to facilitate and support
strategic business objectives, including:
- electronic data interchange (EDI);
- supply chain systems integration;
- Web-based access to account information and delivery schedules; and
- secure messaging and online purchases and payments.
With the increased use of the Internet by businesses and consumers,
organizations increasingly network their key systems in order to reduce costs
and increase revenues. For example, businesses can implement supply chain
management applications through standards enabled by the Internet. To optimize
the supply chain, businesses use the Internet to provide suppliers with access
to sensitive internal information, such as engineering designs, product
development plans, raw material inventories and product schedules. Organizations
also strengthen their ties with customers through "corporate Internet portals"
that provide comprehensive information for purchasing products, checking order
status and managing customer billings. This increased level of access provided
by open systems carries with it the risk of unauthorized access to and use of
sensitive information or malicious disruptions of important information-exchange
systems.
1
3
THE NEED FOR NETWORK SECURITY
Although open computing environments have many business advantages, their
accessibility and the relative anonymity of users make these systems, and the
integrity of the information that is stored on them, vulnerable to security
threats. Open systems present inviting opportunities for computer hackers,
curious or disgruntled employees, contractors and competitors to compromise or
destroy sensitive information within the system or to otherwise disrupt the
normal operation of the system. In addition, open computing environments are
complex and typically involve a variety of hardware, operating systems and
applications supplied by a multitude of vendors, making these networks difficult
to manage, monitor and protect from unauthorized access. Each new addition of
operating system software, applications or hardware products to the distributed
computing environment may introduce a vast number of new vulnerabilities and
security risks. To adequately secure a network, information technology, or IT,
managers must have the resources to not only correctly configure the security
measures in each system, but also to understand the risks created by any change
to existing systems on the network. This situation is made worse by the limited
supply of personnel knowledgeable in information security issues.
Executives must understand and manage the risks involved when integrating
their systems with the systems of suppliers and customers to achieve strategic
objectives. According to the annual Information Week/PricewaterhouseCoopers LLP
1998 Global Information Security Survey of IT managers and professionals, 59% of
those surveyed who are associated with sites selling products or services on the
Web reported at least one security breach in the past year. In addition, sites
integrated with supply-chain network or enterprise resource planning
applications reported security violations 10% more often than sites without such
applications. In a separate PricewaterhouseCoopers 1998 survey of chief
executive officers, 84% cited security concerns as a barrier to deployment of IT
initiatives. Despite the convenience and the compelling economic incentives for
the use of Internet-protocol networks, they cannot reach their full potential as
a platform for global communication and commerce until organizations can
implement an effective platform to manage information risk.
Historically, organizations have responded to perceived security threats by
implementing passive point tools, such as encryption, firewall, authentication
and other technologies designed to protect individual components of their
internal networks from unauthorized use or outside attacks. These technologies
address some security concerns, but are often ineffective because:
- encryption protects information during transmission; however, it does not
typically protect information at either the source or the destination;
- a firewall, which controls the flow of data between an internal network
and outside networks or the Internet, is necessary for rudimentary access
control, but must be regularly reconfigured to accommodate new business
applications, users and business partners on the network. Thus, firewalls
can be left vulnerable to hackers and others seeking to compromise
network integrity and fail to protect against improper use by authorized
users;
- operating system security mechanisms, such as user authentication,
passwords and multi-level access rights, can prevent unauthorized access
by internal and external users. However, deployment issues such as easily
guessed passwords or default accounts left on newly installed devices
diminish the effectiveness of these measures.
Passive point tools do not address the fundamental issue that the inherent
utility of open systems is itself the source of their vulnerability. This
conflict between the benefits of open systems and the risks of their
unauthorized use or disruption has not been widely recognized or addressed by
passive security tools.
Many organizations have developed security policies that define the
appropriate use of network resources, establish the proper configuration of
network services, operating systems and applications and describe the actions to
be taken if there is an attack on the network. These security policies attempt
to define the organization's acceptable level of risk. Organizations, however,
have not had the systems to automatically enforce and implement such policies
across their entire IT infrastructure. Without such systems, the dynamic
2
4
nature of enterprise networks causes the organization's actual security practice
to diverge from the stated security policy, potentially exposing the
organization to additional unanticipated risks.
To be effective, passive point tools need to be coordinated through
enterprise-wide systems that automatically evaluate and eliminate the
vulnerabilities and threats. Direct observation of vulnerabilities and threats
can allow an organization to define and automatically enforce an integrated,
enterprise-wide information risk management process that can be managed
centrally and implemented on a distributed basis. Any security solution must be:
- easy to use by both management and the organization's existing IT
personnel;
- compatible with existing security technologies as well as be flexible
enough to incorporate new technologies; and
- able to provide a comprehensive and accurate picture of security issues
across the organization's entire distributed network such that the
managers of the system trust the objectivity of the security system in
monitoring, detecting and responding to vulnerabilities and threats.
THE ISS SOLUTION
Our dynamic, process-driven Adaptive Network Security approach to
enterprise-wide information risk management relies on the principles of
monitoring, detection and response to the ever-changing vulnerabilities in and
threats to the hardware products, operating systems and applications that
comprise every network system. We designed our SAFEsuite family of products to
enable an organization to centrally define and manage an information risk policy
for its existing network system infrastructure, including all Internet
protocol-enabled devices. Our solutions provide the ability to visualize,
measure and analyze real-time security vulnerabilities and control threats
across the entire enterprise computing infrastructure, keeping the
organization's IT personnel informed of changing risk conditions and
automatically making adjustments as necessary. Through custom policies or by
using our "best practice" templates, our customers can minimize security risks
without closing off their networks to the benefits of open computing
environments and the Internet.
Our solutions reach beyond the traditional approaches to network security
in the following respects:
Adaptive Network Security
ANS is a proactive, risk management-based approach to enterprise security
that links security practice and security policy through a continuous
improvement process. ANS achieves this objective through four critical
processes:
- continuously monitoring network, system and user activity and configuring
devices, systems and applications on the network;
- detecting security risks in network traffic and within systems;
- responding to security threats to minimize risks; and
- analyzing and reporting dynamic risk conditions and response actions and
updating security policies.
Comprehensive Enterprise Security Solution
We combine ANS principles with our extensive knowledge of network, system
and application vulnerabilities and threats to provide scalable security
solutions. Our SAFEsuite family of products provides a comprehensive network and
system security framework. In addition, we sell our products individually as
solutions for a particular function. We also offer a broad range of professional
services to assist in the development and enforcement of an effective security
policy and to facilitate the deployment and use of our software. Our solutions
are interoperable with a broad range of platforms and complement the products of
leading security and network management vendors. They provide a single point of
management and control for an enterprise-wide security policy. In this manner,
our SAFEsuite family of products serves as a critical enhancement to traditional
passive point tools, such as encryption, firewalls and authentication. We have
3
5
designed our products to be easily installed, configured, managed and updated by
a system administrator through an intuitive graphical user interface without
interrupting or affecting network operation. The software automatically
identifies systems and activities that do not comply with a customer's policies,
and provides a critical feedback mechanism for adjusting the security levels of
networked systems based upon its findings. Our products generate
easy-to-understand reports ranging from executive-level trend analysis to
detailed step-by-step instructions for eliminating security risks.
The X-Force
Because there are few IT professionals specifically trained in network and
system security issues, we have assembled a senior research and development team
composed of security experts who are dedicated to understanding new
vulnerabilities and real-time threats and attacks, and developing solutions to
address these security issues. The team is known in the industry as the
"X-Force" and represents one of our competitive advantages. Because of the
collective knowledge and experience of the members of the X-Force, we believe
that they comprise one of the largest and most sophisticated groups of IT
security experts currently researching vulnerability and threat science.
Organizations such as CERT (Computer Emergency Response Team), the FBI and
leading technology companies routinely consult the X-Force on network security
issues. Through the X-Force, we maintain a proprietary and comprehensive
knowledge base of computer exploits and attack methods, including what we
believe is the most extensive publicly-available collection of Windows NT
vulnerabilities and threats in existence. To respond to an ever-changing risk
profile, the X-Force continually updates this knowledge base with the latest
network vulnerability information, which aids in the design of new products and
product enhancements.
STRATEGY
Our objective is to be the leading provider of information risk management
systems that, through our ANS approach, proactively protect the integrity and
security of enterprise-wide information systems from vulnerabilities, misuse,
attacks and other information risks. We focus on developing innovative and
automated software solutions to provide customers with a comprehensive framework
for protecting their networks and systems by monitoring for vulnerabilities and
real-time threats. Our solutions allow customers to enforce "best practice"
network and system security policies. Key elements of our strategy include:
Continue Our Leadership Position in Security Technology
We intend to maintain and enhance our technological leadership in the
enterprise security market by hiring additional network and Internet security
experts, broadening our proprietary knowledge base, continuing to invest in
product development and product enhancements and acquiring innovative companies
and technologies that complement our solutions. By remaining independent of
other providers of system software, applications and hardware and by solidifying
our position as a best-of-breed provider of monitoring, detection and response
software, we believe that customers and potential customers will view us as the
firm of choice for establishing and maintaining effective security practices and
policies.
Expand Domestic Sales Channels
We intend to increase the distribution and visibility of our products by
expanding our regional direct sales program and increasing our market coverage
through the establishment of additional indirect channels with key managed
service providers, Internet service providers, systems integrators, resellers,
OEMs and other channel partners. We believe that a multi-channel sales approach
will build customer awareness of the need for our products and enable us to more
rapidly build market share across a wide variety of industries.
Enhance and Promote Professional Services Capabilities
We are establishing long-term relationships with our customers by serving
as a "trusted advisor" in addressing network security issues. To continue to
fulfill this responsibility to our customers, we are expanding our professional
services capabilities. These capabilities will allow us to provide our customers
with additional
4
6
security system design, planning, installation, testing and consulting services
to assist in developing and maintaining effective information risk management
solutions. By providing professional services, we also can heighten customer
awareness about network security issues, which creates opportunities for us to
sell new products or product enhancements to our existing customers.
Expand International Operations
We plan to continue to aggressively expand our international operations to
address the rapid global adoption of distributed computing environments. Many
foreign countries do not have laws recognizing network intrusion or misuse as a
crime or the resources to enforce such laws if they do exist. As a consequence,
we believe that organizations in such countries will have greater need for
effective security solutions. We currently maintain international offices in
Australia, Belgium, Brazil, Canada, England, France, Germany, Japan and Mexico
and plan to expand in those regions where businesses, governments and other
institutional users are using distributed networks and the Internet for their
mission-critical needs.
Broaden ANS Category Awareness
We intend to increase and broaden awareness of the need for ANS and our
information risk management solutions. In 1998, we led the formation of the
Adaptive Network Security Alliance, or ANSA, as a means to offer Adaptive
Network Security to support a wide range of network management and security
products. In addition, by increasing our level of public relations, educational
events, seminars, advertising, direct marketing and trade show participation, we
intend to increase the public's recognition of the risks and dangers associated
with the adoption of open computing systems and commerce initiatives, as well as
the ability to manage such risks through an effective ANS-based solution.
PRODUCT ARCHITECTURE
The SAFEsuite family of products delivers our ANS approach to network
security through a flexible architecture designed to be integrated with existing
security and network system infrastructures. Our SAFEsuite products enhance the
effectiveness of passive point tools by monitoring them for threats and
vulnerabilities and responding with actions that align customers' security
practices and policies. SAFEsuite complements network and security management
frameworks by providing information required for informed decisions to minimize
security risks while maintaining the desired level of network functionality.
Thus, our products provide a risk management-based approach to security with
scalable deployment of best-of-breed products and integrated enterprise-wide
implementations.
The SAFEsuite product architecture includes a policy management interface
that lets customers choose among "best practice" templates or policies that
establish the acceptable level of risk appropriate for their networks. Our
individual products then automatically verify compliance with the chosen policy
in terms of actual system configuration and network activity. Graphical reports
describe the deviations from the established policy, including the measures
required to reduce the risk.
This product architecture allows all the SAFEsuite technologies to connect
directly into common standards, providing comprehensive security reports for the
entire enterprise. To ensure communication confidentiality between individual
SAFEsuite components and to prevent their misuse, SAFEsuite uses RSA encryption
algorithms, which have become de facto encryption standards. The SAFEsuite
Security Knowledge Base, a database containing information about the devices and
security risks on a customer's network, utilizes an open database connectivity,
or ODBC, interface and allows customers to select their preferred database such
as Informix, Microsoft SQL Server, Oracle, Sybase or any ODBC-compliant database
for data storage. The various SAFEsuite products consolidate security data,
enabling users to quickly determine their risk profiles and respond. In
addition, SAFEsuite products provide automated decision support by assessing
priorities and providing a graphical representation of important security risk
data sets. This feature allows key decision-makers to prioritize their program
strategies for effective deployment of resources to minimize security risks.
5
7
Each SAFEsuite product can be deployed as a stand-alone, best-of-breed
solution to meet the needs of the local administrator or departmental user.
Through support for remote, multi-level management consoles and the SAFEsuite
Security Knowledge Base, enterprise-level users can analyze security risk
conditions for the entire network. The SAFEsuite Security Knowledge Base allows
the customer to address both vulnerabilities and threats, thereby minimizing
network security risk and associated costs. SAFEsuite's frequent updates
integrate the latest identified security vulnerabilities and threats into the
operations of an existing product installation.
PRODUCTS
The following table lists our current offering of SAFEsuite products, and
includes a brief description of each product's functionality and current list
prices (dollar amounts are for the indicated scope of use, with prices
discounted for larger networks):
INTRODUCTION
DESCRIPTION SCOPE U.S. LIST PRICE DATE
- ----------------------------------------------------------------------------------------------------------------
NETWORK SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING
- ----------------------------------------------------------------------------------------------------------------
Internet Scanner Comprehensive security 50 devices $ 3,495 October 1992
assessment for all 1000 devices 19,945
devices on an enterprise 3000 devices 39,500
network
- ----------------------------------------------------------------------------------------------------------------
INTERNAL SYSTEM SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING
- ----------------------------------------------------------------------------------------------------------------
System Scanner -- Internal security assessment 50 computers $ 1,950 December 1998
desktop version for desktop operating 400 computers 11,950
systems 1000 computers 25,500
- ----------------------------------------------------------------------------------------------------------------
System Scanner -- Internal security assessment 5 computers $ 3,250 January 1997
server version for server operating systems 30 computers 17,500
100 computers 50,000
- ----------------------------------------------------------------------------------------------------------------
DATABASE SECURITY VULNERABILITY DETECTION, ANALYSIS AND RESPONSE
- ----------------------------------------------------------------------------------------------------------------
Database Scanner Comprehensive security 5 servers $ 4,475 December 1998
assessment for SQL 10 servers 8,500
databases 50 servers 41,250
- ----------------------------------------------------------------------------------------------------------------
NETWORK SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE
- ----------------------------------------------------------------------------------------------------------------
RealSecure Engine Real-time attack recognition, 1 engine $ 8,995 December 1996
misuse detection and 10 engines 69,900
response for network traffic 25 engines 149,900
- ----------------------------------------------------------------------------------------------------------------
INTERNAL SYSTEM SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE
- ----------------------------------------------------------------------------------------------------------------
RealSecure Agent Real-time attack recognition, 5 computers $ 3,750 December 1998
misuse detection and 25 computers 15,000
response for activities within 100 computers 50,000
systems
- ----------------------------------------------------------------------------------------------------------------
ENTERPRISE INFORMATION RISK MANAGEMENT
- ----------------------------------------------------------------------------------------------------------------
SAFEsuite Decisions Decision support system Small enterprise $ 25,000 December 1998
for information risk Medium enterprise 100,000
management Large enterprise 250,000
- ----------------------------------------------------------------------------------------------------------------
6
8
Internet Scanner
Internet Scanner quickly finds and fixes security holes through automated
and comprehensive network security vulnerability detection and analysis.
Internet Scanner scans and detects vulnerabilities, prioritizes security risks
and generates an array of meaningful reports ranging from executive-level trend
analysis to detailed step-by-step instructions for eliminating security risks.
Internet Scanner initiates a scan from a workstation placed inside or outside a
corporate firewall. These scans measure the actual implementation of an
organization's security policies. Scans may be as simple as determining the
basic computing services available on the network or as comprehensive as a
thorough testing using Internet Scanner's vulnerability database -- the most
comprehensive in the industry. Internet Scanner's intranet module methodically
examines intranet servers, routers, operating systems and key applications for
potential violations in security policy. The firewall module works through the
network to find firewalls and provide an accurate assessment of their
configuration and degree of protection. Finally, the Web security module locates
intranet, extranet and Internet Web servers, checking them for possible
misconfigurations and security weaknesses. After completing their scans, the
Internet Scanner modules return lists of discovered vulnerabilities and prepare
in-depth reports to assist administrators with follow-up and review.
System Scanner
System Scanner serves as a security assessment system that helps manage
security risks through comprehensive detection and analysis of operating system,
application and user-controlled security weaknesses. System Scanner identifies
potential security risks by comparing security policy with actual host computer
configurations. Potential vulnerabilities include missing security patches,
dictionary-crackable passwords, inappropriate user privileges, incorrect file
system access rights, unsecure service configurations and suspicious log
activity that might indicate an intrusion. System Scanner stores scanned
operating system configurations, placing an electronic "fingerprint" on
individual hosts. Routine reviews of these records help identify damaged or
maliciously altered systems before they become a security or performance
liability. Furthermore, System Scanner helps restore suspicious or damaged Unix
systems, generating automated fix scripts for file ownerships and permissions.
System Scanner augments its automated policy compliance testing with a database
of over 600 vendor patches and other system enhancements. This powerful built-in
knowledge base quickly pinpoints high risk activity, such as password sniffing,
remote access programs or unauthorized dial-up modems and remote control
software. System Scanner returns a list of discovered vulnerabilities and
prepares in-depth reports to assist administrators with follow-up and review.
Database Scanner
Database Scanner provides security risk assessment for database management
systems. Database Scanner allows a user to establish a database security policy,
audit a database and present a database's security risks and exposures in
easy-to-read reports. Most database security violations occur not because
databases have inherently weak security, but rather because systems are not set
up correctly and security policies are not established and enforced. Even in a
properly configured system, settings can be changed -- either accidentally or
maliciously -- leaving sensitive information at risk. Database Scanner develops,
implements and maintains appropriate database system security strategies,
policies and procedures. It examines database systems for adherence to accepted
operational standards for account creation, access control, account suspensions
and renewals along with software upgrades, patches and hot fixes. The security
risks in internal applications utilizing database management systems can be
measured and managed with Database Scanner. The easy to read reports provide
detailed graphical analysis with recommended fixes and promote effective
communication of security risks across departments and levels of management.
RealSecure
RealSecure is an integrated network- and host-based intrusion detection and
response system. RealSecure's around-the-clock surveillance extends
unobtrusively across the enterprise, allowing administrators to automatically
monitor network traffic and host logs, detect and respond to suspicious activity
and intercept and respond to internal or external host and network abuse before
system security is compromised. RealSecure's
7
9
multi-point management architecture allows for rapid enterprise-wide deployment
and operation across geographic and organizational boundaries in both Unix and
Windows NT environments. RealSecure's innovative Manager-Engine-Agent
architecture provides flexible deployments to meet the requirements of diverse
corporate networks.
RealSecure Engine. The RealSecure Engine runs on dedicated workstations to
provide network intrusion detection and response. Each RealSecure Engine
monitors the packet traffic on a specific network segment for attack
signatures -- telltale evidence that an intrusion attempt is taking place.
Recognition occurs in real time and triggers user-definable alarms and responses
as soon as the attack is detected. RealSecure utilizes our Digital
FingerPrinting technology to recognize a large number of attack patterns on
high-speed networks. Additionally, our Adaptive Filtering Algorithm tunes the
packet filter rules in response to network load, allowing the engine to
effectively function during bursts in network traffic. When a RealSecure Engine
detects an attack or misuse, it transmits an alarm to the RealSecure Manager or
a third-party network management console for administrative follow-up and
review. In addition, RealSecure responds immediately by terminating the
connection, sending email or pager alerts, recording the session, reconfiguring
select firewalls or taking other user-definable actions.
RealSecure Agent. RealSecure Agent is a host-based complement to
RealSecure Engine. RealSecure Agent analyzes host logs to recognize attacks,
determine whether an attack was successful and provide other forensic
information not available in real time. Based on what is discovered, RealSecure
Agent reacts to prevent further incursions by terminating user processes and
suspending user accounts. It also logs events, sends, alarms and emails and
executes user-defined actions. Each RealSecure Agent installs on a workstation
or host, thoroughly examining that system's logs for telltale patterns of
network misuse and breaches of security. Like RealSecure Engine, RealSecure
Agent sends an alarm to the RealSecure Manager or third-party network management
console when it detects evidence of improper usage. Based on what it discovers,
RealSecure Agent also automatically reconfigures RealSecure Engines and select
firewalls to prevent future incursions.
SAFEsuite Decisions
SAFEsuite Decisions is the initial product in our new SAFEsuite Enterprise
family of enterprise security management solutions. SAFEsuite Decisions delivers
continuous security improvement across the enterprise from a single application.
SAFEsuite Decisions leverages the value of our SAFEsuite products to provide an
adaptive enterprise network security system for ongoing, active information risk
management. SAFEsuite Decisions integrates critical security data generated by
our Internet Scanner, System Scanner, RealSecure and third-party firewalls, into
a closed, automated feedback loop. This information is condensed into a
comprehensive reporting system, enabling timely, focused and informed decisions
for effective information risk management. SAFEsuite Decisions enables managers
and administrators to take immediate action to protect online resources.
SAFEsuite Decisions facilitates efficient management of enterprise security risk
and maximizes the security of large-scale networking and Internet-based
commerce.
PROFESSIONAL SERVICES
We enhance the value of our products by offering professional consulting
services to assure customers' success in the use of our products. We have
network security professionals ready to assist customers with their particular
security policy development and enforcement needs. Our professional services can
range from providing network security resources for overburdened IT departments
to conducting investigations of serious breaches in security. Our professional
services offerings include:
- Quick Assist -- Customer assistance for determining a client's risk
condition and development of an Adaptive Network Security business case;
- JumpStart -- High-value, customized on-the-job training and quick-start
implementation programs;
- Incident Response & Post-Attack Support -- Data recovery and business
resumption planning services, investigation and forensics, litigation and
expert witness support;
8
10
- Triage -- High-impact, rapid turnaround network emergency support
services including vulnerability assessment and corrective action
support;
- Security Architecture Design & Engineering -- Adaptive Network Security
architecture and design services;
- Enterprise Threat & Vulnerability Battle Planning -- Logical, systematic
approach for project and budget planning, acquisition and technology
strategy and security program development and implementation; and
- Network Operations Support -- On-site and remote network monitoring and
response, coupled with standard network security operations services.
We complement our service offerings with a full range of training and
certification programs. Our Certified User courses are available at our
education center in Atlanta, Georgia, and at approved training centers around
the world. These classes address planning, installation and basic operation of
our products in a hands-on, interactive environment. For more advanced needs,
our ISS Certified Engineer training courses cover advanced topics specific to
each SAFEsuite or SAFEsuite Enterprise product. Our training goes beyond simple
"how to" exercises. Upon completion of instructor-led discussions and exercises,
students respond to actual, on-the-job scenarios. These simulations allow
students to apply their new skills to real-world situations, reinforcing both
basic and advanced skills. Our training courses encompass the complete life
cycle of our SAFEsuite products, from installation and operations to advanced
troubleshooting.
PRODUCT PRICING
We use a range of fee structures to license our products, depending on the
type of product and the intended use. We license our vulnerability detection
products, Internet Scanner, System Scanner and Database Scanner, based on the
number of devices being scanned. The pricing scheme is scalable, providing low
entry points for departmental users without limiting our revenue potential from
customers with large networks. Pricing for our threat detection products,
RealSecure Engine and RealSecure Agent, is based on the number of engines
deployed on the network. Thus, licensing fees for our products are ultimately
determined by the size of the customer's network, as size dictates the number of
devices to be scanned or the number of engines to be deployed. In addition to
license fees, customers virtually always purchase maintenance agreements in
conjunction with their initial purchase of a software license, with annual
maintenance fees typically equal to 20% of the product's license fee.
Maintenance agreements include annually renewable telephone support, product
updates, access to our X-Force Security Alerts and error corrections. Our
continuing research into new security risks and resulting product updates
provide significant ongoing value. As a result, a substantial majority of our
customers renew their maintenance agreements. Customers who use our products to
provide IT consulting services have license agreements that are based on a
revenue sharing model. We have historically sold fully-paid perpetual licenses
with a renewable annual maintenance fee and, more recently, have licensed our
products on a subscription basis (which includes maintenance) for one or two
year periods and are exploring other alternatives for customers desiring longer
term arrangements or multi-year commitments.
PRODUCT DEVELOPMENT
We developed our SAFEsuite products to operate in heterogeneous computing
environments. Products are compatible with other vendors' products across a
broad range of platforms, including HP-UX, IBM AIX, Linux, SGI IRIX, SunOS, Sun
Solaris, Windows 95/98 and Windows NT. We have incorporated a modular design in
our products to permit plug-and-play capabilities, although customers often use
our professional services or our strategic partners to install and configure
products for use in larger or more complex network systems.
We employ a two-pronged product development strategy to achieve our goal of
providing the most comprehensive security coverage within the monitoring,
detection and response market. First, we continue to develop best-of-breed
security products to address particular network configurations. Such new
products, and
9
11
our existing products like Internet Scanner, System Scanner and RealSecure, are
updated approximately every four to six months to add new features, improve
functionality and incorporate timely responses to vulnerabilities and threats
that have been added to our vulnerability and threat database. These updates are
usually provided as part of separate maintenance agreements sold with the
product license.
Second, to complement our existing products and provide more comprehensive
network security coverage, we are expanding our existing SAFEsuite products by
developing additional enterprise-level products that incorporate ANS principles.
These products will allow customers to protect their networks by continuously
measuring and analyzing the status of their network's security, and by
monitoring and controlling the security risks in real time across the enterprise
network. These SAFEsuite enterprise products are interoperable with our existing
products, allowing modular implementation.
Expenses for product development were $1.2 million, $3.4 million and $9.3
million in 1996, 1997 and 1998, respectively. All product development activities
are conducted at our principal offices in Atlanta, and at our research and
development facilities in Mountain View, California and Reading, England, where,
as of December 31, 1998, an aggregate of 108 personnel were employed in product
development teams. In addition, our personnel include members of the Computer
Security Institute, Forum for Incident Response and Security Technicians
(FIRST), Georgia Tech Industrial Partners Association, Georgia Tech Information
Security Center and the International Computer Security Association (ICSA),
enabling us to actively participate in the development of industry standards in
the emerging market for network and Internet security systems and products.
CUSTOMERS
As of December 31, 1998, we had licensed versions of our SAFEsuite family
of products to over 3,000 customers. No customer accounted for more than 10% of
our consolidated revenues in 1996, 1997 or 1998. Our target customers include
both public and private sector organizations that utilize Internet
protocol-enabled information systems to facilitate mission-critical processes in
their operations. Our customers represent a broad spectrum of organizations
within diverse sectors, including financial services, technology,
telecommunications, government and information technology services.
The following is a list of certain of our customers that have purchased
licenses and services from us with an aggregate price of at least $15,000 and
which we believe are representative of our overall customer base:
FINANCIAL SERVICES IT SERVICES GOVERNMENT
Charles Schwab EDS NASA
First Union KPMG Peat Marwick Salt River Project
KeyCorp Perot Systems U.S. Department of the
Merrill Lynch PricewaterhouseCoopers Air Force
PNC Bank SAIC U.S. Department of the
SITA Army
TELECOMMUNICATIONS U.S. Department of
America Online TECHNOLOGY Defense
Bell Atlantic Hewlett-Packard U.S. State Department
BellSouth IBM
GTE Internetworking Intel OTHER
NETCOM On-Line Lucent Technologies Lockheed Martin
Communications Microsoft Merck
Nippon Telephone & NCR REI
Telegraph Siemens
VeriSign
Xerox
10
12
SALES AND MARKETING
Sales Organization
Our sales organization is divided regionally among the Americas, Europe and
the Asia/Pacific region. In the Americas, we market our products primarily
through our direct sales organization augmented by our indirect channels,
including security consultants, resellers, OEMs and systems consulting and
integration firms. The direct sales organization for the Americas consists of
regionally-based sales representatives and sales engineers and a tele-sales
organization located in Atlanta. As of December 31, 1998, we maintained sales
offices in the Atlanta, Austin, Boston, Chicago, Cincinnati, Dallas, Denver, Los
Angeles, Minneapolis, Monterrey (Mexico), New York, Palo Alto, Philadelphia,
Portland, San Francisco, Sao Paulo (Brazil), Seattle, Toronto (Canada) and
Washington, D.C. metropolitan areas. A dedicated group of professionals in our
Atlanta headquarters covers Latin America. As of December 31, 1998, we employed
92 people in the Americas direct sales and professional services organization.
The regionally-based direct sales representatives focus on opportunities where
we believe we can realize more than $200,000 in revenues per year.
In Europe and the Asia/Pacific region, substantially all of our sales occur
through authorized resellers. Internationally, we have established regional
sales offices in Brussels, London, Munich, Paris, Reading (England), Stuttgart,
Sydney and Tokyo. Personnel in these offices are responsible for market
development, including managing our relationships with resellers, assisting them
in winning and supporting key customer accounts and acting as a liaison between
the end user and our marketing and product development organizations. As of
December 31, 1998, 50 employees were located in our European and Asia/Pacific
regional offices. We expect to continue to expand our field organization into
additional countries in these regions.
Security Partners Program
We have established a Security Partners Program to train and organize
security consulting practices, Internet service providers, systems integrators
and resellers to match our products with their own complementary products and
services. By reselling SAFEsuite products, Security Partners provide additional
value for specific market and industry segments, while maintaining our ongoing
commitment to quality software and guaranteed customer satisfaction. We have
established three different levels of partnership opportunities:
- Premier Partners. Premier Partners are value-added resellers and systems
integrators with focused security practices. Many Premier Partners are
experienced in the sales and implementation of leading firewall
technology, as well as authentication and encryption technologies. These
partners leverage their expertise with our vulnerability assessment and
intrusion detection products. Premier Partners receive direct
distribution of our products, sales training, financial incentives,
access to our Web site for placing orders and partner-only
communications, including a link to the ISS Partner Web site.
- Authorized Partners. Authorized Partners generally consist of
organizations that provide security-focused consulting services, but
elect not to commit to the minimum annual purchase commitments and entry
fees applicable to Premier Partners. Authorized Partners may purchase
products directly from us and may access our Web site to place orders and
receive partner-only communications.
- Registered Partners. Unlike Premier Partners and Authorized Partners,
Registered Partners are not required to maintain an ISS Certified
Engineer on their staffs. Registered Partners receive partner-only
communications and may purchase products directly from us, including
through our online Web order system.
Adaptive Network Security Alliance
In 1998, we formed the Adaptive Network Security Alliance, or ANSA, as a
means to offer Adaptive Network Security to support a wide range of network
management and security products. ANSA currently has 53 members, including
leading security software vendors. ANSA delivers the flexibility of
best-of-breed products, enhanced enterprise security, accelerated implementation
of enterprise management and security solutions and additional value for
existing products and services. ANSA provides Adaptive Network Security
11
13
modules for firewalls, virtual private networks (VPNs), antivirus/malicious code
software, public key infrastructure (PKI) and enterprise systems management
products. Through ANSA, we, together with our technology partners, deliver
self-correcting security and management systems that provide maximum value for
organizations with limited IT security resources.
ANSA provides functionality in the following four key areas:
- Active Response. Security breaches require rapid response to identify
and stop threats before they place critical online assets at risk.
Through ANSA, firewalls, routers, switches, virtual private networks and
other technologies are reconfigured automatically and in real time to
break off the attack and prevent future penetrations.
- Lock Down. Improper configurations can make any technology vulnerable to
attack and misuse. We work with ANSA partners to develop customized
templates that enable the secure configuration of network devices. With
this "lock down" functionality, customers can be assured that the ANSA
partner's product will function as designed and will be securely
configured.
- Decision Support. Effective security decision-making and planning
requires timely analysis of enormous amounts of data across disparate
systems and network devices. ANSA enables fast and informed
enterprise-wide security decisions by collecting, integrating and
analyzing data from security and network infrastructure products of ANSA
partners. Resulting high value information is routed to network and
systems management consoles for immediate action.
- Adaptive Network Security Management. ANSA integrates Adaptive Network
Security management with enterprise system management platforms. This
integration simplifies the enforcement and implementation of security
policies across the enterprise leveraging existing IT resources.
ANSA is an open initiative and membership is offered free of charge to
vendors providing security, and enterprise and network infrastructure products
and services with a commitment to interoperability.
Marketing Programs
We conduct a number of marketing programs to support the sale and
distribution of our products. These programs are designed to inform existing and
potential end-user customers, OEMs and resellers about the capabilities and
benefits of our products. Marketing activities include:
- press relations and education;
- publication of technical and educational articles in industry journals
and our on-line magazine, ISS Alert;
- participation in industry tradeshows;
- product/technology conferences and seminars;
- competitive analysis;
- sales training;
- advertising and development and distribution of marketing literature; and
- maintenance of our Web site.
A key element of our marketing strategy is to establish our products and
our ANS model as the leading approach for enterprise-wide security management.
We have implemented a multi-faceted program to leverage the use of our SAFEsuite
product family and increase its acceptance through relationships with various
channel partners:
- Strategic Resellers. Although we have numerous resellers, certain of
these relationships have generated significant leverage for us in
targeted markets. Our strategic resellers, which include EDS, IBM,
Lucent, Siemens and Softbank, provide broad awareness of our brand
through enhanced
12
14
marketing activity, access to large sales forces, competitive control
points and access to larger strategic customer opportunities.
- Consultants. The use of our products by security consultants not only
generates revenue from the license sold to the consultant, but also
provides us with leads to potential end users with a concern for network
security. Consultants who have generated substantial leads for our sales
organization include Andersen Consulting, Arthur Andersen, Deloitte
Touche Tohmatsu International, Ernst & Young, IBM, KPMG Peat Marwick,
PricewaterhouseCoopers and SAIC Global Integrity.
- Managed Service Providers and Internet Service Providers. We license our
products to certain managed service providers and Internet service
providers to be used as part of their value-added services for their
customers, With our products, Internet service providers can offer their
users perimeter vulnerability scanning and assessment, and intrusion
detection for Web services and applications that typically reside outside
the firewalled perimeter. We license our products to GTE, Intermedia
Communications (Digex), IRE, MCI Worldcom and PSINet and other Internet
service providers for these purposes and receive a percentage of the
value-added revenue stream.
- OEMs. A number of vendors of security products, including Check Point,
Entrust, Lucent, NCR, Nortel and ODS Networks, have signed OEM agreements
with us. These agreements enable OEMs to incorporate our products into
their own product offerings to enhance their security features and
functionality. We receive royalties from OEM vendors and increased
acceptance of our products under these arrangements, which, in turn,
promotes sales of our other products to the OEM's customers.
We typically enter into written agreements with our strategic resellers,
consultants, managed service providers, Internet service providers and OEMs.
These agreements generally do not provide for firm dollar commitments from the
strategic parties, but are intended to establish the basis upon which the
parties will work together to achieve mutually beneficial objectives.
ADVISORY BOARD
We established an Advisory Board in February 1998 to further our sales and
recruiting efforts. Members of the Advisory Board currently consist of the
following:
Sam Nunn. Mr. Nunn has been a partner in the Atlanta law firm of King
& Spalding since January 1997. Previously, he served in the United States
Senate for four terms starting in 1972. Mr. Nunn is a director of The
Coca-Cola Company, General Electric Company, National Service Industries,
Scientific-Atlanta, Texaco and Total System Services. He also serves as
Chairman of the Board of the Center for Strategic and International Studies
(CSIS), a Washington, D.C. think tank.
John P. Imlay, Jr. Mr. Imlay is Chairman of Imlay Investments, and
serves on the board of directors of the Atlanta Falcons, Gartner Group,
Metromedia International Group, and several other organizations. He was
Chairman of Dun & Bradstreet Software Services from March 1990 until
November 1996. Prior to that, Mr. Imlay served as Chairman and Chief
Executive Officer of Management Science America, a company that was
acquired by Dun & Bradstreet Software Services.
The Advisory Board members advise us on long-term strategic growth,
including strategies for selling to key industries, recruitment of board members
and other key personnel, and trends in national and international policy
influencing our products and services. We also anticipate that Advisory Board
members will provide high visibility for us at industry events and will play key
roles in leading customer user groups to support our growth and industry
prominence. Members of the Advisory Board meet individually or as a group with
our management from time to time and are compensated through issuances of common
stock or options to acquire common stock.
CUSTOMER SERVICE AND SUPPORT
We provide ongoing product support services under license agreements.
Maintenance contracts are typically sold to customers for a one-year term at the
time of the initial product license and may be renewed
13
15
for additional periods. Under our maintenance agreements with our customers, we
provide, without additional charge, telephone support, documentation and
software updates and error corrections. Customers that do not renew their
maintenance agreements but wish to obtain product updates and new version
releases are generally required to purchase such items from us at market prices.
In general, major new product releases come out annually, minor updates come out
every four to six months and new vulnerability and threat checks come out every
two to four weeks. Customers with current maintenance agreements may download
product updates from our Web site.
We believe that providing a high level of customer service and technical
support is necessary to achieve rapid product implementation which, in turn, is
essential to customer satisfaction and continued license sales and revenue
growth. Accordingly, we are committed to continued recruiting and maintenance of
a high-quality technical support team. We provide telephone support to customers
who purchase maintenance agreements along with their product license. A team of
dedicated engineers trained to answer questions on the installation and usage of
the SAFEsuite products provides telephone support from 8:00 a.m. to 6:00 p.m.,
Eastern time, Monday through Friday, from our corporate office in Atlanta. We
provide telephone support 24 hours a day, seven days a week through a call-back
procedure to certain customers who pay an additional fee for the service. In the
United States and internationally, our resellers provide telephone support to
their customers with technical assistance from us.
COMPETITION
The market for network security monitoring, detection and response
solutions is intensely competitive, and we expect competition to increase in the
future. We believe that the principal competitive factors affecting the market
for network security products include security effectiveness, manageability,
technical features, performance, ease of use, price, scope of product offerings,
professional services capabilities, distribution relationships and customer
service and support. Although we believe that our solutions generally compete
favorably with respect to such factors, there can be no assurance that we can
maintain our competitive position against current and potential competitors,
especially those with significantly greater financial, marketing, service,
support, technical and other competitive resources. Our chief competitors
generally fall within one of four categories:
- internal IT departments of our customers and the consulting firms that
assist them in formulating security systems;
- relatively smaller software companies offering relatively limited
applications for network and Internet security;
- large companies, including Axent Technologies, Cisco Systems and Network
Associates, that sell competitive products, as well as other large
software companies that have the technical capability and resources to
develop competitive products; and
- software or hardware companies that could integrate features that are
similar to our products into their own products.
Due to a lack of appreciation of the complexity involved in the development
of automated systems to establish and maintain comprehensive and effective
security within a distributed computing environment, potential customers often
rely on their IT departments to internally formulate security systems or retain
consultants to undertake such a project. However, because experts in security
issues are in extremely short supply, such in-house solutions typically fail to
provide a comprehensive and sophisticated approach to security, are not designed
to adapt to changing security risks and are extremely expensive to develop. As
IT departments learn of our products and their relative cost, we believe that
these departments will be less inclined to independently develop systems with
functionalities similar to our products.
In addition, a number of smaller companies currently market or have under
development software applications to provide network and Internet security. We
believe that, to date, none of these companies offers products that are as
robust in features or as comprehensive in scope as the SAFEsuite family of
products. Although it is likely that the product development efforts of these
companies will eventually enable them to
14
16
offer a line of products to compete with our current product line, we intend to
continue to dedicate significant resources for product development and
recruiting in order to expand our product capabilities ahead of these
competitors. Notwithstanding, we expect additional competition from these
established competitors and from other emerging companies.
Mergers or consolidations among our competitors, or acquisitions of small
competitors by larger companies, would make such combined entities more
formidable competitors to us. In the last 18 months, both Cisco Systems and
Network Associates have acquired privately-held companies with products
competitive to ours. Although we believe that Cisco Systems and Network
Associates will continue to integrate these security products with their other
product offerings, we believe that our products will compete favorably based on
our product and platform functionality and Adaptive Network Security approach.
Notwithstanding, large companies may have advantages over us because of their
longer operating histories, greater name recognition, larger customer bases or
greater financial, technical and marketing resources. We believe that the entry
of larger, more established companies into our market will require them to
undertake operations that are currently not within their core areas of
expertise, thus exposing them to significant uncertainties in the product
development process. In addition, if larger companies were to enter our market,
they could have a greater ability to adapt more quickly to new or emerging
technologies and changes in customer requirements. They also could devote
greater resources to the promotion and sale of their products than we can. In
addition, these companies have reduced, and could continue to reduce, the price
of their security monitoring, detection and response products, which increases
pricing pressures within our market. In addition, large companies with broad
product offerings, such as Network Associates, have bundled their security
products with their other products, and we expect them to continue to do so in
the future, which makes it more difficult for us to compete with them. These
companies may develop security monitoring, detection and response products that
are better than our current or future products and this may render our products
obsolete.
Several companies currently sell software products (such as encryption,
firewall, operating system security and virus detection software) that our
customers and potential customers have broadly adopted. Some of these companies
sell products which perform the same functions as some of our products. In
addition, vendors of operating system software or networking hardware may
enhance their products to include the same kinds of functions that our products
currently provide. The widespread inclusion in operating system software or
networking hardware of features comparable to our software could render our
products obsolete, particularly if such features are of a high quality. Even if
security functions integrated into operating system software or networking
hardware are more limited than those of our software, a significant number of
customers may accept more limited functionality to avoid purchasing additional
software.
For the above reasons, we may not be able to compete successfully against
our current and future competitors. Increased competition may result in price
reductions, reduced gross margins and loss of market share, any one of which
could materially and adversely affect our business, operating results and
financial condition.
PROPRIETARY RIGHTS AND TRADEMARK ISSUES
We rely primarily on a combination of copyright and trademark laws, trade
secrets, confidentiality procedures and contractual provisions to protect our
proprietary rights. Furthermore, we believe that factors such as the
technological and creative skills of our personnel, new product developments,
frequent product enhancements, name recognition and reliable product maintenance
are essential to establishing and maintaining a technology leadership position.
We seek to protect our software, documentation and other written materials under
the trade secret and copyright laws, which afford only limited protection. We
also have submitted two United States patent applications. There can be no
assurance that any patents will issue from these applications or, if issued,
that any such patent would provide meaningful competitive advantages to us. We
generally license our SAFEsuite products to end users in object code
(machine-readable) format. Certain customers have required us to maintain a
source-code escrow account with a third-party software escrow agent, and a
failure by us to perform our obligations under any of the related license and
maintenance agreements, or our insolvency, could conceivably cause the release
of our product source code to such customers. The standard form agreement allows
the end user to use our SAFEsuite products solely on the end
15
17
user's computer equipment for the end user's internal purposes, and the end user
is generally prohibited from sublicensing or transferring the products.
Despite our efforts to protect our proprietary rights, unauthorized parties
may attempt to copy aspects of our products or to obtain and use information
that we regard as proprietary. Policing unauthorized use of our products is
difficult, and while we are unable to determine the extent to which piracy of
our software products exists, software piracy can be expected to be a persistent
problem. In addition, the laws of some foreign countries do not protect our
proprietary rights to as great an extent as do the laws of the United States.
There can be no assurance that our competitors will not independently develop
similar technologies.
We are not aware that any of our products infringes the proprietary rights
of others, but it is possible that our current or future products may infringe
proprietary rights of others. In fact, in July 1998, Network Associates, which
is one of our competitors, filed a lawsuit against us alleging that our
RealSecure product violates a patent claim for intrusion detection technology
held by Network Associates. Although we believe that the lawsuit is without
merit and are vigorously defending against Network Associates' claims, should
Network Associates prevail in the suit, it could result in us having to pay
significant damages and cease the licensing of our RealSecure product. Such a
result would materially and adversely affect our business, operating results and
financial condition.
It is conceivable that other third parties, in addition to Network
Associates, could claim infringement by us with respect to our current or future
products. We expect that software product developers will increasingly be
subject to infringement claims as the number of products and competitors in our
industry segment grows and the functionality of products in different industry
segments overlaps. Any such claims, with or without merit, could be time
consuming, result in costly litigation, cause product shipment delays or require
us to enter into royalty or licensing agreements. Such royalty or licensing
agreements, if required, may not be available on terms acceptable to us or at
all, which could have a material adverse effect upon our business, operating
results and financial condition.
The name "Internet Security Systems" is not currently subject to trademark
registration in the United States, and may not be a name for which a trademark
is registrable due to its general use in a variety of security-related
applications. Although we have in the past asserted and intend to continue to
assert our rights with respect to the name "Internet Security Systems" and we
have taken and will take action against any use of such name in a manner that
may create confusion with our products in relevant markets, there can be no
assurance that we will be successful in such efforts, which could have a
material adverse effect upon our business, operating results and financial
condition.
EMPLOYEES
As of December 31, 1998, we had 328 employees, of whom 108 were engaged in
product research and development, 103 were engaged in sales, 16 were engaged in
customer service and support, 46 were engaged in professional services, 35 were
engaged in marketing and business development and 20 were engaged in
administrative functions. We believe that we have good relations with our
employees.
ITEM 2. PROPERTIES
Our Atlanta headquarters and research and development facilities consist of
approximately 72,000 square feet of office space occupied pursuant to a lease
and a sublease expiring in June 2002, which provide for minimum annual lease
obligations of approximately $1,240,000. We also lease office space in Mountain
View, California, New York City, Washington, D.C., Brussels, London, Paris,
Reading (England), Stuttgart and Tokyo, as well as small executive suites in
several United States cities. We believe that our existing facilities are
adequate for our current needs and that additional space will be available as
needed.
ITEM 3. LEGAL PROCEEDINGS
On June 25, 1998, Network Associates filed a lawsuit against us in the U.
S. District Court for the Northern District of California (the "Court") which
alleges that our RealSecure product infringes a patent
16
18
claim for intrusion detection technology held by Network Associates. Network
Associates claims that this alleged infringement is deliberate and willful and
is seeking treble damages in an unspecified amount and attorneys' fees, in
addition to an injunction prohibiting the alleged infringement. The Court
conditionally dismissed the original complaint based on the parties'
representation to the Court that they would attempt to reach a settlement.
However, on January 13, 1999, Network Associates notified the Court that no
settlement had been reached and requested that the Court place the case on the
Court's calendar. On January 25, 1999, we filed our answer to the complaint with
the Court. In our answer, we asserted several affirmative defenses and made
counterclaims against Network Associates for unfair competition and antitrust
violations under federal and state laws. We believe that Network Associates'
lawsuit is without merit and we will continue to vigorously defend against it.
However, should Network Associates prevail in the suit, it could materially and
adversely affect our business, operating results and financial condition.
Except as noted above, we are not a party to any material legal
proceedings.
ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS
No matter was submitted to a vote of our shareholders during the fourth
quarter of 1998.
17
19
PART II
ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS
The Common Stock has been quoted on the Nasdaq National Market under the
symbol "ISSX" since our initial public offering on March 24, 1998. Prior to the
initial public offering, there had been no public market for the Common Stock.
The following table lists the high and low per share sales prices for the Common
Stock as reported by the Nasdaq National Market for the periods indicated:
1998: HIGH LOW
----- ------ ------
First Quarter (from March 24, 1998)......................... $41.50 $37.00
Second Quarter.............................................. 56.63 31.63
Third Quarter............................................... 50.50 25.38
Fourth Quarter.............................................. 60.63 17.00
As of February 5, 1999, there were 17,356,487 shares of the Common Stock
outstanding held by 237 stockholders of record.
We have not declared or paid cash dividends on our capital stock during the
last two years. The Company currently intends to retain any earnings for use in
its business and does not anticipate paying any cash dividends in the
foreseeable future. Future dividends, if any, will be determined by the
Company's Board of Directors.
During 1997 and 1998, the Company issued an aggregate 144,750 shares of its
Common Stock to employees and a director pursuant to exercises of stock options
(with exercise prices ranging from $0.15 to $7.00 per share) principally under
the Company's Restated 1995 Stock Incentive Plan which were deemed exempt from
registration under Section 5 of the Securities Act of 1933 in reliance upon Rule
701 thereunder. The recipients of securities in each such transaction
represented their intentions to acquire the securities for investment only and
not with a view to, or for sale in connection with, any distribution thereof and
appropriate legends were affixed to the share certificates issued in each such
transaction.
In addition to the issuance of stock pursuant to stock options, the Company
issued (i) 119,994 shares of its Common Stock as partial consideration for all
the issued and outstanding capital stock of March Information Systems Limited on
October 6, 1998, and (ii) 38,000 shares of its Common Stock in exchange for
substantially all the assets of DbSecure, Inc. on October 28, 1998.
18
20
ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA
The financial data set forth below for each of the three years in the
period ended December 31, 1998, and as of December 31, 1997 and 1998, has been
derived from the audited consolidated financial statements appearing elsewhere
in this Annual Report on Form 10-K. The financial data for the periods from
inception (April 19, 1994) through December 31, 1994, for the year ended
December 31, 1995, and as of December 31, 1994, 1995 and 1996, has been derived
from audited financial statements not included herein.
APRIL 19, 1994
(INCEPTION)
THROUGH
DECEMBER 31, YEAR ENDED DECEMBER 31,
--------------- -------------------------------------------
1994 1995 1996 1997 1998
--------------- ------- ------- ------- -------
(IN THOUSANDS, EXCEPT PER SHARE DATA)
CONSOLIDATED STATEMENT OF OPERATIONS DATA:
Revenues:
Perpetual licenses................................. $ 38 $ 246 $ 4,233 $10,936 $25,936
Subscriptions...................................... -- -- 219 2,465 7,406
Professional services.............................. -- 11 10 66 2,587
------ ------- ------- ------- -------
38 257 4,462 13,467 35,929
Costs and expenses:
Cost of revenues................................... -- 4 18 676 4,831
Research and development........................... 5 97 1,225 3,434 9,321
Charges for in-process research and development.... -- -- -- -- 802
Sales and marketing................................ 11 252 3,768 11,731 22,762
General and administrative......................... 2 44 656 1,773 4,389
Amortization....................................... -- -- -- -- 230
------ ------- ------- ------- -------
18 397 5,667 17,614 42,335
------ ------- ------- ------- -------
Operating income (loss).............................. 20 (140) (1,205) (4,147) (6,406)
Interest income, net................................. -- -- 74 228 2,366
------ ------- ------- ------- -------
Income (loss) before income taxes.................... 20 (140) (1,131) (3,919) (4,040)
Provision for income taxes........................... -- -- -- -- 62
------ ------- ------- ------- -------
Net income (loss).................................... $ 20 $ (140) $(1,131) $(3,919) $(4,102)
------ ------- ------- ------- -------
Basic and diluted net loss per share(1).............. $ -- $ (0.03) $ (0.14) $ (0.50) $ (0.28)
====== ======= ======= ======= =======
Weighted average shares used in basic and diluted net
loss per share calculation(2)...................... 4,586 5,001 7,916 7,907 14,883
====== ======= ======= ======= =======
Unaudited pro forma net loss per share(1)............ $ (0.29) $ (0.25)
======= =======
Unaudited weighted average shares used in unaudited
pro forma net loss per share calculation(2)........ 13,644 16,189
======= =======
DECEMBER 31,
---------------------------------------------------------------
1994 1995 1996 1997 1998
---- ------- ------- ------- -------
(IN THOUSANDS)
CONSOLIDATED BALANCE SHEET DATA:
Cash and cash equivalents............................ $ 9 $ 6 $ 2,007 $ 3,929 $52,632
Working capital (working capital deficit)............ 10 (26) 2,298 2,272 54,389
Total assets......................................... 10 176 4,380 9,866 78,021
Long-term debt, net of current portion............... -- -- 140 70 --
Redeemable, convertible preferred stock.............. -- -- 3,614 8,878 --
Stockholders' equity (deficit)....................... 10 (7) (1,160) (5,058) 66,315
- ---------------
(1) Computed on the basis described in Note 1 of Notes to Consolidated Financial
Statements.
(2) See Note 1 of Notes to Consolidated Financial Statements for the
determination of shares used in computing basic and diluted net income per
share.
19
21
ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS
OF OPERATIONS
This discussion contains forward-looking statements that involve risks and
uncertainties. Our actual results may differ materially from those anticipated
in these forward-looking statements as a result of certain factors, including,
but not limited to, those set forth under the "Risk Factors" heading below.
OVERVIEW
We are the leading provider of network security monitoring, detection and
response software that protects the security and integrity of enterprise
information systems according to market share reports by Aberdeen Group, Gartner
Group and The Yankee Group. Our SAFEsuite family of products protects
distributed computing environments, such as internal corporate networks,
inter-company networks and the Internet, from attacks, misuse and security
policy violations. Our business is focused on maintaining the latest security
threat and vulnerability checks within our existing products, creating new
products and providing technical and professional services that are consistent
with our goal of providing enterprise solutions to address network security.
We generate a substantial portion of our revenues from our SAFEsuite family
of products in the form of perpetual licenses and subscriptions. We recognize
perpetual license revenues upon delivery of software or, if the customer has
evaluation software, delivery of the software key and issuance of the related
license, assuming that no significant vendor obligations or customer acceptance
rights exist. Where payment terms are extended over periods greater than 12
months, revenue is recognized as such amounts are billable. Annual renewable
maintenance is a separate component of each perpetual license agreement with
revenue recognized ratably over the maintenance term. Subscription revenues
include maintenance and term licenses. Term licenses allow customers to use the
product and receive maintenance coverage for a specified period, generally 12
months. We recognize revenues from each subscription agreement ratably over the
subscription term.
In 1998, training and implementation services represented an increasing
portion of our revenues. These professional services, which typically are billed
on a time-and-materials basis, assist in the successful deployment of our
products within customer networks, the development of customers' security
policies and the assessment of security policy decisions. We recognize
professional services revenues as such services are performed.
We believe that each of our current products and products in development,
together with maintenance and professional services, will represent important
sources of revenue in the future.
Generally, we base our prices on the number of devices or engines being
managed by the customer, scaled to provide discounts for either larger systems
or the simultaneous license of several SAFEsuite products. We offer annual
maintenance for a separate fee. Our customers virtually always purchase
maintenance when they initially license a product. Maintenance fees generally
equal 20% of the perpetual license fee. Maintenance packages typically include
telephone support, product updates, access to our security advisory notices and
error corrections. We recommend that our customers renew their maintenance
contracts and, to date, most customers have done so. Because of the dynamic
nature of vulnerabilities and threats to computer networks, we expect that a
substantial majority of our customers will continue to renew their maintenance
contracts.
We sell our products and services primarily through our direct sales force
and telephone sales operations, and we also sell through indirect sales
channels, including resellers, security consultants, Internet service providers,
and other providers of network management services. We generate less revenue per
license from indirect channels than direct sales, as we typically sell our
products to channel partners at a 25% to 50% discount from list price. In
addition, we have entered into several contracts with original equipment
manufacturers, or OEMs, in 1998 that contemplate the incorporation of our
products into their product offerings. We expect this OEM channel to be an
additional important source of revenue for us in the future.
We expense research and development costs as incurred. Although we have not
capitalized any internal development costs under Statement of Financial
Accounting Standards No. 86, we have capitalized core and developed technology
assets in connection with two acquisitions that we completed in 1998. The
primary assets acquired in these acquisitions were security assessment
technologies for Windows NT, Unix and
20
22
databases. While we expect the expansion of our product offerings to originate
primarily from internal development, our strategy includes acquiring products
and technologies that fit within our product strategy and that potentially
accelerate the timing of the commercial introduction of such products and
technologies as integrated components of our enterprise network security
solutions.
Our business has grown rapidly in the last three years, with total revenues
increasing from $4.5 million in 1996 to $35.9 million in 1998. However, we have
experienced net losses in each of these years and, as of December 31, 1998, had
an accumulated deficit of $9.3 million. These losses resulted from significant
costs incurred in the development and sale of our products and professional
services. During this period, we went from seven employees at January 1, 1996 to
328 employees at December 31, 1998. We expect to expand our domestic and
international sales and marketing operations, increase investment in product
development and our proprietary threat and vulnerability database, seek
acquisition candidates that will enhance our products and market share, and
improve our internal operating and financial infrastructure in support of our
strategic goals and objectives. All of these initiatives will increase operating
expenses. As a result, while operating losses have narrowed over the course of
1998, we cannot be certain that we will become profitable in the future. Even if
we become profitable in the future, we cannot be certain that we can sustain
such profitability.
Due to our fast growth over the past several years in an emerging market,
period-to-period comparisons of our operating results are not meaningful.
Although we recently have experienced significant revenue growth, we cannot
assume that we can sustain such growth and, therefore, investors should not rely
on our past growth as a predictor of future performance. Rather, our prospects
must be considered in light of the risks and difficulties frequently encountered
by companies in new and rapidly evolving markets. There can be no assurance that
we will be successful in addressing such risks and difficulties.
RESULTS OF OPERATIONS
The following table sets forth our consolidated historical operating
information, as a percentage of total revenues, for the periods indicated.
YEAR ENDED DECEMBER 31,
-------------------------
CONSOLIDATED STATEMENT OF OPERATIONS DATA: 1996 1997 1998
- ------------------------------------------ ----- ----- -----
Revenues:
Perpetual licenses........................................ 94.9% 81.2% 72.2%
Subscriptions............................................. 4.9 18.3 20.6
Professional services..................................... 0.2 0.5 7.2
----- ----- -----
100.0 100.0 100.0
Costs and expenses:
Cost of revenues.......................................... 0.4 5.0 13.5
Research and development.................................. 27.5 25.5 25.9
Charges for in-process research and development........... -- -- 2.2
Sales and marketing....................................... 84.4 87.1 63.4
General and administrative................................ 14.7 13.2 12.2
Amortization.............................................. -- -- 0.6
----- ----- -----
127.0 130.8 117.8
----- ----- -----
Operating loss.............................................. (27.0)% (30.8)% (17.8)%
===== ===== =====
REVENUES
Our revenues increased from $4.5 million in 1996, to $13.5 million in 1997
and to $35.9 million in 1998. Revenues from perpetual licenses increased during
these periods from $4.2 million in 1996, to $10.9 million in 1997 and to $25.9
million in 1998. Historically, we have generated most of our revenues from
perpetual licenses, but perpetual license revenues have decreased as a
percentage of total revenues from 95% in 1996, to 81% in 1997 and to 72% in
1998. Subscription revenues have increased substantially during these periods,
from $219,000 in 1996, to $2.5 million in 1997 and to $7.4 million in 1998,
representing 5%, 18% and 21%,
21
23
respectively, of total revenues. We continue to diversify our mix of sales
within the SAFEsuite family of products, especially due to the significant
increases in the sale of licenses for RealSecure, our intrusion detection
product. As a result, sales of licenses for our initial product, Internet
Scanner, continued to grow in absolute dollars but decreased as a percentage of
license revenues from 93% in 1996, to 57% in 1998, and to less than 45% of
license revenues in the fourth quarter of 1998. With the continued introduction
of new product offerings, both from internal development and acquisitions
consummated in 1998, we expect this trend to continue.
A key initiative in 1998 was to address the demand from customers for
implementation, training and consulting services. As a result, professional
services revenues increased from less than 1% of revenues in each of 1996 and
1997 to 7% of total revenues in 1998. Professional services revenues increased
principally in the latter half of 1998 and comprised 12% of our total revenues
in the fourth quarter of 1998.
On a geographic basis, we derived the majority of our revenues from sales
to customers within North America. However, international operations continue to
contribute significantly to revenues. Sales to customers outside of North
America represented 19% of our total revenues in 1998 compared with 21% in 1997
and 4% in 1996. No customer represented more than 10% of total revenues in any
of these periods.
COSTS AND EXPENSES
Cost of Revenues
Cost of revenues includes packaging and distribution costs for our software
licenses. Since we use the Internet to distribute product updates and keys
necessary to activate a customer's software, this is a minor cost. Cost of
revenues also includes costs associated with a technical support group that
provides assistance to maintenance customers. Finally, the category includes the
costs we incur to provide professional services to customers. During the first
half of 1998, we built up our professional services management team who then
developed a billable consulting staff over the balance of the year. The growth
in professional services has caused gross margin, represented by total revenues
less cost of revenues expressed as a percentage of total revenues, to trend
downward from 99% and 95% in 1996 and 1997, respectively, to 87% in 1998. We
expect gross margin to settle at a few percentage points below the 1998 level.
Research and Development
Research and development expenses consist of salary and related costs of
research and development personnel, including costs for employee benefits and
depreciation of related computer equipment. Research and development expenses
include costs associated with maintaining the "X-Force", a team composed of
security experts dedicated to understanding new vulnerabilities and real-time
threats and attacks and developing solutions to address these security issues.
We continue to increase research and development expenditures because we regard
primary research and product development as a requirement for retaining our
leadership position in the market. We also increased the number of our
development personnel as we expanded our suite of products, upgraded our
existing products with enhanced functionality and began development efforts in
connection with OEM arrangements that were executed in the last half of 1998 but
for which no revenues have yet been generated. Accordingly, research and
development expenses increased in absolute dollars from $1.2 million in 1996, to
$3.4 million in 1997 and to $9.3 million in 1998. These costs remained at a
relatively constant percentage of revenues, although we anticipate that this
percentage will trend downward in future periods.
We have reflected a charge of $802,000 in our 1998 statement of operations
for identified in-process research and development in connection with our
October 1998 acquisitions of two companies engaged in Windows NT, Unix and
database security assessment technologies. The charge was based on a valuation
of products under development using estimated future cash flows, reduced for the
core technology component of such products and the percentage of product
development remaining at the time of the acquisition.
22
24
Sales and Marketing
Sales and marketing expenses consist of salaries, travel expenses,
commissions, advertising, maintenance of our Web site, trade show expenses,
costs of recruiting sales and marketing personnel and costs of marketing
materials. Sales and marketing expenses were $3.8 million in 1996, $11.7 million
in 1997 and $22.8 million in 1998. Sales and marketing expenses increased during
these periods primarily from a significant increase in the number of regional
United States sales locations and personnel, increased commissions commensurate
with increased direct sales revenues and expanded international operations in
Europe and the Asia/Pacific region. Sales and marketing expenses were 84% and
87% of our total revenues in 1996 and 1997, respectively, but decreased to 63%
of revenues in 1998. This decrease occurred because we had employed a larger
proportion of our sales force for a sufficient period of time to enable them to
achieve greater levels of productivity. If we are able to maintain low rates of
attrition within our sales force, we expect this trend to continue.
General and Administrative
General and administrative expenses of $656,000 in 1996, $1.8 million in
1997 and $4.4 million in 1998, represented approximately 15%, 13% and 12%,
respectively, of our total revenues. General and administrative expenses consist
of personnel-related costs for executive, administrative, finance and human
resources, information systems and other support services and legal, accounting
and other professional services fees. During 1998, we upgraded our internal
financial reporting and information systems, and we expect to continue to expend
resources to enhance our management's ability to obtain and analyze information
about our domestic and international operations. In addition, we incurred
approximately $720,000 of amortization of deferred compensation in 1998, the
majority of which is recorded in the general and administrative category. This
charge is related to the valuation of stock options to employees and directors
granted around the time of our initial public offering of our common stock in
March 1998.
Income Taxes
No provision for federal or state income taxes has been recorded because we
have experienced cumulative net losses since inception. We recorded a minor
amount of income tax expense in 1998 related to our European operations. At
December 31, 1998, we had net operating loss carryforwards of approximately
$13.6 million for federal tax purposes which will expire, if not utilized, in
2011 through 2018. These carryforwards include $7.7 million related to exercises
of stock options for which the income tax benefit, if realized, would increase
additional paid-in-capital. We also had approximately $800,000 of net operating
loss carryforwards related to certain foreign operations which will expire, if
not utilized, in 2002 and 2003. We have not recognized any benefit from the
future use of loss carryforwards for these periods or any other periods since
inception because management's evaluation of all the available evidence in
assessing realizability of the tax benefits of such loss carryforwards indicates
that the underlying assumptions of future profitable operations contain risks
that do not provide sufficient assurance to recognize such benefits currently.
23
25
QUARTERLY RESULTS OF OPERATIONS
The following tables set forth certain unaudited consolidated quarterly
statement of operations data for the eight quarters ended December 31, 1998, as
well as such data expressed as a percentage of our total revenues for the
periods indicated. This data has been derived from unaudited consolidated
financial statements that, in our opinion, include all adjustments (consisting
only of normal recurring adjustments) necessary for a fair presentation of such
information when read in conjunction with our consolidated financial statements
and related notes appearing elsewhere in this Annual Report on Form 10-K. The
operating results for any quarter are not necessarily indicative of results for
any future period.
QUARTER ENDED
---------------------------------------------------------------------------------------
MAR. 31, JUNE 30, SEPT. 30, DEC. 31, MAR. 31, JUNE 30, SEPT. 30, DEC. 31,
1997 1997 1997 1997 1998 1998 1998 1998
-------- -------- --------- -------- -------- -------- --------- --------
(IN THOUSANDS)
CONSOLIDATED STATEMENT OF
OPERATIONS DATA:
Revenues:
Perpetual licenses............ $1,872 $2,150 $ 2,767 $ 4,147 $ 4,875 $ 5,559 $ 6,596 $ 8,906
Subscriptions................. 349 513 691 912 1,169 1,487 2,152 2,598
Professional services......... 4 8 15 39 29 285 682 1,591
------ ------ ------- -------- ------- ------- -------- -------
2,225 2,671 3,473 5,098 6,073 7,331 9,430 13,095
Costs and expenses:
Cost of revenues.............. 87 137 176 276 513 892 1,559 1,867
Research and development...... 493 569 895 1,477 1,636 1,832 2,541 3,312
Charge for in-process research
and development............. -- -- -- -- -- -- -- 802
Sales and marketing........... 1,754 2,342 3,051 4,584 4,648 5,431 5,632 7,051
General and administrative.... 320 301 443 709 981 1,100 1,046 1,262
Amortization.................. -- -- -- -- -- -- -- 230
------ ------ ------- -------- ------- ------- -------- -------
2,654 3,349 4,565 7,046 7,778 9,255 10,778 14,524
------ ------ ------- -------- ------- ------- -------- -------
Operating loss.................. (429) (678) (1,092) (1,948) (1,705) (1,924) (1,348) (1,429)
Interest income, net............ 35 68 66 59 66 841 765 694
------ ------ ------- -------- ------- ------- -------- -------
Loss before income taxes...... (394) (610) (1,026) (1,889) (1,639) (1,083) (583) (735)
Provision for income taxes.... -- -- -- -- -- -- -- 62
------ ------ ------- -------- ------- ------- -------- -------
Net loss........................ $ (394) $ (610) $(1,026) $(1,889) $(1,639) $(1,083) $ (583) $ (797)
====== ====== ======= ======== ======= ======= ======== =======
AS A PERCENTAGE OF TOTAL
REVENUES:
Revenues:
Perpetual licenses............ 84.1% 80.5% 79.7% 81.3% 80.3% 75.8% 70.0% 68.0%
Subscriptions................. 15.7 19.2 19.9 17.9 19.2 20.3 22.8 19.8
Professional services......... 0.2 0.3 0.4 0.8 0.5 3.9 7.2 12.2
------ ------ ------- -------- ------- ------- -------- -------
100.0 100.0 100.0 100.0 100.0 100.0 100.0 100.0
Costs and expenses:
Cost of revenues.............. 3.9 5.1 5.1 5.4 8.5 12.2 16.5 14.3
Research and development...... 22.2 21.3 25.8 29.0 26.9 25.0 27.0 25.3
Charge for in-process research
and development............. -- -- -- -- -- -- -- 6.1
Sales and marketing........... 78.8 87.7 87.8 89.9 76.5 74.1 59.7 53.8
General and administrative.... 14.4 11.3 12.7 13.9 16.2 15.0 11.1 9.6
Amortization.................. -- -- -- -- -- -- -- 1.8
------ ------ ------- -------- ------- ------- -------- -------
119.3 125.4 131.4 138.2 128.1 126.2 114.3 110.9
Operating loss.................. (19.3) (25.4) (31.4) (38.2) (28.1) (26.2) (14.3) (10.9)
Net loss........................ (17.7)% (22.8)% (29.5)% (37.1)% (27.0)% (14.8)% (6.2)% (6.1)%
====== ====== ======= ======== ======= ======= ======== =======
As a result of our limited operating history, we are unable to predict our
future revenues and operating results.
LIQUIDITY AND CAPITAL RESOURCES
We have financed our operations to date primarily through sales of our
equity securities. The net proceeds of $61.5 million from our March 1998 initial
public offering were the primary source of cash provided by financing activities
in 1998. In February 1996 and February 1997, we received aggregate net proceeds
of $8.9 million from the sale of our preferred stock, all of which automatically
converted into common stock when we completed our initial public offering.
Net cash used in operations of approximately $4.3 million in 1998 included
$4.1 million of net loss. This loss, however, included $3.8 million of non-cash
expense for depreciation of equipment, amortization of
24
26
acquisition related intangibles and deferred compensation, and a charge for the
write-off of acquired in-process research and development. The other use of cash
in operations was working capital associated with our growth. An increase in
accounts receivable of $8.1 million was only partially offset by an increase in
deferred revenues of $4.5 million. Growth in annual maintenance contracts, the
upfront billing of multi-year maintenance arrangements with certain customers
and an increase in term licenses increased the deferred revenues balance.
Our primary investing activity of 1998 was our acquisitions of March
Information Systems Limited and the technology assets of DbSecure. The $5.2
million cash component of these acquisitions included cash consideration and
direct transaction costs. We also invested in equipment totaling $3.6 million in
1998 as we provided existing and new personnel with the computer hardware and
software necessary to perform their job functions. This included engineering lab
equipment, expanded information systems and a telephone switch installed in
connection with our relocation to our new headquarters facilities. We expect a
similar level of equipment investment in 1999, assuming continued growth in our
number of employees.
At December 31, 1998, we had $52.6 million of cash and cash equivalents,
consisting primarily of money market accounts and short-term, commercial paper
carrying the highest investment grade rating. We believe that these investments
will be sufficient to fund any operating losses and capital expenditures and
meet our working capital needs for the foreseeable future. On January 29, 1999,
we filed a registration statement for a proposed public offering of 2.4 million
shares of common stock, including 1.2 million shares newly issued by us and 1.2
million to be sold by certain of our existing stockholders. Assuming that this
offering is completed, we currently intend to use the net proceeds of the newly
issued shares for general corporate purposes, including possible acquisitions of
or investments in businesses, products and technologies that are complementary
to ours. Although we have not identified any specific businesses, products or
technologies that we intend to acquire or invest in, and there are not any
current agreements or negotiations with respect to any such transactions, from
time to time we evaluate such opportunities. Pending such uses, we will invest
the net proceeds in government securities and other short-term,
investment-grade, interest-bearing instruments.
YEAR 2000
We have reviewed our products and believe that they are designed to
properly function through and beyond the year 2000. Furthermore, we only support
the current and most recent prior version of our products. While we have
conducted tests of our software and have informed our customers that our
products are Year 2000 compliant, we cannot guarantee that our products,
particularly when they incorporate third-party software, will contain all date
code changes necessary to ensure Year 2000 compliance.
In addition, we use several internal management and other information
systems in the operation of our business. Since we have experienced most of our
growth in systems and personnel since January 1, 1997, purchases and upgrades of
systems have occurred principally during 1997 and 1998. Internal systems for
financial, human resources and sales reporting, as well as telephone, voice mail
and other office support systems, were purchased during 1998 and are reflected
either on the balance sheet as capital purchases or expensed under our standard
policy. We used our best efforts to ensure that these new systems are Year 2000
compliant.
We are in the process of contacting providers of various tools used in our
product development process and the providers of desktop systems (primarily
Microsoft) to determine that these recognized systems, such as Windows NT and
Windows 95/98, will be Year 2000 compliant with appropriate fixes. We do not
depend on any suppliers or manufacturers whose failure to be Year 2000 compliant
would have any significant impact on our financial condition or results of
operations. We expect to complete our Year 2000 project for these remaining
items by the middle of 1999. We do not expect to expend any significant funds to
correct Year 2000 issues. Any minor expenses will be funded through cash
provided by operations.
Based on available information, we do not believe we have any material
exposure to significant business interruptions as a result of Year 2000
compliance issues, or that the cost of remedial actions will have a material
adverse effect on our business, financial condition or results of operations.
Accordingly, we have not adopted any formal contingency plan in the event we do
not achieve Year 2000 compliance.
25
27
Risk Factors
Forward-looking statements are inherently uncertain as they are based on
various expectations and assumptions concerning future events and are subject to
known and unknown risks and uncertainties. Our forward-looking statements should
be considered in light of the following important risk factors. Variations from
our stated intentions or failure to achieve objectives could cause actual
results to differ from those projected in our forward-looking statements. We
undertake no obligation to update publicly any forward-looking statements for
any reason, even if new information becomes available or other events occur in
the future.
We Are a Young Company That Has Never Been Profitable
We were incorporated in April 1994 and have never achieved profitability.
Although our losses have narrowed recently, we cannot be certain that we will
become profitable in the future. Even if we become profitable at some point in
the future, we cannot be certain that we can sustain such profitability. You
should be aware that we have only a limited operating history upon which to
evaluate our business and prospects. We operate in a new and rapidly evolving
market and must, among other things:
- respond to competitive developments;
- continue to upgrade and expand our product and services offerings; and
- continue to attract, retain and motivate our employees.
Our Future Operating Results Will Fluctuate Significantly
As a result of our limited operating history, we cannot predict our future
revenues and operating results. However, we do expect our future revenues and
operating results to fluctuate due to a combination of factors, including:
- the growth of private Internet-based networks (often referred to as
intranets);
- the extent to which the public perceives that unauthorized access to and
use of online information is a threat to network security;
- the volume and timing of orders, including seasonal trends in customer
purchasing;
- our ability to develop new and enhanced products and expand our
professional services;
- the growth in the acceptance of, and activity on, the Internet and the
World Wide Web, particularly by corporate, institutional and government
users;
- customer budgets which may limit their ability to purchase our products;
- foreign currency exchange rates that affect our international operations;
- the mix of distribution channels through which we sell our products;
- product and price competition in our markets; and
- general economic conditions, both domestically and in our foreign
markets.
We increasingly focus our efforts on sales of enterprise-wide security
solutions, which consist of our entire product suite and related professional
services, rather than on the sale of component products. As a result, we expect
that each sale may require additional time and effort from our sales staff. In
addition, the revenues associated with particular sales vary significantly
depending on the number of products licensed by a customer, the number of
devices used by the customer and the customer's relative need for our
professional services. Large individual sales, or even small delays in customer
orders, can cause significant variation in our license revenues and results of
operations for a particular period. The timing of large orders is usually
difficult to predict and, like many software companies, our customers typically
license most of our products in the last month of a quarter.
26
28
Our future operating expenses are expected to increase in future periods as
we intend to:
- expand our domestic and international sales and marketing operations;
- increase our investments in product development and our proprietary
threat and vulnerability database;
- expand our professional services capabilities;
- seek acquisition candidates that will enhance our products and market
share; and
- improve our internal operating and financial systems.
We cannot predict our operating expenses based on our past results.
Instead, we establish our spending levels based in large part on our expected
future revenues. As a result, if our actual revenues in any future period fall
below our expectations, our operating results likely will be adversely affected
because very few of our expenses vary with our revenues. Because of the factors
listed above, we believe that our quarterly and annual revenues, expenses and
operating results likely will vary significantly in the future.
We Face Intense Competition in Our Market
The market for network security monitoring, detection and response
solutions is intensely competitive, and we expect competition to increase in the
future. We cannot guarantee that we will compete successfully against our
current or potential competitors, especially those with significantly greater
financial resources or brand name recognition. A detailed discussion of our
competition appears in Item 1 of Part I of this Annual Report on Form 10_K.
We Face Rapid Technological Change in Our Industry and Frequent Introductions of
New Products
Rapid changes in technology pose significant risks to us. We do not control
nor can we influence the forces behind these changes, which include:
- the extent to which businesses and others seek to establish more secure
networks;
- the extent to which hackers and others seek to compromise secure systems;
- evolving computer hardware and software standards;
- changing customer requirements; and
- frequent introductions of new products and product enhancements.
To remain successful, we must continue to change, adapt and improve our
products in response to these and other changes in technology. Our future
success hinges on our ability to both continue to enhance our current line of
products and professional services and to introduce new products that address
and respond to innovations in computer hacking, computer technology and customer
requirements. We cannot be sure that we will successfully develop and market new
products that do this. Any failure by us to timely develop and introduce new
products, to enhance our current products or to expand our professional services
capabilities in response to these changes could adversely affect our business,
operating results and financial condition.
Our products involve very complex technology, and as a consequence, major
new products and product enhancements require a long time to develop and test
before going to market. Because this amount of time is difficult to estimate, we
have had to delay the scheduled introduction of new and enhanced products in the
past and may have to delay the introduction of new products and product
enhancements in the future.
The techniques computer hackers use to gain unauthorized access to or to
sabotage networks and intranets are constantly evolving and increasingly
sophisticated. Furthermore, because new hacking techniques are usually not
recognized until used against one or more targets, we are unable to anticipate
most new hacking techniques. To the extent that new hacking techniques harm our
customers' computer systems or businesses, affected customers may believe that
our products are ineffective, which may cause them or prospective customers to
reduce or avoid purchases of our products.
27
29
Risks Associated with Our Global Operations
The expansion of our international operations includes the maintenance of
sales offices in dispersed locations throughout the world, including throughout
Europe and the Asia/Pacific and Latin America regions. Our international
presence and expansion exposes us to risks not present in our U.S. operations,
such as:
- the difficulty in managing an organization spread over various countries
located across the world;
- unexpected changes in regulatory requirements in countries where we do
business;
- excess taxation due to overlapping tax structures;
- fluctuations in foreign currency exchange rates, which may be aggravated
in European markets by the recent introduction of the Euro currency;
- export license requirements and restrictions on the export of certain
technology, especially encryption technology;
- trade restrictions;
- changes in tariff and freight rates; and
- depressed regional and economic conditions, such as those currently
affecting many regions in Asian markets.
Despite these risks, we believe that we must continue to expand our
operations in international markets to support our growth. To this end, we
intend to establish additional foreign sales operations, expand our existing
offices, hire additional personnel, expand our international sales channels and
customize our products for local markets. If we fail to execute this strategy,
our international sales growth will be limited.
To date, we have primarily denominated our revenues from international
operations in United States dollars; however, we will increasingly denominate
sales in local foreign currencies in the future. An increase in the value of the
United States dollar relative to foreign currencies would make our products more
expensive and, therefore, potentially less competitive in foreign markets. In
addition, even if we successfully expand our international operations, we may
not be able to maintain or increase international market demand for our
products.
We Increasingly Rely on Indirect Distribution Channels
Although our direct sales have accounted for a majority of our revenues in
1998, we expect to continue to license a significant percentage of our products
to end users through indirect distribution channels in the future. Our indirect
distribution channel partners include:
- original equipment manufacturers that bundle our products with products
that they sell to their customers;
- managed service providers, such as telecommunications companies and
Internet service providers, that host networking and Internet operations
for business customers; and
- consultants and systems integrators that incorporate our products into
customized solutions that they have implemented for their customers.
Our future performance will also depend, in part, on our ability to both
retain the channel partner relationships we have built and attract new channel
partners to market and support our products effectively, especially in new
markets. We cannot assure you that revenue from channel partners that accounted
for significant revenues in past periods will continue or, if continued, will
reach or exceed past performance levels. In addition, we often depend upon our
channel partners to install and support our products for end users. If our
channel partners fail to provide adequate installation and support, end users of
our products could cease using, or improperly implement and operate, our
products. Such a failure could substantially increase our customer support costs
and adversely affect our business.
28
30
Potential Future Acquisitions or Investments
As part of our growth strategy, we have acquired, and may continue to
acquire or make investments in, companies with products, technologies or
professional services capabilities complementary to our solutions. In acquiring
companies in the future, we could encounter difficulties in assimilating their
personnel and operations into our company. These difficulties could disrupt our
ongoing business, distract our management and employees, increase our expenses
and adversely affect our results of operations. These difficulties could also
include accounting requirements, such as amortization of goodwill or in-process
research and development expense.
We Depend on Our Key Personnel
Our future success also depends on our continuing ability to attract and
retain highly qualified engineers, managers and sales and professional services
personnel. The competition for employees at all levels of the software industry,
especially those with experience in the relatively new discipline of security
software, is increasingly intense.
We Depend on Our Intellectual Property Rights and Use Licensed Technology
We have discussed the importance of the protection of our proprietary in
Item 1 of Part I of this Annual Report on Form 10-K. Despite our efforts to
protect our proprietary rights, unauthorized parties may attempt to copy aspects
of our products or to obtain and use information that we regard as proprietary.
Policing unauthorized use of our products is difficult. While we cannot
determine the extent to which piracy of our software products occurs, we expect
software piracy to be a persistent problem. In addition, the laws of some
foreign countries do not protect our proprietary rights to as great an extent as
do the laws of the United States and many foreign countries do not enforce these
laws as diligently as U.S. government agencies and private parties.
We are not aware that any of our products infringes the proprietary rights
of others, but it is conceivable that our current or future products may
infringe the proprietary rights of others. In fact, in July 1998 Network
Associates, which is one of our competitors, filed a lawsuit against us alleging
that our RealSecure product violates a patent claim for intrusion detection
technology held by Network Associates. We believe that the lawsuit is without
merit and are vigorously defending against Network Associates' claims. However,
should Network Associates prevail in the suit, it could materially and adversely
affect our business.
We expect the number of intellectual property infringement lawsuits against
software companies to increase. Any such claims, with or without merit, could be
time consuming, result in costly litigation, cause product shipment delays or
require us to enter into royalty or licensing agreements.
We Lack Certain Trademark Protection
We currently cannot obtain trademark protection on the name "Internet
Security Systems" due to its general use in a variety of security-related
applications. While we have in the past taken and will continue to take action
against any use of that name in a manner that may create confusion for our
products in our current or future markets, we may not be successful in these
efforts.
We Face Potential Product Liability Exposure and Product Defects
Many organizations use our products for critical functions of monitoring
and enhancing network security. As a result, we risk product liability and
related claims for our products if they do not adequately perform this function.
In our licensing agreements, we typically seek to limit our liability for
special, consequential or incidental damages, but these provisions may not in
all cases be enforceable under applicable laws. In addition, we currently have
$2.0 million of product liability insurance coverage that, subject to customary
exclusions, covers claims resulting from failure of our products or services to
perform their intended function or to serve their intended purpose. A product
liability claim, to the extent not covered by our insurance, could materially
and adversely affect our business, operating results and financial condition.
29
31
Complex software products such as ours may contain undetected "bugs" that,
despite our testing, are discovered only after installation and use by our
customers. The occurrence of these bugs could result in adverse publicity, loss
of or delay in market acceptance or claims by customers against us, any of which
could have a material adverse effect upon our business, operating results and
financial condition. Customers who deploy or use our products improperly or
incompletely may experience temporary disruptions to their computer networking
systems, which could damage our relationship with them and our reputation. Our
current products may not be error-free and it is extremely doubtful that our
future products will be error-free. Furthermore, computers are manufactured in a
variety of different configurations with different operating systems (such as
Windows, Unix, Macintosh and OS/2) and embedded software. As a result, it is
very difficult to comprehensively test our software products for programming or
compatibility errors. Errors in the performance of our products, whether due to
our design or their compatibility with products of other companies, could hinder
the acceptance of our products.
ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
See the index to Consolidated Financial Statements at Item 14
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND
FINANCIAL DISCLOSURE
None.
30
32
PART III
Certain information required by Part III is omitted from this Form 10-K
because the Company will file a definitive Proxy Statement pursuant to
Regulation 14A (the "Proxy Statement") not later than 120 days after the end of
the fiscal year covered by this Form 10-K, and certain information to be
included therein is incorporated herein by reference.
ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT
The information required by this Item is incorporated by reference to the
Proxy Statement under the sections captioned "Proposal 1 -- Election of
Directors," "Executive Compensation -- Directors and Executive Officers" and
"Compliance with Section 16(a) of the Securities Exchange Act of 1934."
ITEM 11. EXECUTIVE COMPENSATION
The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation."
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT
The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Principal Stockholders."
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS
The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation -- Certain
Transactions with Management."
31
33
PART IV
ITEM 14. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K
(a) The following documents are filed as part of this Form 10-K:
1. Consolidated Financial Statements. The following consolidated
financial statements of ISS Group, Inc. are filed as part of this Form 10-K
on the pages indicated:
PAGE
----
ISS GROUP, INC.
Report of Independent Auditors.............................. 33
Consolidated Balance Sheets as of December 31, 1997 and
1998...................................................... 34
Consolidated Statements of Operations for the Years Ended
December 31, 1996, 1997 and 1998.......................... 35
Consolidated Statements of Stockholders' Equity (Deficit)
for the Years Ended December 31, 1996, 1997 and 1998...... 36
Consolidated Statements of Cash Flows for the Years Ended
December 31, 1996, 1997 and 1998.......................... 37
Notes to Consolidated Financial Statements.................. 38
2. Consolidated Financial Statement Schedules:
Schedule II -- Valuation and Qualifying Accounts............ 48
Schedules other than the one listed above are omitted as the required
information is inapplicable or the information is presented in the
consolidated financial statements or related notes.
3. Exhibits. The exhibits to this Annual Report on Form 10-K have
been included only with the copy of this Annual Report on Form 10-K filed
with the Securities and Exchange Commission. Copies of individual exhibits
will be furnished to stockholders upon written request to the Company and
payment of a reasonable fee.
EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------
2.1* -- Stock Purchase Agreement dated October 6, 1998, by and among
the Company, March Information Systems and its shareholders
(filed as Exhibit 2.1 to the Company's Current Report on
Form 8-K dated October 20, 1998).
3.1* -- Certificate of Incorporation (filed as Exhibit 3.1 to the
Company's Registration Statement on Form S-1, Registration
No. 333-44529 (the "Form S-1").
3.2* -- Bylaws (filed as Exhibit 3.2 to the Form S-1).
4.1* -- Specimen Common Stock certificate (filed as Exhibit 4.1 to
the Form S-1).
4.2 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate
of Incorporation and Bylaws of the Company defining the
rights of holders of the Company's Common Stock.
10.1* -- Restated 1995 Stock Incentive Plan (filed as Exhibit 10.1 to
the Form S-1).
10.2* -- Internet Security Systems, Inc. Amended and Restated Rights
Agreement (filed as Exhibit 10.3 to the Form S-1).
10.3* -- Stock Exchange Agreement dated December 9, 1997 (filed as
Exhibit 10.4 to the Form S-1).
10.4* -- Amended and Restated Agreement Regarding Acceleration of
Vesting of Future Optionees (filed as Exhibit 10.5 to the
Form S-1).
10.5* -- Forms of Non-Employee Director Compensation Agreement,
Notice of Stock Option Grants and Stock Option Agreement
(filed as Exhibit 10.6 to the Form S-1).
10.6* -- Sublease for Atlanta facilities (filed as Exhibit 10.7 to
the Form S-1).
32
34
EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------
10.7* -- Form of Indemnification Agreement for directors and certain
officers (filed as Exhibit 10.8 to the Form S-1).
10.8* -- Series B Preferred Stock Purchase Agreement (filed as
Exhibit 10.9 to the Form S-1).
10.9* -- Sublease for additional Atlanta facilities (filed as Exhibit
10.9 to the Company's Registration Statement on Form S-1,
Registration No. 333-71471).
21.1* -- Subsidiaries of the Company (filed as Exhibit 21.1 to the
Company's Registration Statement on Form 2-1, Registration
No. 333-71471).
23.1 -- Consent of Ernst & Young LLP.
24.1 -- Power of Attorney, pursuant to which amendments to this
Annual Report on Form 10-K may be filed, is included on the
signature page contained in Part IV of the Form 10-K.
27.1* -- Financial Data Schedule (filed as Exhibit 27.1 to the
Company's Registration Statement on Form S-1, Registration
No. 333-71471).
- ---------------
* Incorporated herein by reference to the indicated filing.
(b) Reports on Form 8-K
During the quarter ended December 31, 1998, the Company filed one Current
Report on Form 8-K. This report was filed on October 20, 1998, reporting the
execution of a Stock Purchase Agreement with March Information Systems and its
shareholders. This Current Report was amended to include certain financial
information regarding March Information Systems dated on December 16, 1998.
33
35
REPORT OF INDEPENDENT AUDITORS
Board of Directors
ISS Group, Inc.
We have audited the accompanying consolidated balance sheets of ISS Group,
Inc. as of December 31, 1997 and 1998, and the related consolidated statements
of operations, stockholders' equity (deficit), and cash flows for each of the
three years in the period ended December 31, 1998. Our audit also included the
financial statement schedule listed in the Index at Item 14(a). These financial
statements and schedule are the responsibility of the Company's management. Our
responsibility is to express an opinion on these financial statements and
schedule based on our audits.
We conducted our audits in accordance with generally accepted auditing
standards. Those standards require that we plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis, evidence supporting
the amounts and disclosures in the financial statements. An audit also includes
assessing the accounting principles used and significant estimates made by
management, as well as evaluating the overall financial statement presentation.
We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present fairly,
in all material respects, the consolidated financial position of ISS Group, Inc.
at December 31, 1997 and 1998, and the consolidated results of its operations
and its cash flows for each of the three years in the period ended December 31,
1998, in conformity with generally accepted accounting principles.
Also, in our opinion, the related financial statement schedule, when
considered in relation to the basic financial statements taken as a whole,
presents fairly in all material respects the information set forth therein.
/s/ Ernst & Young LLP
Atlanta, GA
January 15, 1999
34
36
ISS GROUP, INC.
CONSOLIDATED BALANCE SHEETS
DECEMBER 31,
-------------------------
1997 1998
----------- -----------
ASSETS
Current assets:
Cash and cash equivalents................................. $ 3,929,000 $52,632,000
Accounts receivable, less allowance for doubtful accounts
of $255,000 and $287,000, respectively................. 4,038,000 12,586,000
Prepaid expenses and other current assets................. 281,000 743,000
----------- -----------
Total current assets.............................. 8,248,000 65,961,000
Property and equipment:
Computer equipment........................................ 1,688,000 4,370,000
Office furniture and equipment............................ 268,000 1,027,000
Leasehold improvements.................................... 15,000 275,000
----------- -----------
1,971,000 5,672,000
Less accumulated depreciation............................. 402,000 1,655,000
----------- -----------
1,569,000 4,017,000
Goodwill, less accumulated amortization of $77,000.......... -- 3,094,000
Other intangible assets, less accumulated amortization of
$154,000.................................................. -- 4,692,000
Other assets................................................ 49,000 257,000
----------- -----------
Total assets......................................... $ 9,866,000 $78,021,000
=========== ===========
LIABILITIES AND STOCKHOLDERS' EQUITY (DEFICIT)
Current liabilities:
Accounts payable.......................................... $ 2,002,000 $ 692,000
Accrued expenses.......................................... 1,798,000 4,202,000
Deferred revenues......................................... 2,106,000 6,678,000
Current portion of long-term debt......................... 70,000 --
----------- -----------
Total current liabilities............................ 5,976,000 11,572,000
Long-term debt.............................................. 70,000 --
Other liabilities........................................... -- 134,000
Commitments and contingencies
Redeemable, Convertible Preferred Stock (5,737,000 shares
authorized):
Series A; $.001 par value; 3,650,000 and 0 shares issued
and outstanding, respectively (liquidation preference
$1 per share).......................................... 3,621,000 --
Series B; $.001 par value; 2,087,000 and 0 shares issued
and outstanding, respectively (liquidation preference
$2.53 per share)....................................... 5,257,000 --
Stockholders' equity (deficit):
Preferred stock; $.001 par value; 20,000,000 shares
authorized, none issued or outstanding
Common stock, $.001 par value, 50,000,000 shares
authorized, 7,921,000 and 17,292,000 shares issued and
outstanding, respectively.............................. 8,000 17,000
Additional paid-in capital................................ 695,000 76,110,000
Deferred compensation..................................... (571,000) (662,000)
Cumulative adjustment for currency revaluation............ -- 142,000
Accumulated deficit....................................... (5,190,000) (9,292,000)
----------- -----------
Total stockholders' equity (deficit)................. (5,058,000) 66,315,000
----------- -----------
Total liabilities and stockholders' equity
(deficit)........................................... $ 9,866,000 $78,021,000
=========== ===========
See accompanying notes.
35
37
ISS GROUP, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
YEAR ENDED DECEMBER 31,
---------------------------------------
1996 1997 1998
----------- ----------- -----------
Revenues:
Perpetual licenses.................................... $ 4,233,000 $10,936,000 $25,936,000
Subscriptions......................................... 219,000 2,465,000 7,406,000
Professional services................................. 10,000 66,000 2,587,000
----------- ----------- -----------
4,462,000 13,467,000 35,929,000
Costs and expenses:
Cost of revenues...................................... 18,000 676,000 4,831,000
Research and development.............................. 1,225,000 3,434,000 9,321,000
Charge for in-process research and development........ -- -- 802,000
Sales and marketing................................... 3,768,000 11,731,000 22,762,000
General and administrative............................ 656,000 1,773,000 4,389,000
Amortization.......................................... -- -- 230,000
----------- ----------- -----------
5,667,000 17,614,000 42,335,000
----------- ----------- -----------
Operating loss.......................................... (1,205,000) (4,147,000) (6,406,000)
Interest income......................................... 77,000 245,000 2,382,000
Interest expense........................................ (3,000) (17,000) (16,000)
----------- ----------- -----------
Loss before income taxes................................ (1,131,000) (3,919,000) (4,040,000)
Provision for income taxes.............................. -- -- 62,000
=========== =========== ===========
Net loss................................................ $(1,131,000) $(3,919,000) $(4,102,000)
=========== =========== ===========
Basic and diluted net loss per share of Common Stock.... $ (0.14) $ (0.50) $ (0.28)
=========== =========== ===========
Weighted average number of shares used in calculating
basic and diluted net loss per share of Common
Stock................................................. 7,916,000 7,907,000 14,883,000
=========== =========== ===========
Unaudited pro forma net loss per share of Common
Stock................................................. $ (0.29) $ (0.25)
=========== ===========
Unaudited weighted average number of shares used in
calculating unaudited pro forma net loss per share of
Common Stock.......................................... 13,644,000 16,189,000
=========== ===========
See accompanying notes.
36
38
ISS GROUP, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (DEFICIT)
ACCUMULATED RETAINED
COMMON STOCK ADDITIONAL OTHER EARNINGS
-------------------- PAID-IN DEFERRED COMPREHENSIVE (ACCUMULATED
SHARES AMOUNT CAPITAL COMPENSATION INCOME DEFICIT)
---------- ------- ----------- ------------ -------------- -------------
Balance at December 31, 1995....... 8,002,000 $ 8,000 $ 125,000 $ -- $ -- $ (140,000)
Comprehensive income (loss)
Net loss....................... -- -- -- -- -- (1,131,000)
Repurchase of Common Stock from
founder........................ (100,000) -- (15,000) -- -- --
Accretion related to Redeemable,
Convertible Preferred Stock.... -- -- (7,000) -- -- --
---------- ------- ----------- --------- -------- -----------
Balance at December 31, 1996....... 7,902,000 8,000 103,000 -- -- --
Comprehensive income (loss)
Net loss....................... -- -- -- -- -- (3,919,000)
Accretion related to Redeemable,
Convertible Preferred Stock.... -- -- (11,000) -- -- --
Deferred compensation related to
stock options.................. -- -- 571,000 (571,000) -- --
Issuance of Common Stock......... 19,000 -- 32,000 -- -- --
---------- ------- ----------- --------- -------- -----------
Balance at December 31, 1997....... 7,921,000 8,000 695,000 (571,000) -- (5,190,000)
Comprehensive income (loss)
Net loss....................... -- -- -- -- -- (4,102,000)
Translation adjustment......... -- -- -- -- 142,000 --
-- -- -- -- -- --
Issuance of Common Stock:
Initial public offering........ 3,070,000 3,000 61,528,000 -- -- --
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... 5,737,000 6,000 8,872,000 -- -- --
Acquisitions................... 158,000 -- 3,901,000 -- -- --
Exercise of stock options...... 405,000 -- 292,000 -- -- --
Issuance to consultant......... 1,000 -- 11,000 -- -- --
Deferred compensation related to
stock options.................. -- -- 811,000 (811,000) -- --
Amortization of deferred
compensation in connection with
stock options.................. -- -- -- 720,000 -- --
---------- ------- ----------- --------- -------- -----------
Balance at December 31, 1998....... 17,292,000 $17,000 $76,110,000 $(662,000) $142,000 $(9,292,000)
========== ======= =========== ========= ======== ===========
TOTAL
STOCKHOLDERS'
COMPREHENSIVE EQUITY
INCOME (DEFICIT)
------------- --------------
Balance at December 31, 1995....... -- $ (7,000)
Comprehensive income (loss)
Net loss....................... $(1,131,000) (1,131,000)
===========
Repurchase of Common Stock from
founder........................ -- (15,000)
Accretion related to Redeemable,
Convertible Preferred Stock.... -- (7,000)
-----------
Balance at December 31, 1996....... (1,160,000)
Comprehensive income (loss)
Net loss....................... $(3,919,000) (3,919,000)
===========
Accretion related to Redeemable,
Convertible Preferred Stock.... -- (11,000)
Deferred compensation related to
stock options.................. -- --
Issuance of Common Stock......... -- 32,000
-----------
Balance at December 31, 1997....... -- (5,058,000)
Comprehensive income (loss)
Net loss....................... $(4,102,000) (4,102,000)
Translation adjustment......... 142,000 142,000
-----------
$(3,960,000) --
===========
Issuance of Common Stock:
Initial public offering........ -- 61,531,000
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... -- 8,878,000
Acquisitions................... -- 3,901,000
Exercise of stock options...... -- 292,000
Issuance to consultant......... -- 11,000
Deferred compensation related to
stock options.................. -- --
Amortization of deferred
compensation in connection with
stock options.................. 720,000
-----------
Balance at December 31, 1998....... $66,315,000
===========
See accompanying notes.
37
39
ISS GROUP, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
YEAR ENDED DECEMBER 31,
---------------------------------------
1996 1997 1998
----------- ----------- -----------
OPERATING ACTIVITIES
Net loss................................................ $(1,131,000) $(3,919,000) $(4,102,000)
Adjustments to reconcile net loss to net cash used in
operating activities:
Depreciation....................................... 66,000 334,000 1,253,000
Amortization of goodwill and intangibles........... -- -- 231,000
Charge for in-process research and development..... -- -- 802,000
Amortization of deferred compensation.............. -- -- 720,000
Other non-cash expense............................. -- 31,000 118,000
Changes in assets and liabilities, excluding the
effects of acquisitions:
Accounts receivable........................... (1,802,000) (2,089,000) (8,107,000)
Prepaid expenses and other assets............. (146,000) (179,000) (501,000)
Accounts payable and accrued expenses......... 955,000 2,728,000 776,000
Deferred revenues............................. 607,000 1,462,000 4,461,000
----------- ----------- -----------
Net cash used in operating activities......... (1,451,000) (1,632,000) (4,349,000)
----------- ----------- -----------
INVESTING ACTIVITIES
Acquisitions, net of cash acquired...................... -- -- (5,206,000)
Purchases of property and equipment..................... (320,000) (1,630,000) (3,567,000)
----------- ----------- -----------
Net cash used in investing activities................... (320,000) (1,630,000) (8,773,000)
----------- ----------- -----------
FINANCING ACTIVITIES
Proceeds from (payments on) long-term debt.............. 210,000 (70,000) (140,000)
Net proceeds from Redeemable, Convertible Preferred
Stock issuances....................................... 3,607,000 5,253,000 --
Payments on notes payable to shareholder................ (30,000) -- --
Net proceeds from initial public offering............... -- -- 61,531,000
Other Common Stock activities........................... (15,000) 1,000 292,000
----------- ----------- -----------
Net cash provided by financing activities............... 3,772,000 5,184,000 61,683,000
----------- ----------- -----------
Foreign currency impact on cash......................... -- -- 142,000
Net increase in cash and cash equivalents............... 2,001,000 1,922,000 48,703,000
Cash and cash equivalents at beginning of year.......... 6,000 2,007,000 3,929,000
----------- ----------- -----------
Cash and cash equivalents at end of year................ $ 2,007,000 $ 3,929,000 $52,632,000
=========== =========== ===========
SUPPLEMENTAL CASH FLOW DISCLOSURE
Interest paid........................................... $ 1,000 $ 17,000 $ 16,000
=========== =========== ===========
See accompanying notes.
38
40
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
DECEMBER 31, 1998
1. SIGNIFICANT ACCOUNTING POLICIES
CONSOLIDATION AND DESCRIPTION OF BUSINESS
The consolidated financial statements include the accounts of ISS Group,
Inc. and its subsidiaries ("ISS"). All significant intercompany investment
accounts and transactions have been eliminated in consolidation.
On March 27, 1998, ISS completed an initial public offering ("IPO") of its
Common Stock. A total of 3,450,000 shares were sold at $22 per share, including
450,000 shares sold pursuant to the underwriters over-allotment option and
380,000 sold by certain selling stockholders. ISS did not receive any of the
proceeds from the sale of shares by the selling stockholders. The net proceeds
to ISS were approximately $61,531,000 and certain of such proceeds have been
used for general corporate purposes. ISS's shares are traded on the Nasdaq
National Market under the ticker symbol "ISSX".
ISS Group, Inc. was incorporated in the State of Delaware on December 8,
1997 to be a holding company for Internet Security Systems, Inc., a Georgia
company incorporated on April 19, 1994, to design, market, and sell computer
network security assessment software. In addition, ISS has various other
subsidiaries in Europe and the Asia/Pacific region with primary marketing and
sales responsibilities for ISS's products and services in their respective
markets.
The financial statements of foreign subsidiaries have been translated into
United States dollars in accordance with Financial Accounting Standards Board
("FASB") Statement of Financial Accounting Standards ("SFAS") No. 52 Foreign
Currency Translation. Revenues from international customers, except in Japan,
were denominated in U.S. dollars. Revenues from Japanese customers and
international expenditures were denominated in the respective local currencies
and translated using the average exchange rates for the year. The effect on the
statements of operations related to transaction gains and losses is
insignificant for all years presented. All balance sheet accounts have been
translated using the exchange rates in effect at the balance sheet date.
ISS's business is focused on maintaining the latest security threat and
vulnerability checks within existing products and creating new products and
services that are consistent with ISS's goal of providing an adaptive solution
approach to enterprise network security. This approach entails continuous
security risk monitoring and response to develop an active and informed network
security policy.
REVENUE RECOGNITION
ISS recognizes its perpetual license revenues upon (i) delivery of software
or, if the customer has evaluation software, delivery of the software key, and
(ii) issuance of the related license, assuming no significant vendor obligations
or customer acceptance rights exist. For perpetual license agreements when
payment terms extend over periods greater than 12 months, revenue is recognized
as such amounts are billable. In October 1997, the AICPA issued Statement of
Position ("SOP") No. 97-2, Software Revenue Recognition, which ISS adopted,
effective January 1, 1997. Such adoption had no effect on ISS's methods of
recognizing revenue from license and maintenance activities. Prior to 1997,
ISS's revenue recognition policy was in accordance with the preceding
authoritative guidance provided by SOP No. 91-1, Software Revenue Recognition.
Subscriptions revenues include maintenance and term licenses. Annual
renewable maintenance is a separate component of perpetual license agreements
with revenue recognized ratably over the maintenance contract term. Term
licenses allow customer use of the product and maintenance for a specified
period, generally 12 months, for which revenues are also recognized ratably over
the contract term. Professional services revenues are recognized as such
services are performed.
39
41
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
COST OF REVENUES
Cost of revenues include amounts related to ISS's technical support group
who provide assistance to customers with maintenance agreements and the costs
related to ISS's professional services.
CASH AND CASH EQUIVALENTS
Cash equivalents include all highly liquid investments with a maturity of
three months or less when purchased. Such amounts are stated at cost, which
approximates market value.
CONCENTRATIONS OF CREDIT RISK
Financial instruments that potentially subject ISS to significant
concentrations of credit risk consist principally of cash and cash equivalents
and accounts receivable. ISS maintains cash and cash equivalents in short-term
money market accounts with two financial institutions and short-term, investment
grade commercial paper. ISS's sales are primarily to companies located in the
United States, Europe and the Asia/Pacific region. ISS performs periodic credit
evaluations of its customers' financial condition and does not require
collateral. Accounts receivable are due principally from large U.S. companies
under stated contract terms. ISS provides for estimated credit losses, which
have not been significant to date, as required.
PROPERTY AND EQUIPMENT
Property and equipment are stated at cost less accumulated depreciation.
Depreciation is computed using the straight-line method for financial reporting
purposes over the estimated useful lives of the assets (primarily three years).
GOODWILL AND INTANGIBLES
The major classes of intangible assets, including goodwill (excess of cost
over acquired net assets), at December 31, 1998 are as follows:
LIFE
----
Goodwill.................................................... 10 $3,171,000
less accumulated amortization............................... (77,000)
----------
$3,094,000
==========
Core technology............................................. 8 $3,853,000
Developed technology........................................ 5 778,000
Work force.................................................. 6 215,000
----------
4,846,000
less accumulated amortization............................... (154,000)
----------
$4,692,000
==========
Goodwill and other intangible assets are amortized using the straight-line
method for the period indicated. They are reviewed for impairment whenever
events indicate that their carrying amounts may not be recoverable. In such
reviews, undiscounted cash flows associated with these assets are compared with
their carrying values to determine if a write-down to fair value is required.
40
42
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
RESEARCH AND DEVELOPMENT COSTS
Research and development costs are charged to expense as incurred. ISS has
not capitalized any such development costs under SFAS No. 86, Accounting for the
Costs of Computer Software to Be Sold, Leased, or Otherwise Marketed, because
the cost incurred between the attainment of technological feasibility for the
various software products through the date when such products are made available
for general release to customers has been insignificant.
INCOME TAXES
ISS uses the liability method of accounting for income taxes. Under this
method, deferred income tax assets and liabilities are determined based on
differences between the financial reporting and tax bases of assets and
liabilities and are measured using the enacted tax rates and laws that will be
in effect when the differences are expected to reverse.
ADVERTISING COSTS
ISS incurred $485,000, $572,000 and $486,000 of advertising costs for the
years ended December 31, 1996, 1997 and 1998, respectively, which are expensed
as incurred and are included in sales and marketing expense in the statements of
operations.
USE OF ESTIMATES
The preparation of financial statements in conformity with generally
accepted accounting principles requires management to make estimates and
assumptions that affect the amounts reported in the financial statements and
accompanying notes. Actual results may differ from those estimates, and such
differences may be material to the consolidated financial statements.
STOCK-BASED COMPENSATION
ISS generally grants stock options for a fixed number of shares to certain
employees with an exercise price equal to the fair value of the shares at the
date of grant. ISS accounts for stock option grants in accordance with
Accounting Principles Board ("APB") Opinion No. 25, Accounting for Stock Issued
to Employees, and, accordingly, recognizes compensation expense only if the fair
value of the underlying Common Stock exceeds the exercise price of the stock
option on the date of grant. In October 1995, the FASB issued SFAS No. 123,
Accounting for Stock-Based Compensation, which provides an alternative to APB
Opinion No. 25 in accounting for stock-based compensation issued to employees.
As permitted by SFAS No. 123, ISS continues to account for stock-based
compensation in accordance with APB Opinion No. 25 and has elected the pro forma
disclosure alternative of SFAS No. 123 (see Note 5).
LOSS PER SHARE
Basic and diluted historical net loss per share (see Note 9) was computed
by dividing net loss plus accretion of the Series A and Series B Redeemable,
Convertible Preferred Stock by the weighted average number of shares of Common
Stock. Common Stock equivalents were antidilutive and therefore were not
included in the computation of weighted average shares used in computing diluted
loss per share. Also, ISS has no Common Stock equivalents due to "cheap stock"
as defined in Securities and Exchange Commission ("SEC") Staff Accounting
Bulletin No. 98.
Unaudited pro forma net loss per share was computed by dividing net loss by
the unaudited weighted average number of shares of Common Stock outstanding plus
the assumed conversion of the Redeemable,
41
43
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)
Convertible Preferred Stock into 5,737,000 shares of Common Stock as of the
later of (i) January 1, 1997 or (ii) the date of issuance of such preferred
stock, instead of March 27, 1998 when such shares of preferred stock
automatically converted into Common Stock.
RECENTLY ISSUED ACCOUNTING STANDARDS
In June 1997, the FASB issued SFAS No. 131, Disclosures about Segments of
an Enterprise and Related Information. SFAS No. 131 establishes standards for
the way that public business enterprises report information about operating
segments in annual financial statements for periods beginning after December 15,
1997. The Statement requires that business segment financial information be
reported in the financial statements utilizing the management approach. The
management approach is defined as the manner in which management organizes the
segments within the enterprise for making operating decisions and assessing
performance. Since ISS is organized as, and operates in, a single business
segment that provides products, technical support and consulting and training
services as components of its enterprise solution for network security, this
Statement did not have an impact on financial reporting for the year ended
December 31, 1998.
ISS adopted SFAS No. 130, Reporting Comprehensive Income, on January 1,
1998. ISS reported comprehensive income in its statement of changes in
stockholders' equity (deficit). The adoption of SFAS No. 130 resulted in revised
and additional disclosures but had no effect on the financial position, results
of operations, or liquidity of ISS.
RECLASSIFICATIONS
Certain reclassifications were made to the prior years' financial
statements to conform with the 1998 presentation.
2. FAIR VALUE OF FINANCIAL INSTRUMENTS
The carrying amounts reported in the balance sheets for cash and cash
equivalents, accounts receivable and accounts payable approximate their fair
values. The carrying amounts reported in the balance sheet at December 31, 1997
for long-term debt approximated its fair values as the interest rate related to
such debt was variable and commensurate with the credit worthiness of ISS.
3. BUSINESS COMBINATION AND ASSET ACQUISITION
In October 1998, ISS acquired March Information Systems Limited ("March"),
a United Kingdom-based developer of Windows NT and Unix-based security
assessment technologies. Also in October 1998, ISS acquired the technology
assets of DbSecure, Inc., a developer of database security risk assessment
software. ISS issued 158,000 shares of ISS Common Stock and paid $5,206,000 in
cash, net of cash acquired, and direct transaction costs for these acquisitions.
Both of these acquisitions have been accounted for as purchases and their
results have been included in the results of ISS's operations from the effective
dates of acquisition. Substantially all of the aggregate consideration of
$9,144,000 was allocated to identified intangibles, including core and developed
technologies, in-process research and development, work force and goodwill (see
Note 1).
The valuations of core and developed technologies and in-process research
and development were based on the present value of estimated future cash flows
over the lesser of: (i) five years or (ii) the period in which the product is
expected to be integrated into an existing ISS product. The resulting values
were reviewed for reasonableness based on the time and cost spent on the effort,
the complexity of the development effort and, in the case of in-process
development projects, the stage to which it had progressed. For in-process
research and
42
44
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
3. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED)
development, the valuation was reduced for the core technology component of such
product and the percentage of product development remaining at the acquisition
date. The resulting in-process research and development amount of $802,000 is
reflected as a charge in the 1998 statement of operations.
The following table summarizes pro forma unaudited results of operations as
if the acquisition of March was concluded on January 1, 1997. The effect of the
DbSecure acquisition is not included as its impact was immaterial. The
adjustments to the historical data reflect the reduction of interest income in
connection with the cash portion of the purchase price and amortization of
goodwill and intangibles. This unaudited pro forma financial information is not
necessarily indicative of what the combined operations would have been if ISS
had control of such combined businesses for the periods presented.
1997 1998
----------- -----------
Revenues.................................................... $15,513,000 $37,735,000
Operating loss.............................................. (4,901,000) (6,838,000)
Net loss.................................................... (4,946,000) (4,828,000)
Per share:
Basic and diluted net loss................................ $ (0.62) $ (0.32)
Pro forma net loss........................................ $ (0.36) $ (0.30)
4. REDEEMABLE, CONVERTIBLE PREFERRED STOCK
Redeemable, Convertible Preferred Stock consisted of the following:
GROSS NET
SERIES DATE OF ISSUANCE PROCEEDS PROCEEDS SHARES ISSUED
- ------ ----------------- ---------- ---------- --------------
A February 2, 1996 $3,650,000 $3,607,000 3,650,000
B February 14, 1997 5,280,000 5,253,000 2,087,000
---------- ---------- ---------
$8,930,000 $8,860,000 5,737,000
========== ========== =========
Accretion related to the Series A and Series B Redeemable, Convertible
Preferred Stock was recorded over the respective redemption period by charges
against additional paid-in capital with corresponding increases to the carrying
value of the Series A and Series B Redeemable, Convertible Preferred Stock. Such
increases aggregated $7,000 and $11,000 for the years ended December 31, 1996
and 1997, respectively, and were immaterial in 1998.
All of the outstanding shares of Redeemable, Convertible Preferred Stock
were automatically converted into an aggregate of 5,737,000 shares of Common
Stock on March 27, 1998 in connection with the IPO.
5. STOCK OPTION PLANS
ISS's Incentive Stock Plan (the "Plan") provides for the granting of
qualified or nonqualified options to purchase shares of ISS's Common Stock.
Under the Plan, there are 3,000,000 shares reserved for future issuances, which
increases automatically on the first trading day of each year, beginning with
1999, by an amount equal to 3% of the number of shares of Common Stock
outstanding on the last trading day of the immediately preceding year.
Certain options granted under the Plan prior to the IPO are immediately
exercisable, subject to a right of repurchase by ISS at the original exercise
price for all unvested shares. Options granted subsequent to the IPO are
generally exercisable as vesting occurs. Vesting is generally in equal annual
installments over four years, measured from the date of the grant.
43
45
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
5. STOCK OPTION PLANS -- (CONTINUED)
During the quarters ended December 31, 1997 and March 31, 1998, deferred
compensation of $571,000 and $811,000, respectively, was recorded for options
granted with an exercise price less than the fair value of the Common Stock on
the date of grant. The deferred compensation was determined by comparing the
exercise price of stock options issued in December 1997 to the estimated price
range for the IPO as set forth in the initial filing on January 20, 1998 of
ISS's Registration Statement on Form S-1. The fair value of ISS's Common Stock
in January and February 1998 was based on the final estimated price range
contained in ISS's pre-effective amendment to its Registration Statement filed
in March 1998. The amounts are being charged to operations proportionately over
the four-year vesting period of the related stock options. Amortization of
deferred compensation for the year ended December 31, 1998 was $720,000. All
other options were issued at fair market value on the date of grant.
On December 8, 1997, the Board of Directors granted to each of the four
non-employee directors a nonstatutory option to purchase up to 20,000 shares of
Common Stock outside the Plan, on the same terms as if those options had been
granted under the 1995 Plan. ISS reserved 80,000 shares of Common Stock for
issuance under these options.
A summary of ISS's stock option activity is as follows:
1997 1998
--------------------- ---------------------
WEIGHTED WEIGHTED
AVERAGE AVERAGE
NUMBER EXERCISE NUMBER EXERCISE
OF SHARES PRICE OF SHARES PRICE
---------- -------- ---------- --------
Outstanding at beginning of year..................... 810,000 $0.16 1,888,000 $ 2.71
Granted............................................ 1,103,000 4.54 961,000 22.78
Exercised.......................................... (7,000) 0.15 (405,000) 0.72
Canceled........................................... (18,000) 0.50 (65,000) 9.32
---------- ----------
Outstanding at end of year........................... 1,888,000 2.71 2,379,000 10.98
========== ==========
Exercisable at end of year........................... 1,888,000 2.71 1,585,000 3.85
========== ==========
Weighted average fair value of options granted during
the year........................................... $ 2.34 $ 12.77
========== ==========
The following table summarizes information about stock options outstanding
at December 31, 1998:
OPTIONS OUTSTANDING OPTIONS FULLY
---------------------------- VESTED AND EXERCISABLE
NUMBER OF WEIGHTED --------------------------
OPTIONS AVERAGE NUMBER WEIGHTED
OUTSTANDING AT REMAINING EXERCISABLE AVERAGE
DECEMBER 31, CONTRACTUAL AT DECEMBER 31, EXERCISE
RANGE OF EXERCISE PRICES 1998 LIFE 1998 PRICE
- ------------------------ -------------- ----------- --------------- --------
$0.15-0.60..................................... 695,000 7.7 years 289,000 $0.26
$1.00-7.00..................................... 741,000 8.9 years 185,000 5.99
$8.00-20.00.................................... 612,000 9.2 years -- --
$21.00-30.00................................... 181,000 9.8 years -- --
$31.00-50.00................................... 150,000 9.7 years -- --
ISS has reserved 2,379,000 shares of ISS common stock for the future
exercise of stock options at December 31, 1998.
Pro forma information regarding net income and net income per share is
required by SFAS No. 123, which also requires that the information be determined
as if ISS had accounted for its employee stock options
44
46
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
5. STOCK OPTION PLANS -- (CONTINUED)
granted subsequent to December 31, 1994 under the fair value method prescribed
by that Statement. The fair value for options granted was estimated at the date
of grant using the Black-Scholes option pricing model. The following weighted
average assumptions were used for 1997 and 1998, respectively: risk-free
interest rates of 6.28% and 5.27%; no dividend yield; a .60 volatility factor;
and an expected life of the options of 4 and 5 years, respectively.
The Black-Scholes option valuation model was developed for use in
estimating the fair value of traded options which have no vesting restrictions
and are fully transferable. In addition, option valuation models require the
input of highly subjective assumptions including the expected stock price
volatility. Because employee stock options have characteristics different from
those of traded options, and because the changes in the subjective input
assumptions can materially affect the fair value estimate, in management's
opinion, the existing models do not necessarily provide a reliable single
measure of the fair value of its employee stock options.
For purposes of pro forma disclosures, the estimated fair value of the
option is amortized to expense over the options' vesting period. The following
pro forma information adjusts net loss for the years ended December 31, 1997 and
1998 for the impact of SFAS No. 123:
YEAR ENDED
DECEMBER 31,
-------------------------
1997 1998
----------- -----------
Pro forma net loss.......................................... $(3,975,000) $(6,126,000)
=========== ===========
Pro forma net loss per share................................ $ (0.29) $ (0.38)
=========== ===========
6. COMMITMENTS AND CONTINGENT LIABILITIES
ISS has noncancellable operating leases for facilities that expire at
various dates through July 2002. Future minimum payments under noncancellable
operating leases with initial terms of one year or more consisted of the
following at December 31, 1998:
OPERATING
LEASES
----------
1999........................................................ $1,855,000
2000........................................................ 1,693,000
2001........................................................ 1,513,000
2002........................................................ 683,000
----------
Total minimum lease payments...................... $5,744,000
==========
Rent expense was approximately $105,000, $401,000 and $1,200,000 for the
years ended December 31, 1996, 1997, and 1998, respectively.
In July 1998, Network Associates, Inc. ("Network Associates"), a competitor
of ISS, filed a patent infringement suit against ISS in the Federal District
Court for the Northern District of California. The suit alleges that ISS's
product, RealSecure, violates certain patent claims issued for Network
Associates' intrusion detection technology. ISS believes the lawsuit is without
merit and intends to defend against it vigorously. However, there can be no
assurance that the lawsuit will not have or result in a material adverse effect
on ISS's business, operating results or financial condition.
45
47
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
7. INCOME TAXES
A reconciliation of the provision for income taxes to the statutory federal
income tax rate is as follows:
YEAR ENDED DECEMBER 31,
-------------------------------------
1996 1997 1998
--------- ----------- -----------
Statutory rate at 34%, applied to pretax loss............ $(384,000) $(1,332,000) $(1,440,000)
State income taxes, net of federal income tax benefit.... (45,000) (157,000) (160,000)
Intangibles.............................................. -- -- 345,000
Research and development tax credit...................... (28,000) (159,000) (384,000)
Foreign operations....................................... 100,000 -- 62,000
Other.................................................... 46,000 (26,000) 42,000
Change in valuation allowance............................ 311,000 1,674,000 1,597,000
--------- ----------- -----------
$ -- $ -- $ 62,000
========= =========== ===========
The provision for income taxes for the year ended December 31, 1998
consisted of $62,000 of current income taxes related to some of ISS's foreign
operations.
Deferred income taxes reflect the net income tax effects of temporary
differences between the carrying amounts of assets and liabilities for financial
reporting purposes and the amounts used for income tax purposes. Significant
components of ISS's net deferred income tax assets are as follows:
DECEMBER 31,
--------------------------
1997 1998
----------- ------------
Deferred income tax liabilities:
Core technology............................................. $ -- $ (494,000)
----------- ------------
Total deferred income tax liabilities....................... -- (494,000)
----------- ------------
Deferred income tax assets:
Depreciation.............................................. 69,000 72,000
Accrued liabilities....................................... 143,000 410,000
Allowance for doubtful accounts........................... 97,000 109,000
Deferred compensation..................................... -- 274,000
Net operating loss carryforwards.......................... 1,573,000 5,178,000
Research and development tax credit carryforwards......... 187,000 571,000
----------- ------------
Total deferred income tax assets.................. 2,069,000 6,120,000
Less deferred income tax asset valuation allowance.......... (2,069,000) (6,120,000)
----------- ------------
Net deferred income tax assets.............................. $ -- $ --
=========== ============
For financial reporting purposes, a valuation allowance has been recognized
to reduce the net deferred income tax assets to zero. ISS has not recognized the
benefit from the future use of such loss carryforwards because management's
evaluation of all the available evidence in assessing the realizability of the
tax benefits of such loss carryforwards and other deferred income tax benefits
indicates that the underlying assumptions of future profitable operations
contain risks that do not provide sufficient assurance to recognize such tax
benefits currently.
ISS has approximately $13,600,000 of net operating loss carryforwards for
federal income tax purposes that expire in varying amounts between 2011 and
2018. These carryforwards include approximately $7,700,000 related to exercises
of stock options in 1998 for which the income tax benefit, if realized, would
increase additional paid-in capital. ISS also has approximately $800,000 of net
operating loss carryforwards related to
46
48
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
7. INCOME TAXES -- (CONTINUED)
its foreign operations which expire between 2002 and 2003. Additionally, ISS has
approximately $571,000 of research and development tax credit carryforwards
which expire between 2011 and 2014.
8. EMPLOYEE BENEFIT PLANS
ISS sponsors a 401(k) plan that covers substantially all employees over 21
years of age. ISS may make contributions to the plan at its discretion, but has
made no contributions to the plan through December 31, 1998.
9. LOSS PER SHARE
The following table sets forth the computation of basic, diluted and pro
forma (unaudited) net loss per share:
YEAR ENDED DECEMBER 31,
---------------------------------------
1996 1997 1998
----------- ----------- -----------
Numerator:
Net loss.............................................. $(1,131,000) $(3,919,000) $(4,102,000)
Accretion of Series A and Series B Redeemable,
Convertible Preferred Stock........................ (7,000) (11,000) --
----------- ----------- -----------
$(1,138,000) $(3,930,000) $(4,102,000)
=========== =========== ===========
Denominator:
Denominator for basic and diluted net loss per
share -- weighted average shares................... 7,916,000 7,907,000 14,883,000
Redeemable, Convertible Preferred Stock............... -- 5,737,000 1,306,000
----------- ----------- -----------
Weighted average shares for pro forma net loss per
share.............................................. 7,916,000 13,644,000 16,189,000
=========== =========== ===========
Basic net loss per share................................ $ (0.14) $ (0.50) $ (0.28)
=========== =========== ===========
Diluted net loss per share.............................. $ (0.14) $ (0.50) $ (0.28)
=========== =========== ===========
Pro forma net loss per share (unaudited)................ $ (0.29) $ (0.25)
=========== ===========
Stock options aggregating 1,888,000 and 2,379,000 at December 31, 1997 and
1998, respectively, are not included in the above calculations as they are
antidilutive.
10. EXPORT SALES
Export sales from the United States to the Europe and Asia/Pacific region
represented approximately 10% and 3%, respectively, of total revenues for the
year ended December 31, 1997 and 12% and 0%, respectively, of total revenues for
the year ended December 31, 1998. Export sales were not significant for the year
ended December 31, 1996. Revenues generated from ISS's foreign operations
located in the Europe and Asia/Pacific region totaled approximately 0% and 8%,
respectively, and 2% and 5%, respectively, of total revenues for the years ended
December 31, 1997 and 1998, respectively. ISS had no revenue generating foreign
operations prior to 1997.
47
49
ISS GROUP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)
11. QUARTERLY FINANCIAL RESULTS -- (UNAUDITED)
Summarized quarterly results for the two years ended December 31, 1997 and
1998 are as follows (in thousands, except per share data):
FIRST SECOND THIRD FOURTH
------- ------- ------- -------
1997 by quarter:
Revenues........................................ $ 2,225 $ 2,671 $ 3,473 $ 5,098
Operating loss.................................. (429) (678) (1,092) (1,948)
Net loss........................................ (394) (610) (1,026) (1,889)
Loss per share(1):
Basic and diluted............................... (0.05) (0.08) (0.13) (0.24)
Pro forma (unaudited)........................... (0.03) (0.05) (0.08) (0.14)
1998 by quarter:
Revenues........................................ 6,073 7,331 9,430 13,095
Operating loss.................................. (1,705) (1,924) (1,348) (1,429)
Net loss........................................ (1,639) (1,083) (583) (797)
Loss per share(1):
Basic and diluted............................... (0.19) (0.06) (0.03) (0.05)
Pro forma (unaudited)........................... (0.12) -- -- --
- ---------------
(1) Because of the method used in calculating per share data, the quarterly per
share data will not add to the per share data as computed for the year.
48
50
SCHEDULE II
VALUATION AND QUALIFYING ACCOUNTS
BALANCE AT
BEGINNING OF BALANCE AT
YEAR PROVISION WRITEOFFS END OF YEAR
------------- --------- --------- ------------
1996
Allowance for Doubtful Accounts................ $ -- $ 86,000 $ (7,000) $ 79,000
======== ======== ========= ========
1997
Allowance for Doubtful Accounts................ $ 79,000 $195,000 $ (19,000) $255,000
======== ======== ========= ========
1998
Allowance for Doubtful Accounts................ $255,000 $135,000 $(103,000) $287,000
======== ======== ========= ========
49
51
SIGNATURES
Pursuant to the requirements of the Section 13 or 15(d) of the Securities
Exchange Act of 1934, the Registrant has duly caused this Report to be signed on
its behalf by the undersigned, thereunto duly authorized.
ISS GROUP, INC.
By: /s/ RICHARD MACCHIA
------------------------------------
Richard Macchia
Vice President and Chief Financial
Officer
Dated: February 17, 1999
POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature
appears below hereby severally constitutes and appoints, Thomas E. Noonan,
Richard Macchia and Jon Ver Steeg, and each or any of them, his true and lawful
attorney-in-fact and agent, each with the power of substitution and
resubstitution, for him in any and all capacities, to sign any and all
amendments to this Annual Report (Form 10-K) and to file the same, with exhibits
thereto and other documents in connection therewith, with the Securities and
Exchange Commission, hereby ratifying and confirming all that each said
attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or
cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this
Report has been signed below by the following persons on behalf of the
Registrant and in the capacities and on the dates indicated.
NAME TITLE DATE
---- ----- ----
/s/ THOMAS E. NOONAN Chairman, President and Chief February 17, 1999
- ----------------------------------------------------- Executive (Principal
Thomas E. Noonan Executive Officer)
/s/ CHRISTOPHER W. KLAUS Chief Technology Officer, February 17, 1999
- ----------------------------------------------------- Secretary and Director
Christopher W. Klaus
/s/ RICHARD MACCHIA Vice President and Chief February 17, 1999
- ----------------------------------------------------- Financial Officer
Richard Macchia (Principal Financial and
Accounting Officer)
/s/ RICHARD S. BODMAN Director February 17, 1999
- -----------------------------------------------------
Richard S. Bodman
/s/ ROBERT E. DAVOLI Director February 17, 1999
- -----------------------------------------------------
Robert E. Davoli
/s/ KEVIN J. O'CONNOR Director February 17, 1999
- -----------------------------------------------------
Kevin J. O'Connor
/s/ DAVID N. STROHM Director February 17, 1999
- -----------------------------------------------------
David N. Strohm
50