-----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Originator-Name: webmaster@www.sec.gov Originator-Key-Asymmetric: MFgwCgYEVQgBAQICAf8DSgAwRwJAW2sNKK9AVtBzYZmr6aGjlWyK3XmZv3dTINen TWSM7vrzLADbmYQaionwg5sDW3P6oaM5D3tdezXMm7z1T+B+twIDAQAB MIC-Info: RSA-MD5,RSA, GjBfvk2lkey64z1fUczVSce0dt+tKZ7TAEdgqWOI9GUrAjRrL/R/fs4pRHnTznyU GrJi9yXOl4Lq8vz7Zctf6g== 0000950144-99-002008.txt : 19990218 0000950144-99-002008.hdr.sgml : 19990218 ACCESSION NUMBER: 0000950144-99-002008 CONFORMED SUBMISSION TYPE: 10-K PUBLIC DOCUMENT COUNT: 2 CONFORMED PERIOD OF REPORT: 19981231 FILED AS OF DATE: 19990217 FILER: COMPANY DATA: COMPANY CONFORMED NAME: ISS GROUP INC CENTRAL INDEX KEY: 0001053148 STANDARD INDUSTRIAL CLASSIFICATION: SERVICES-PREPACKAGED SOFTWARE [7372] IRS NUMBER: 582362189 STATE OF INCORPORATION: DE FISCAL YEAR END: 1231 FILING VALUES: FORM TYPE: 10-K SEC ACT: SEC FILE NUMBER: 000-23655 FILM NUMBER: 99544721 BUSINESS ADDRESS: STREET 1: 6600 PEACHTREE DUNWOODY RD STREET 2: BLDG 300 SUITE 500 CITY: ATLANTA STATE: GA ZIP: 30328 BUSINESS PHONE: 6784436000 10-K 1 ISS GROUP INC 1 - -------------------------------------------------------------------------------- - -------------------------------------------------------------------------------- UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 --------------------- FORM 10-K (MARK ONE) [X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE FISCAL YEAR ENDED DECEMBER 31, 1998 OR [ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM ____________ TO ____________
Commission file number - ISS GROUP, INC. (Exact Name of Registrant as Specified in Its Charter) DELAWARE 58-2362189 (State or other jurisdiction of (I.R.S. Employer Identification No.) incorporation or organization) 6600 PEACHTREE-DUNWOODY ROAD 30328 300 EMBASSY ROW, SUITE 500 (Zip code) ATLANTA, GEORGIA (Address of principal executive offices)
Registrant's telephone number, including area code: (678) 443-6000 Securities registered pursuant to Section 12(b) of the Act:
NAME OF EACH EXCHANGE TITLE OF EACH CLASS ON WHICH REGISTERED ------------------- --------------------- None None
Securities registered pursuant to Section 12(g) of the Act: COMMON STOCK, $0.001 PAR VALUE (Title of Class) Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes [X] No [ ] Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. [ ] The aggregate market value of the voting stock held by non-affiliates of the Registrant, based upon the closing sale price of Common Stock on February 5, 1999 as reported on the Nasdaq National Market, was approximately $1.03 billion (affiliates being, for these purposes only, directors, executive officers and holders of more than 5% of the Registrant's Common Stock). As of February 5, 1999, the Registrant had 17,356,487 outstanding shares of Common Stock. DOCUMENTS INCORPORATED BY REFERENCE Portions of the Proxy Statement for Registrant's 1999 Annual Meeting of Stockholders are incorporated by reference into Part III of this Form 10-K. - -------------------------------------------------------------------------------- - -------------------------------------------------------------------------------- 2 PART I ITEM 1. BUSINESS BUSINESS OVERVIEW We are the leading provider of monitoring, detection and response software that protects the security and integrity of enterprise information systems, according to market share reports by Aberdeen Group, Gartner Group and the Yankee Group. Our SAFEsuite family of products is designed to enforce "best practice" information risk management automatically across distributed computing environments. Our products use an innovative Adaptive Network Security, or ANS, approach that entails continuous security risk monitoring, detection and response to develop and enforce an active network security policy. In addition, we offer professional services which enable us to deliver comprehensive network and Internet security solutions to our customers. We pioneered the technology for vulnerability and threat detection through a dedicated security research and development team and we believe that we have the most comprehensive vulnerability and threat database in existence. We have licensed our network security solutions to over 3,000 organizations worldwide, including firms in the Global 2000, U.S. and international government agencies, and major universities. Twenty-one of the 25 largest commercial banks in the United States, as ranked by Fortune, have licensed our products. We also have established strategic relationships with industry leaders, including Check Point, GTE, IBM, MCI WorldCom, Microsoft and Nortel, to enable worldwide distribution of our core monitoring technology. INDUSTRY BACKGROUND Network computing has evolved from client/server-based local area networks to distributed computing environments based on the integration of inter-company wide area networks via the Internet. The proliferation and growth of corporate intranets and the increasing importance of electronic commerce have dramatically increased the openness of computer networks, with the Internet becoming a widely accepted platform for many business-to-business and direct-to-customer transactions. International Data Corporation ("IDC") estimates that the number of Internet users will grow from 97 million in 1998 to 320 million in 2002, and that the value of electronic commerce transactions will grow from $32 billion to $426 billion over the same period. Additionally, IDC estimates that the number of devices accessing the Web will increase from 120 million in 1998 to 515 million in 2002. To capitalize on these trends, organizations are increasingly connecting their enterprise networks to the Internet to facilitate and support strategic business objectives, including: - electronic data interchange (EDI); - supply chain systems integration; - Web-based access to account information and delivery schedules; and - secure messaging and online purchases and payments. With the increased use of the Internet by businesses and consumers, organizations increasingly network their key systems in order to reduce costs and increase revenues. For example, businesses can implement supply chain management applications through standards enabled by the Internet. To optimize the supply chain, businesses use the Internet to provide suppliers with access to sensitive internal information, such as engineering designs, product development plans, raw material inventories and product schedules. Organizations also strengthen their ties with customers through "corporate Internet portals" that provide comprehensive information for purchasing products, checking order status and managing customer billings. This increased level of access provided by open systems carries with it the risk of unauthorized access to and use of sensitive information or malicious disruptions of important information-exchange systems. 1 3 THE NEED FOR NETWORK SECURITY Although open computing environments have many business advantages, their accessibility and the relative anonymity of users make these systems, and the integrity of the information that is stored on them, vulnerable to security threats. Open systems present inviting opportunities for computer hackers, curious or disgruntled employees, contractors and competitors to compromise or destroy sensitive information within the system or to otherwise disrupt the normal operation of the system. In addition, open computing environments are complex and typically involve a variety of hardware, operating systems and applications supplied by a multitude of vendors, making these networks difficult to manage, monitor and protect from unauthorized access. Each new addition of operating system software, applications or hardware products to the distributed computing environment may introduce a vast number of new vulnerabilities and security risks. To adequately secure a network, information technology, or IT, managers must have the resources to not only correctly configure the security measures in each system, but also to understand the risks created by any change to existing systems on the network. This situation is made worse by the limited supply of personnel knowledgeable in information security issues. Executives must understand and manage the risks involved when integrating their systems with the systems of suppliers and customers to achieve strategic objectives. According to the annual Information Week/PricewaterhouseCoopers LLP 1998 Global Information Security Survey of IT managers and professionals, 59% of those surveyed who are associated with sites selling products or services on the Web reported at least one security breach in the past year. In addition, sites integrated with supply-chain network or enterprise resource planning applications reported security violations 10% more often than sites without such applications. In a separate PricewaterhouseCoopers 1998 survey of chief executive officers, 84% cited security concerns as a barrier to deployment of IT initiatives. Despite the convenience and the compelling economic incentives for the use of Internet-protocol networks, they cannot reach their full potential as a platform for global communication and commerce until organizations can implement an effective platform to manage information risk. Historically, organizations have responded to perceived security threats by implementing passive point tools, such as encryption, firewall, authentication and other technologies designed to protect individual components of their internal networks from unauthorized use or outside attacks. These technologies address some security concerns, but are often ineffective because: - encryption protects information during transmission; however, it does not typically protect information at either the source or the destination; - a firewall, which controls the flow of data between an internal network and outside networks or the Internet, is necessary for rudimentary access control, but must be regularly reconfigured to accommodate new business applications, users and business partners on the network. Thus, firewalls can be left vulnerable to hackers and others seeking to compromise network integrity and fail to protect against improper use by authorized users; - operating system security mechanisms, such as user authentication, passwords and multi-level access rights, can prevent unauthorized access by internal and external users. However, deployment issues such as easily guessed passwords or default accounts left on newly installed devices diminish the effectiveness of these measures. Passive point tools do not address the fundamental issue that the inherent utility of open systems is itself the source of their vulnerability. This conflict between the benefits of open systems and the risks of their unauthorized use or disruption has not been widely recognized or addressed by passive security tools. Many organizations have developed security policies that define the appropriate use of network resources, establish the proper configuration of network services, operating systems and applications and describe the actions to be taken if there is an attack on the network. These security policies attempt to define the organization's acceptable level of risk. Organizations, however, have not had the systems to automatically enforce and implement such policies across their entire IT infrastructure. Without such systems, the dynamic 2 4 nature of enterprise networks causes the organization's actual security practice to diverge from the stated security policy, potentially exposing the organization to additional unanticipated risks. To be effective, passive point tools need to be coordinated through enterprise-wide systems that automatically evaluate and eliminate the vulnerabilities and threats. Direct observation of vulnerabilities and threats can allow an organization to define and automatically enforce an integrated, enterprise-wide information risk management process that can be managed centrally and implemented on a distributed basis. Any security solution must be: - easy to use by both management and the organization's existing IT personnel; - compatible with existing security technologies as well as be flexible enough to incorporate new technologies; and - able to provide a comprehensive and accurate picture of security issues across the organization's entire distributed network such that the managers of the system trust the objectivity of the security system in monitoring, detecting and responding to vulnerabilities and threats. THE ISS SOLUTION Our dynamic, process-driven Adaptive Network Security approach to enterprise-wide information risk management relies on the principles of monitoring, detection and response to the ever-changing vulnerabilities in and threats to the hardware products, operating systems and applications that comprise every network system. We designed our SAFEsuite family of products to enable an organization to centrally define and manage an information risk policy for its existing network system infrastructure, including all Internet protocol-enabled devices. Our solutions provide the ability to visualize, measure and analyze real-time security vulnerabilities and control threats across the entire enterprise computing infrastructure, keeping the organization's IT personnel informed of changing risk conditions and automatically making adjustments as necessary. Through custom policies or by using our "best practice" templates, our customers can minimize security risks without closing off their networks to the benefits of open computing environments and the Internet. Our solutions reach beyond the traditional approaches to network security in the following respects: Adaptive Network Security ANS is a proactive, risk management-based approach to enterprise security that links security practice and security policy through a continuous improvement process. ANS achieves this objective through four critical processes: - continuously monitoring network, system and user activity and configuring devices, systems and applications on the network; - detecting security risks in network traffic and within systems; - responding to security threats to minimize risks; and - analyzing and reporting dynamic risk conditions and response actions and updating security policies. Comprehensive Enterprise Security Solution We combine ANS principles with our extensive knowledge of network, system and application vulnerabilities and threats to provide scalable security solutions. Our SAFEsuite family of products provides a comprehensive network and system security framework. In addition, we sell our products individually as solutions for a particular function. We also offer a broad range of professional services to assist in the development and enforcement of an effective security policy and to facilitate the deployment and use of our software. Our solutions are interoperable with a broad range of platforms and complement the products of leading security and network management vendors. They provide a single point of management and control for an enterprise-wide security policy. In this manner, our SAFEsuite family of products serves as a critical enhancement to traditional passive point tools, such as encryption, firewalls and authentication. We have 3 5 designed our products to be easily installed, configured, managed and updated by a system administrator through an intuitive graphical user interface without interrupting or affecting network operation. The software automatically identifies systems and activities that do not comply with a customer's policies, and provides a critical feedback mechanism for adjusting the security levels of networked systems based upon its findings. Our products generate easy-to-understand reports ranging from executive-level trend analysis to detailed step-by-step instructions for eliminating security risks. The X-Force Because there are few IT professionals specifically trained in network and system security issues, we have assembled a senior research and development team composed of security experts who are dedicated to understanding new vulnerabilities and real-time threats and attacks, and developing solutions to address these security issues. The team is known in the industry as the "X-Force" and represents one of our competitive advantages. Because of the collective knowledge and experience of the members of the X-Force, we believe that they comprise one of the largest and most sophisticated groups of IT security experts currently researching vulnerability and threat science. Organizations such as CERT (Computer Emergency Response Team), the FBI and leading technology companies routinely consult the X-Force on network security issues. Through the X-Force, we maintain a proprietary and comprehensive knowledge base of computer exploits and attack methods, including what we believe is the most extensive publicly-available collection of Windows NT vulnerabilities and threats in existence. To respond to an ever-changing risk profile, the X-Force continually updates this knowledge base with the latest network vulnerability information, which aids in the design of new products and product enhancements. STRATEGY Our objective is to be the leading provider of information risk management systems that, through our ANS approach, proactively protect the integrity and security of enterprise-wide information systems from vulnerabilities, misuse, attacks and other information risks. We focus on developing innovative and automated software solutions to provide customers with a comprehensive framework for protecting their networks and systems by monitoring for vulnerabilities and real-time threats. Our solutions allow customers to enforce "best practice" network and system security policies. Key elements of our strategy include: Continue Our Leadership Position in Security Technology We intend to maintain and enhance our technological leadership in the enterprise security market by hiring additional network and Internet security experts, broadening our proprietary knowledge base, continuing to invest in product development and product enhancements and acquiring innovative companies and technologies that complement our solutions. By remaining independent of other providers of system software, applications and hardware and by solidifying our position as a best-of-breed provider of monitoring, detection and response software, we believe that customers and potential customers will view us as the firm of choice for establishing and maintaining effective security practices and policies. Expand Domestic Sales Channels We intend to increase the distribution and visibility of our products by expanding our regional direct sales program and increasing our market coverage through the establishment of additional indirect channels with key managed service providers, Internet service providers, systems integrators, resellers, OEMs and other channel partners. We believe that a multi-channel sales approach will build customer awareness of the need for our products and enable us to more rapidly build market share across a wide variety of industries. Enhance and Promote Professional Services Capabilities We are establishing long-term relationships with our customers by serving as a "trusted advisor" in addressing network security issues. To continue to fulfill this responsibility to our customers, we are expanding our professional services capabilities. These capabilities will allow us to provide our customers with additional 4 6 security system design, planning, installation, testing and consulting services to assist in developing and maintaining effective information risk management solutions. By providing professional services, we also can heighten customer awareness about network security issues, which creates opportunities for us to sell new products or product enhancements to our existing customers. Expand International Operations We plan to continue to aggressively expand our international operations to address the rapid global adoption of distributed computing environments. Many foreign countries do not have laws recognizing network intrusion or misuse as a crime or the resources to enforce such laws if they do exist. As a consequence, we believe that organizations in such countries will have greater need for effective security solutions. We currently maintain international offices in Australia, Belgium, Brazil, Canada, England, France, Germany, Japan and Mexico and plan to expand in those regions where businesses, governments and other institutional users are using distributed networks and the Internet for their mission-critical needs. Broaden ANS Category Awareness We intend to increase and broaden awareness of the need for ANS and our information risk management solutions. In 1998, we led the formation of the Adaptive Network Security Alliance, or ANSA, as a means to offer Adaptive Network Security to support a wide range of network management and security products. In addition, by increasing our level of public relations, educational events, seminars, advertising, direct marketing and trade show participation, we intend to increase the public's recognition of the risks and dangers associated with the adoption of open computing systems and commerce initiatives, as well as the ability to manage such risks through an effective ANS-based solution. PRODUCT ARCHITECTURE The SAFEsuite family of products delivers our ANS approach to network security through a flexible architecture designed to be integrated with existing security and network system infrastructures. Our SAFEsuite products enhance the effectiveness of passive point tools by monitoring them for threats and vulnerabilities and responding with actions that align customers' security practices and policies. SAFEsuite complements network and security management frameworks by providing information required for informed decisions to minimize security risks while maintaining the desired level of network functionality. Thus, our products provide a risk management-based approach to security with scalable deployment of best-of-breed products and integrated enterprise-wide implementations. The SAFEsuite product architecture includes a policy management interface that lets customers choose among "best practice" templates or policies that establish the acceptable level of risk appropriate for their networks. Our individual products then automatically verify compliance with the chosen policy in terms of actual system configuration and network activity. Graphical reports describe the deviations from the established policy, including the measures required to reduce the risk. This product architecture allows all the SAFEsuite technologies to connect directly into common standards, providing comprehensive security reports for the entire enterprise. To ensure communication confidentiality between individual SAFEsuite components and to prevent their misuse, SAFEsuite uses RSA encryption algorithms, which have become de facto encryption standards. The SAFEsuite Security Knowledge Base, a database containing information about the devices and security risks on a customer's network, utilizes an open database connectivity, or ODBC, interface and allows customers to select their preferred database such as Informix, Microsoft SQL Server, Oracle, Sybase or any ODBC-compliant database for data storage. The various SAFEsuite products consolidate security data, enabling users to quickly determine their risk profiles and respond. In addition, SAFEsuite products provide automated decision support by assessing priorities and providing a graphical representation of important security risk data sets. This feature allows key decision-makers to prioritize their program strategies for effective deployment of resources to minimize security risks. 5 7 Each SAFEsuite product can be deployed as a stand-alone, best-of-breed solution to meet the needs of the local administrator or departmental user. Through support for remote, multi-level management consoles and the SAFEsuite Security Knowledge Base, enterprise-level users can analyze security risk conditions for the entire network. The SAFEsuite Security Knowledge Base allows the customer to address both vulnerabilities and threats, thereby minimizing network security risk and associated costs. SAFEsuite's frequent updates integrate the latest identified security vulnerabilities and threats into the operations of an existing product installation. PRODUCTS The following table lists our current offering of SAFEsuite products, and includes a brief description of each product's functionality and current list prices (dollar amounts are for the indicated scope of use, with prices discounted for larger networks):
INTRODUCTION DESCRIPTION SCOPE U.S. LIST PRICE DATE - ---------------------------------------------------------------------------------------------------------------- NETWORK SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING - ---------------------------------------------------------------------------------------------------------------- Internet Scanner Comprehensive security 50 devices $ 3,495 October 1992 assessment for all 1000 devices 19,945 devices on an enterprise 3000 devices 39,500 network - ---------------------------------------------------------------------------------------------------------------- INTERNAL SYSTEM SECURITY VULNERABILITY DETECTION, ANALYSIS AND REPORTING - ---------------------------------------------------------------------------------------------------------------- System Scanner -- Internal security assessment 50 computers $ 1,950 December 1998 desktop version for desktop operating 400 computers 11,950 systems 1000 computers 25,500 - ---------------------------------------------------------------------------------------------------------------- System Scanner -- Internal security assessment 5 computers $ 3,250 January 1997 server version for server operating systems 30 computers 17,500 100 computers 50,000 - ---------------------------------------------------------------------------------------------------------------- DATABASE SECURITY VULNERABILITY DETECTION, ANALYSIS AND RESPONSE - ---------------------------------------------------------------------------------------------------------------- Database Scanner Comprehensive security 5 servers $ 4,475 December 1998 assessment for SQL 10 servers 8,500 databases 50 servers 41,250 - ---------------------------------------------------------------------------------------------------------------- NETWORK SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE - ---------------------------------------------------------------------------------------------------------------- RealSecure Engine Real-time attack recognition, 1 engine $ 8,995 December 1996 misuse detection and 10 engines 69,900 response for network traffic 25 engines 149,900 - ---------------------------------------------------------------------------------------------------------------- INTERNAL SYSTEM SECURITY THREAT AND MISUSE DETECTION, ANALYSIS AND RESPONSE - ---------------------------------------------------------------------------------------------------------------- RealSecure Agent Real-time attack recognition, 5 computers $ 3,750 December 1998 misuse detection and 25 computers 15,000 response for activities within 100 computers 50,000 systems - ---------------------------------------------------------------------------------------------------------------- ENTERPRISE INFORMATION RISK MANAGEMENT - ---------------------------------------------------------------------------------------------------------------- SAFEsuite Decisions Decision support system Small enterprise $ 25,000 December 1998 for information risk Medium enterprise 100,000 management Large enterprise 250,000 - ----------------------------------------------------------------------------------------------------------------
6 8 Internet Scanner Internet Scanner quickly finds and fixes security holes through automated and comprehensive network security vulnerability detection and analysis. Internet Scanner scans and detects vulnerabilities, prioritizes security risks and generates an array of meaningful reports ranging from executive-level trend analysis to detailed step-by-step instructions for eliminating security risks. Internet Scanner initiates a scan from a workstation placed inside or outside a corporate firewall. These scans measure the actual implementation of an organization's security policies. Scans may be as simple as determining the basic computing services available on the network or as comprehensive as a thorough testing using Internet Scanner's vulnerability database -- the most comprehensive in the industry. Internet Scanner's intranet module methodically examines intranet servers, routers, operating systems and key applications for potential violations in security policy. The firewall module works through the network to find firewalls and provide an accurate assessment of their configuration and degree of protection. Finally, the Web security module locates intranet, extranet and Internet Web servers, checking them for possible misconfigurations and security weaknesses. After completing their scans, the Internet Scanner modules return lists of discovered vulnerabilities and prepare in-depth reports to assist administrators with follow-up and review. System Scanner System Scanner serves as a security assessment system that helps manage security risks through comprehensive detection and analysis of operating system, application and user-controlled security weaknesses. System Scanner identifies potential security risks by comparing security policy with actual host computer configurations. Potential vulnerabilities include missing security patches, dictionary-crackable passwords, inappropriate user privileges, incorrect file system access rights, unsecure service configurations and suspicious log activity that might indicate an intrusion. System Scanner stores scanned operating system configurations, placing an electronic "fingerprint" on individual hosts. Routine reviews of these records help identify damaged or maliciously altered systems before they become a security or performance liability. Furthermore, System Scanner helps restore suspicious or damaged Unix systems, generating automated fix scripts for file ownerships and permissions. System Scanner augments its automated policy compliance testing with a database of over 600 vendor patches and other system enhancements. This powerful built-in knowledge base quickly pinpoints high risk activity, such as password sniffing, remote access programs or unauthorized dial-up modems and remote control software. System Scanner returns a list of discovered vulnerabilities and prepares in-depth reports to assist administrators with follow-up and review. Database Scanner Database Scanner provides security risk assessment for database management systems. Database Scanner allows a user to establish a database security policy, audit a database and present a database's security risks and exposures in easy-to-read reports. Most database security violations occur not because databases have inherently weak security, but rather because systems are not set up correctly and security policies are not established and enforced. Even in a properly configured system, settings can be changed -- either accidentally or maliciously -- leaving sensitive information at risk. Database Scanner develops, implements and maintains appropriate database system security strategies, policies and procedures. It examines database systems for adherence to accepted operational standards for account creation, access control, account suspensions and renewals along with software upgrades, patches and hot fixes. The security risks in internal applications utilizing database management systems can be measured and managed with Database Scanner. The easy to read reports provide detailed graphical analysis with recommended fixes and promote effective communication of security risks across departments and levels of management. RealSecure RealSecure is an integrated network- and host-based intrusion detection and response system. RealSecure's around-the-clock surveillance extends unobtrusively across the enterprise, allowing administrators to automatically monitor network traffic and host logs, detect and respond to suspicious activity and intercept and respond to internal or external host and network abuse before system security is compromised. RealSecure's 7 9 multi-point management architecture allows for rapid enterprise-wide deployment and operation across geographic and organizational boundaries in both Unix and Windows NT environments. RealSecure's innovative Manager-Engine-Agent architecture provides flexible deployments to meet the requirements of diverse corporate networks. RealSecure Engine. The RealSecure Engine runs on dedicated workstations to provide network intrusion detection and response. Each RealSecure Engine monitors the packet traffic on a specific network segment for attack signatures -- telltale evidence that an intrusion attempt is taking place. Recognition occurs in real time and triggers user-definable alarms and responses as soon as the attack is detected. RealSecure utilizes our Digital FingerPrinting technology to recognize a large number of attack patterns on high-speed networks. Additionally, our Adaptive Filtering Algorithm tunes the packet filter rules in response to network load, allowing the engine to effectively function during bursts in network traffic. When a RealSecure Engine detects an attack or misuse, it transmits an alarm to the RealSecure Manager or a third-party network management console for administrative follow-up and review. In addition, RealSecure responds immediately by terminating the connection, sending email or pager alerts, recording the session, reconfiguring select firewalls or taking other user-definable actions. RealSecure Agent. RealSecure Agent is a host-based complement to RealSecure Engine. RealSecure Agent analyzes host logs to recognize attacks, determine whether an attack was successful and provide other forensic information not available in real time. Based on what is discovered, RealSecure Agent reacts to prevent further incursions by terminating user processes and suspending user accounts. It also logs events, sends, alarms and emails and executes user-defined actions. Each RealSecure Agent installs on a workstation or host, thoroughly examining that system's logs for telltale patterns of network misuse and breaches of security. Like RealSecure Engine, RealSecure Agent sends an alarm to the RealSecure Manager or third-party network management console when it detects evidence of improper usage. Based on what it discovers, RealSecure Agent also automatically reconfigures RealSecure Engines and select firewalls to prevent future incursions. SAFEsuite Decisions SAFEsuite Decisions is the initial product in our new SAFEsuite Enterprise family of enterprise security management solutions. SAFEsuite Decisions delivers continuous security improvement across the enterprise from a single application. SAFEsuite Decisions leverages the value of our SAFEsuite products to provide an adaptive enterprise network security system for ongoing, active information risk management. SAFEsuite Decisions integrates critical security data generated by our Internet Scanner, System Scanner, RealSecure and third-party firewalls, into a closed, automated feedback loop. This information is condensed into a comprehensive reporting system, enabling timely, focused and informed decisions for effective information risk management. SAFEsuite Decisions enables managers and administrators to take immediate action to protect online resources. SAFEsuite Decisions facilitates efficient management of enterprise security risk and maximizes the security of large-scale networking and Internet-based commerce. PROFESSIONAL SERVICES We enhance the value of our products by offering professional consulting services to assure customers' success in the use of our products. We have network security professionals ready to assist customers with their particular security policy development and enforcement needs. Our professional services can range from providing network security resources for overburdened IT departments to conducting investigations of serious breaches in security. Our professional services offerings include: - Quick Assist -- Customer assistance for determining a client's risk condition and development of an Adaptive Network Security business case; - JumpStart -- High-value, customized on-the-job training and quick-start implementation programs; - Incident Response & Post-Attack Support -- Data recovery and business resumption planning services, investigation and forensics, litigation and expert witness support; 8 10 - Triage -- High-impact, rapid turnaround network emergency support services including vulnerability assessment and corrective action support; - Security Architecture Design & Engineering -- Adaptive Network Security architecture and design services; - Enterprise Threat & Vulnerability Battle Planning -- Logical, systematic approach for project and budget planning, acquisition and technology strategy and security program development and implementation; and - Network Operations Support -- On-site and remote network monitoring and response, coupled with standard network security operations services. We complement our service offerings with a full range of training and certification programs. Our Certified User courses are available at our education center in Atlanta, Georgia, and at approved training centers around the world. These classes address planning, installation and basic operation of our products in a hands-on, interactive environment. For more advanced needs, our ISS Certified Engineer training courses cover advanced topics specific to each SAFEsuite or SAFEsuite Enterprise product. Our training goes beyond simple "how to" exercises. Upon completion of instructor-led discussions and exercises, students respond to actual, on-the-job scenarios. These simulations allow students to apply their new skills to real-world situations, reinforcing both basic and advanced skills. Our training courses encompass the complete life cycle of our SAFEsuite products, from installation and operations to advanced troubleshooting. PRODUCT PRICING We use a range of fee structures to license our products, depending on the type of product and the intended use. We license our vulnerability detection products, Internet Scanner, System Scanner and Database Scanner, based on the number of devices being scanned. The pricing scheme is scalable, providing low entry points for departmental users without limiting our revenue potential from customers with large networks. Pricing for our threat detection products, RealSecure Engine and RealSecure Agent, is based on the number of engines deployed on the network. Thus, licensing fees for our products are ultimately determined by the size of the customer's network, as size dictates the number of devices to be scanned or the number of engines to be deployed. In addition to license fees, customers virtually always purchase maintenance agreements in conjunction with their initial purchase of a software license, with annual maintenance fees typically equal to 20% of the product's license fee. Maintenance agreements include annually renewable telephone support, product updates, access to our X-Force Security Alerts and error corrections. Our continuing research into new security risks and resulting product updates provide significant ongoing value. As a result, a substantial majority of our customers renew their maintenance agreements. Customers who use our products to provide IT consulting services have license agreements that are based on a revenue sharing model. We have historically sold fully-paid perpetual licenses with a renewable annual maintenance fee and, more recently, have licensed our products on a subscription basis (which includes maintenance) for one or two year periods and are exploring other alternatives for customers desiring longer term arrangements or multi-year commitments. PRODUCT DEVELOPMENT We developed our SAFEsuite products to operate in heterogeneous computing environments. Products are compatible with other vendors' products across a broad range of platforms, including HP-UX, IBM AIX, Linux, SGI IRIX, SunOS, Sun Solaris, Windows 95/98 and Windows NT. We have incorporated a modular design in our products to permit plug-and-play capabilities, although customers often use our professional services or our strategic partners to install and configure products for use in larger or more complex network systems. We employ a two-pronged product development strategy to achieve our goal of providing the most comprehensive security coverage within the monitoring, detection and response market. First, we continue to develop best-of-breed security products to address particular network configurations. Such new products, and 9 11 our existing products like Internet Scanner, System Scanner and RealSecure, are updated approximately every four to six months to add new features, improve functionality and incorporate timely responses to vulnerabilities and threats that have been added to our vulnerability and threat database. These updates are usually provided as part of separate maintenance agreements sold with the product license. Second, to complement our existing products and provide more comprehensive network security coverage, we are expanding our existing SAFEsuite products by developing additional enterprise-level products that incorporate ANS principles. These products will allow customers to protect their networks by continuously measuring and analyzing the status of their network's security, and by monitoring and controlling the security risks in real time across the enterprise network. These SAFEsuite enterprise products are interoperable with our existing products, allowing modular implementation. Expenses for product development were $1.2 million, $3.4 million and $9.3 million in 1996, 1997 and 1998, respectively. All product development activities are conducted at our principal offices in Atlanta, and at our research and development facilities in Mountain View, California and Reading, England, where, as of December 31, 1998, an aggregate of 108 personnel were employed in product development teams. In addition, our personnel include members of the Computer Security Institute, Forum for Incident Response and Security Technicians (FIRST), Georgia Tech Industrial Partners Association, Georgia Tech Information Security Center and the International Computer Security Association (ICSA), enabling us to actively participate in the development of industry standards in the emerging market for network and Internet security systems and products. CUSTOMERS As of December 31, 1998, we had licensed versions of our SAFEsuite family of products to over 3,000 customers. No customer accounted for more than 10% of our consolidated revenues in 1996, 1997 or 1998. Our target customers include both public and private sector organizations that utilize Internet protocol-enabled information systems to facilitate mission-critical processes in their operations. Our customers represent a broad spectrum of organizations within diverse sectors, including financial services, technology, telecommunications, government and information technology services. The following is a list of certain of our customers that have purchased licenses and services from us with an aggregate price of at least $15,000 and which we believe are representative of our overall customer base: FINANCIAL SERVICES IT SERVICES GOVERNMENT Charles Schwab EDS NASA First Union KPMG Peat Marwick Salt River Project KeyCorp Perot Systems U.S. Department of the Merrill Lynch PricewaterhouseCoopers Air Force PNC Bank SAIC U.S. Department of the SITA Army TELECOMMUNICATIONS U.S. Department of America Online TECHNOLOGY Defense Bell Atlantic Hewlett-Packard U.S. State Department BellSouth IBM GTE Internetworking Intel OTHER NETCOM On-Line Lucent Technologies Lockheed Martin Communications Microsoft Merck Nippon Telephone & NCR REI Telegraph Siemens VeriSign Xerox
10 12 SALES AND MARKETING Sales Organization Our sales organization is divided regionally among the Americas, Europe and the Asia/Pacific region. In the Americas, we market our products primarily through our direct sales organization augmented by our indirect channels, including security consultants, resellers, OEMs and systems consulting and integration firms. The direct sales organization for the Americas consists of regionally-based sales representatives and sales engineers and a tele-sales organization located in Atlanta. As of December 31, 1998, we maintained sales offices in the Atlanta, Austin, Boston, Chicago, Cincinnati, Dallas, Denver, Los Angeles, Minneapolis, Monterrey (Mexico), New York, Palo Alto, Philadelphia, Portland, San Francisco, Sao Paulo (Brazil), Seattle, Toronto (Canada) and Washington, D.C. metropolitan areas. A dedicated group of professionals in our Atlanta headquarters covers Latin America. As of December 31, 1998, we employed 92 people in the Americas direct sales and professional services organization. The regionally-based direct sales representatives focus on opportunities where we believe we can realize more than $200,000 in revenues per year. In Europe and the Asia/Pacific region, substantially all of our sales occur through authorized resellers. Internationally, we have established regional sales offices in Brussels, London, Munich, Paris, Reading (England), Stuttgart, Sydney and Tokyo. Personnel in these offices are responsible for market development, including managing our relationships with resellers, assisting them in winning and supporting key customer accounts and acting as a liaison between the end user and our marketing and product development organizations. As of December 31, 1998, 50 employees were located in our European and Asia/Pacific regional offices. We expect to continue to expand our field organization into additional countries in these regions. Security Partners Program We have established a Security Partners Program to train and organize security consulting practices, Internet service providers, systems integrators and resellers to match our products with their own complementary products and services. By reselling SAFEsuite products, Security Partners provide additional value for specific market and industry segments, while maintaining our ongoing commitment to quality software and guaranteed customer satisfaction. We have established three different levels of partnership opportunities: - Premier Partners. Premier Partners are value-added resellers and systems integrators with focused security practices. Many Premier Partners are experienced in the sales and implementation of leading firewall technology, as well as authentication and encryption technologies. These partners leverage their expertise with our vulnerability assessment and intrusion detection products. Premier Partners receive direct distribution of our products, sales training, financial incentives, access to our Web site for placing orders and partner-only communications, including a link to the ISS Partner Web site. - Authorized Partners. Authorized Partners generally consist of organizations that provide security-focused consulting services, but elect not to commit to the minimum annual purchase commitments and entry fees applicable to Premier Partners. Authorized Partners may purchase products directly from us and may access our Web site to place orders and receive partner-only communications. - Registered Partners. Unlike Premier Partners and Authorized Partners, Registered Partners are not required to maintain an ISS Certified Engineer on their staffs. Registered Partners receive partner-only communications and may purchase products directly from us, including through our online Web order system. Adaptive Network Security Alliance In 1998, we formed the Adaptive Network Security Alliance, or ANSA, as a means to offer Adaptive Network Security to support a wide range of network management and security products. ANSA currently has 53 members, including leading security software vendors. ANSA delivers the flexibility of best-of-breed products, enhanced enterprise security, accelerated implementation of enterprise management and security solutions and additional value for existing products and services. ANSA provides Adaptive Network Security 11 13 modules for firewalls, virtual private networks (VPNs), antivirus/malicious code software, public key infrastructure (PKI) and enterprise systems management products. Through ANSA, we, together with our technology partners, deliver self-correcting security and management systems that provide maximum value for organizations with limited IT security resources. ANSA provides functionality in the following four key areas: - Active Response. Security breaches require rapid response to identify and stop threats before they place critical online assets at risk. Through ANSA, firewalls, routers, switches, virtual private networks and other technologies are reconfigured automatically and in real time to break off the attack and prevent future penetrations. - Lock Down. Improper configurations can make any technology vulnerable to attack and misuse. We work with ANSA partners to develop customized templates that enable the secure configuration of network devices. With this "lock down" functionality, customers can be assured that the ANSA partner's product will function as designed and will be securely configured. - Decision Support. Effective security decision-making and planning requires timely analysis of enormous amounts of data across disparate systems and network devices. ANSA enables fast and informed enterprise-wide security decisions by collecting, integrating and analyzing data from security and network infrastructure products of ANSA partners. Resulting high value information is routed to network and systems management consoles for immediate action. - Adaptive Network Security Management. ANSA integrates Adaptive Network Security management with enterprise system management platforms. This integration simplifies the enforcement and implementation of security policies across the enterprise leveraging existing IT resources. ANSA is an open initiative and membership is offered free of charge to vendors providing security, and enterprise and network infrastructure products and services with a commitment to interoperability. Marketing Programs We conduct a number of marketing programs to support the sale and distribution of our products. These programs are designed to inform existing and potential end-user customers, OEMs and resellers about the capabilities and benefits of our products. Marketing activities include: - press relations and education; - publication of technical and educational articles in industry journals and our on-line magazine, ISS Alert; - participation in industry tradeshows; - product/technology conferences and seminars; - competitive analysis; - sales training; - advertising and development and distribution of marketing literature; and - maintenance of our Web site. A key element of our marketing strategy is to establish our products and our ANS model as the leading approach for enterprise-wide security management. We have implemented a multi-faceted program to leverage the use of our SAFEsuite product family and increase its acceptance through relationships with various channel partners: - Strategic Resellers. Although we have numerous resellers, certain of these relationships have generated significant leverage for us in targeted markets. Our strategic resellers, which include EDS, IBM, Lucent, Siemens and Softbank, provide broad awareness of our brand through enhanced 12 14 marketing activity, access to large sales forces, competitive control points and access to larger strategic customer opportunities. - Consultants. The use of our products by security consultants not only generates revenue from the license sold to the consultant, but also provides us with leads to potential end users with a concern for network security. Consultants who have generated substantial leads for our sales organization include Andersen Consulting, Arthur Andersen, Deloitte Touche Tohmatsu International, Ernst & Young, IBM, KPMG Peat Marwick, PricewaterhouseCoopers and SAIC Global Integrity. - Managed Service Providers and Internet Service Providers. We license our products to certain managed service providers and Internet service providers to be used as part of their value-added services for their customers, With our products, Internet service providers can offer their users perimeter vulnerability scanning and assessment, and intrusion detection for Web services and applications that typically reside outside the firewalled perimeter. We license our products to GTE, Intermedia Communications (Digex), IRE, MCI Worldcom and PSINet and other Internet service providers for these purposes and receive a percentage of the value-added revenue stream. - OEMs. A number of vendors of security products, including Check Point, Entrust, Lucent, NCR, Nortel and ODS Networks, have signed OEM agreements with us. These agreements enable OEMs to incorporate our products into their own product offerings to enhance their security features and functionality. We receive royalties from OEM vendors and increased acceptance of our products under these arrangements, which, in turn, promotes sales of our other products to the OEM's customers. We typically enter into written agreements with our strategic resellers, consultants, managed service providers, Internet service providers and OEMs. These agreements generally do not provide for firm dollar commitments from the strategic parties, but are intended to establish the basis upon which the parties will work together to achieve mutually beneficial objectives. ADVISORY BOARD We established an Advisory Board in February 1998 to further our sales and recruiting efforts. Members of the Advisory Board currently consist of the following: Sam Nunn. Mr. Nunn has been a partner in the Atlanta law firm of King & Spalding since January 1997. Previously, he served in the United States Senate for four terms starting in 1972. Mr. Nunn is a director of The Coca-Cola Company, General Electric Company, National Service Industries, Scientific-Atlanta, Texaco and Total System Services. He also serves as Chairman of the Board of the Center for Strategic and International Studies (CSIS), a Washington, D.C. think tank. John P. Imlay, Jr. Mr. Imlay is Chairman of Imlay Investments, and serves on the board of directors of the Atlanta Falcons, Gartner Group, Metromedia International Group, and several other organizations. He was Chairman of Dun & Bradstreet Software Services from March 1990 until November 1996. Prior to that, Mr. Imlay served as Chairman and Chief Executive Officer of Management Science America, a company that was acquired by Dun & Bradstreet Software Services. The Advisory Board members advise us on long-term strategic growth, including strategies for selling to key industries, recruitment of board members and other key personnel, and trends in national and international policy influencing our products and services. We also anticipate that Advisory Board members will provide high visibility for us at industry events and will play key roles in leading customer user groups to support our growth and industry prominence. Members of the Advisory Board meet individually or as a group with our management from time to time and are compensated through issuances of common stock or options to acquire common stock. CUSTOMER SERVICE AND SUPPORT We provide ongoing product support services under license agreements. Maintenance contracts are typically sold to customers for a one-year term at the time of the initial product license and may be renewed 13 15 for additional periods. Under our maintenance agreements with our customers, we provide, without additional charge, telephone support, documentation and software updates and error corrections. Customers that do not renew their maintenance agreements but wish to obtain product updates and new version releases are generally required to purchase such items from us at market prices. In general, major new product releases come out annually, minor updates come out every four to six months and new vulnerability and threat checks come out every two to four weeks. Customers with current maintenance agreements may download product updates from our Web site. We believe that providing a high level of customer service and technical support is necessary to achieve rapid product implementation which, in turn, is essential to customer satisfaction and continued license sales and revenue growth. Accordingly, we are committed to continued recruiting and maintenance of a high-quality technical support team. We provide telephone support to customers who purchase maintenance agreements along with their product license. A team of dedicated engineers trained to answer questions on the installation and usage of the SAFEsuite products provides telephone support from 8:00 a.m. to 6:00 p.m., Eastern time, Monday through Friday, from our corporate office in Atlanta. We provide telephone support 24 hours a day, seven days a week through a call-back procedure to certain customers who pay an additional fee for the service. In the United States and internationally, our resellers provide telephone support to their customers with technical assistance from us. COMPETITION The market for network security monitoring, detection and response solutions is intensely competitive, and we expect competition to increase in the future. We believe that the principal competitive factors affecting the market for network security products include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. Although we believe that our solutions generally compete favorably with respect to such factors, there can be no assurance that we can maintain our competitive position against current and potential competitors, especially those with significantly greater financial, marketing, service, support, technical and other competitive resources. Our chief competitors generally fall within one of four categories: - internal IT departments of our customers and the consulting firms that assist them in formulating security systems; - relatively smaller software companies offering relatively limited applications for network and Internet security; - large companies, including Axent Technologies, Cisco Systems and Network Associates, that sell competitive products, as well as other large software companies that have the technical capability and resources to develop competitive products; and - software or hardware companies that could integrate features that are similar to our products into their own products. Due to a lack of appreciation of the complexity involved in the development of automated systems to establish and maintain comprehensive and effective security within a distributed computing environment, potential customers often rely on their IT departments to internally formulate security systems or retain consultants to undertake such a project. However, because experts in security issues are in extremely short supply, such in-house solutions typically fail to provide a comprehensive and sophisticated approach to security, are not designed to adapt to changing security risks and are extremely expensive to develop. As IT departments learn of our products and their relative cost, we believe that these departments will be less inclined to independently develop systems with functionalities similar to our products. In addition, a number of smaller companies currently market or have under development software applications to provide network and Internet security. We believe that, to date, none of these companies offers products that are as robust in features or as comprehensive in scope as the SAFEsuite family of products. Although it is likely that the product development efforts of these companies will eventually enable them to 14 16 offer a line of products to compete with our current product line, we intend to continue to dedicate significant resources for product development and recruiting in order to expand our product capabilities ahead of these competitors. Notwithstanding, we expect additional competition from these established competitors and from other emerging companies. Mergers or consolidations among our competitors, or acquisitions of small competitors by larger companies, would make such combined entities more formidable competitors to us. In the last 18 months, both Cisco Systems and Network Associates have acquired privately-held companies with products competitive to ours. Although we believe that Cisco Systems and Network Associates will continue to integrate these security products with their other product offerings, we believe that our products will compete favorably based on our product and platform functionality and Adaptive Network Security approach. Notwithstanding, large companies may have advantages over us because of their longer operating histories, greater name recognition, larger customer bases or greater financial, technical and marketing resources. We believe that the entry of larger, more established companies into our market will require them to undertake operations that are currently not within their core areas of expertise, thus exposing them to significant uncertainties in the product development process. In addition, if larger companies were to enter our market, they could have a greater ability to adapt more quickly to new or emerging technologies and changes in customer requirements. They also could devote greater resources to the promotion and sale of their products than we can. In addition, these companies have reduced, and could continue to reduce, the price of their security monitoring, detection and response products, which increases pricing pressures within our market. In addition, large companies with broad product offerings, such as Network Associates, have bundled their security products with their other products, and we expect them to continue to do so in the future, which makes it more difficult for us to compete with them. These companies may develop security monitoring, detection and response products that are better than our current or future products and this may render our products obsolete. Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these companies sell products which perform the same functions as some of our products. In addition, vendors of operating system software or networking hardware may enhance their products to include the same kinds of functions that our products currently provide. The widespread inclusion in operating system software or networking hardware of features comparable to our software could render our products obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our software, a significant number of customers may accept more limited functionality to avoid purchasing additional software. For the above reasons, we may not be able to compete successfully against our current and future competitors. Increased competition may result in price reductions, reduced gross margins and loss of market share, any one of which could materially and adversely affect our business, operating results and financial condition. PROPRIETARY RIGHTS AND TRADEMARK ISSUES We rely primarily on a combination of copyright and trademark laws, trade secrets, confidentiality procedures and contractual provisions to protect our proprietary rights. Furthermore, we believe that factors such as the technological and creative skills of our personnel, new product developments, frequent product enhancements, name recognition and reliable product maintenance are essential to establishing and maintaining a technology leadership position. We seek to protect our software, documentation and other written materials under the trade secret and copyright laws, which afford only limited protection. We also have submitted two United States patent applications. There can be no assurance that any patents will issue from these applications or, if issued, that any such patent would provide meaningful competitive advantages to us. We generally license our SAFEsuite products to end users in object code (machine-readable) format. Certain customers have required us to maintain a source-code escrow account with a third-party software escrow agent, and a failure by us to perform our obligations under any of the related license and maintenance agreements, or our insolvency, could conceivably cause the release of our product source code to such customers. The standard form agreement allows the end user to use our SAFEsuite products solely on the end 15 17 user's computer equipment for the end user's internal purposes, and the end user is generally prohibited from sublicensing or transferring the products. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult, and while we are unable to determine the extent to which piracy of our software products exists, software piracy can be expected to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States. There can be no assurance that our competitors will not independently develop similar technologies. We are not aware that any of our products infringes the proprietary rights of others, but it is possible that our current or future products may infringe proprietary rights of others. In fact, in July 1998, Network Associates, which is one of our competitors, filed a lawsuit against us alleging that our RealSecure product violates a patent claim for intrusion detection technology held by Network Associates. Although we believe that the lawsuit is without merit and are vigorously defending against Network Associates' claims, should Network Associates prevail in the suit, it could result in us having to pay significant damages and cease the licensing of our RealSecure product. Such a result would materially and adversely affect our business, operating results and financial condition. It is conceivable that other third parties, in addition to Network Associates, could claim infringement by us with respect to our current or future products. We expect that software product developers will increasingly be subject to infringement claims as the number of products and competitors in our industry segment grows and the functionality of products in different industry segments overlaps. Any such claims, with or without merit, could be time consuming, result in costly litigation, cause product shipment delays or require us to enter into royalty or licensing agreements. Such royalty or licensing agreements, if required, may not be available on terms acceptable to us or at all, which could have a material adverse effect upon our business, operating results and financial condition. The name "Internet Security Systems" is not currently subject to trademark registration in the United States, and may not be a name for which a trademark is registrable due to its general use in a variety of security-related applications. Although we have in the past asserted and intend to continue to assert our rights with respect to the name "Internet Security Systems" and we have taken and will take action against any use of such name in a manner that may create confusion with our products in relevant markets, there can be no assurance that we will be successful in such efforts, which could have a material adverse effect upon our business, operating results and financial condition. EMPLOYEES As of December 31, 1998, we had 328 employees, of whom 108 were engaged in product research and development, 103 were engaged in sales, 16 were engaged in customer service and support, 46 were engaged in professional services, 35 were engaged in marketing and business development and 20 were engaged in administrative functions. We believe that we have good relations with our employees. ITEM 2. PROPERTIES Our Atlanta headquarters and research and development facilities consist of approximately 72,000 square feet of office space occupied pursuant to a lease and a sublease expiring in June 2002, which provide for minimum annual lease obligations of approximately $1,240,000. We also lease office space in Mountain View, California, New York City, Washington, D.C., Brussels, London, Paris, Reading (England), Stuttgart and Tokyo, as well as small executive suites in several United States cities. We believe that our existing facilities are adequate for our current needs and that additional space will be available as needed. ITEM 3. LEGAL PROCEEDINGS On June 25, 1998, Network Associates filed a lawsuit against us in the U. S. District Court for the Northern District of California (the "Court") which alleges that our RealSecure product infringes a patent 16 18 claim for intrusion detection technology held by Network Associates. Network Associates claims that this alleged infringement is deliberate and willful and is seeking treble damages in an unspecified amount and attorneys' fees, in addition to an injunction prohibiting the alleged infringement. The Court conditionally dismissed the original complaint based on the parties' representation to the Court that they would attempt to reach a settlement. However, on January 13, 1999, Network Associates notified the Court that no settlement had been reached and requested that the Court place the case on the Court's calendar. On January 25, 1999, we filed our answer to the complaint with the Court. In our answer, we asserted several affirmative defenses and made counterclaims against Network Associates for unfair competition and antitrust violations under federal and state laws. We believe that Network Associates' lawsuit is without merit and we will continue to vigorously defend against it. However, should Network Associates prevail in the suit, it could materially and adversely affect our business, operating results and financial condition. Except as noted above, we are not a party to any material legal proceedings. ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS No matter was submitted to a vote of our shareholders during the fourth quarter of 1998. 17 19 PART II ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS The Common Stock has been quoted on the Nasdaq National Market under the symbol "ISSX" since our initial public offering on March 24, 1998. Prior to the initial public offering, there had been no public market for the Common Stock. The following table lists the high and low per share sales prices for the Common Stock as reported by the Nasdaq National Market for the periods indicated:
1998: HIGH LOW ----- ------ ------ First Quarter (from March 24, 1998)......................... $41.50 $37.00 Second Quarter.............................................. 56.63 31.63 Third Quarter............................................... 50.50 25.38 Fourth Quarter.............................................. 60.63 17.00
As of February 5, 1999, there were 17,356,487 shares of the Common Stock outstanding held by 237 stockholders of record. We have not declared or paid cash dividends on our capital stock during the last two years. The Company currently intends to retain any earnings for use in its business and does not anticipate paying any cash dividends in the foreseeable future. Future dividends, if any, will be determined by the Company's Board of Directors. During 1997 and 1998, the Company issued an aggregate 144,750 shares of its Common Stock to employees and a director pursuant to exercises of stock options (with exercise prices ranging from $0.15 to $7.00 per share) principally under the Company's Restated 1995 Stock Incentive Plan which were deemed exempt from registration under Section 5 of the Securities Act of 1933 in reliance upon Rule 701 thereunder. The recipients of securities in each such transaction represented their intentions to acquire the securities for investment only and not with a view to, or for sale in connection with, any distribution thereof and appropriate legends were affixed to the share certificates issued in each such transaction. In addition to the issuance of stock pursuant to stock options, the Company issued (i) 119,994 shares of its Common Stock as partial consideration for all the issued and outstanding capital stock of March Information Systems Limited on October 6, 1998, and (ii) 38,000 shares of its Common Stock in exchange for substantially all the assets of DbSecure, Inc. on October 28, 1998. 18 20 ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA The financial data set forth below for each of the three years in the period ended December 31, 1998, and as of December 31, 1997 and 1998, has been derived from the audited consolidated financial statements appearing elsewhere in this Annual Report on Form 10-K. The financial data for the periods from inception (April 19, 1994) through December 31, 1994, for the year ended December 31, 1995, and as of December 31, 1994, 1995 and 1996, has been derived from audited financial statements not included herein.
APRIL 19, 1994 (INCEPTION) THROUGH DECEMBER 31, YEAR ENDED DECEMBER 31, --------------- ------------------------------------------- 1994 1995 1996 1997 1998 --------------- ------- ------- ------- ------- (IN THOUSANDS, EXCEPT PER SHARE DATA) CONSOLIDATED STATEMENT OF OPERATIONS DATA: Revenues: Perpetual licenses................................. $ 38 $ 246 $ 4,233 $10,936 $25,936 Subscriptions...................................... -- -- 219 2,465 7,406 Professional services.............................. -- 11 10 66 2,587 ------ ------- ------- ------- ------- 38 257 4,462 13,467 35,929 Costs and expenses: Cost of revenues................................... -- 4 18 676 4,831 Research and development........................... 5 97 1,225 3,434 9,321 Charges for in-process research and development.... -- -- -- -- 802 Sales and marketing................................ 11 252 3,768 11,731 22,762 General and administrative......................... 2 44 656 1,773 4,389 Amortization....................................... -- -- -- -- 230 ------ ------- ------- ------- ------- 18 397 5,667 17,614 42,335 ------ ------- ------- ------- ------- Operating income (loss).............................. 20 (140) (1,205) (4,147) (6,406) Interest income, net................................. -- -- 74 228 2,366 ------ ------- ------- ------- ------- Income (loss) before income taxes.................... 20 (140) (1,131) (3,919) (4,040) Provision for income taxes........................... -- -- -- -- 62 ------ ------- ------- ------- ------- Net income (loss).................................... $ 20 $ (140) $(1,131) $(3,919) $(4,102) ------ ------- ------- ------- ------- Basic and diluted net loss per share(1).............. $ -- $ (0.03) $ (0.14) $ (0.50) $ (0.28) ====== ======= ======= ======= ======= Weighted average shares used in basic and diluted net loss per share calculation(2)...................... 4,586 5,001 7,916 7,907 14,883 ====== ======= ======= ======= ======= Unaudited pro forma net loss per share(1)............ $ (0.29) $ (0.25) ======= ======= Unaudited weighted average shares used in unaudited pro forma net loss per share calculation(2)........ 13,644 16,189 ======= =======
DECEMBER 31, --------------------------------------------------------------- 1994 1995 1996 1997 1998 ---- ------- ------- ------- ------- (IN THOUSANDS) CONSOLIDATED BALANCE SHEET DATA: Cash and cash equivalents............................ $ 9 $ 6 $ 2,007 $ 3,929 $52,632 Working capital (working capital deficit)............ 10 (26) 2,298 2,272 54,389 Total assets......................................... 10 176 4,380 9,866 78,021 Long-term debt, net of current portion............... -- -- 140 70 -- Redeemable, convertible preferred stock.............. -- -- 3,614 8,878 -- Stockholders' equity (deficit)....................... 10 (7) (1,160) (5,058) 66,315
- --------------- (1) Computed on the basis described in Note 1 of Notes to Consolidated Financial Statements. (2) See Note 1 of Notes to Consolidated Financial Statements for the determination of shares used in computing basic and diluted net income per share. 19 21 ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS This discussion contains forward-looking statements that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of certain factors, including, but not limited to, those set forth under the "Risk Factors" heading below. OVERVIEW We are the leading provider of network security monitoring, detection and response software that protects the security and integrity of enterprise information systems according to market share reports by Aberdeen Group, Gartner Group and The Yankee Group. Our SAFEsuite family of products protects distributed computing environments, such as internal corporate networks, inter-company networks and the Internet, from attacks, misuse and security policy violations. Our business is focused on maintaining the latest security threat and vulnerability checks within our existing products, creating new products and providing technical and professional services that are consistent with our goal of providing enterprise solutions to address network security. We generate a substantial portion of our revenues from our SAFEsuite family of products in the form of perpetual licenses and subscriptions. We recognize perpetual license revenues upon delivery of software or, if the customer has evaluation software, delivery of the software key and issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than 12 months, revenue is recognized as such amounts are billable. Annual renewable maintenance is a separate component of each perpetual license agreement with revenue recognized ratably over the maintenance term. Subscription revenues include maintenance and term licenses. Term licenses allow customers to use the product and receive maintenance coverage for a specified period, generally 12 months. We recognize revenues from each subscription agreement ratably over the subscription term. In 1998, training and implementation services represented an increasing portion of our revenues. These professional services, which typically are billed on a time-and-materials basis, assist in the successful deployment of our products within customer networks, the development of customers' security policies and the assessment of security policy decisions. We recognize professional services revenues as such services are performed. We believe that each of our current products and products in development, together with maintenance and professional services, will represent important sources of revenue in the future. Generally, we base our prices on the number of devices or engines being managed by the customer, scaled to provide discounts for either larger systems or the simultaneous license of several SAFEsuite products. We offer annual maintenance for a separate fee. Our customers virtually always purchase maintenance when they initially license a product. Maintenance fees generally equal 20% of the perpetual license fee. Maintenance packages typically include telephone support, product updates, access to our security advisory notices and error corrections. We recommend that our customers renew their maintenance contracts and, to date, most customers have done so. Because of the dynamic nature of vulnerabilities and threats to computer networks, we expect that a substantial majority of our customers will continue to renew their maintenance contracts. We sell our products and services primarily through our direct sales force and telephone sales operations, and we also sell through indirect sales channels, including resellers, security consultants, Internet service providers, and other providers of network management services. We generate less revenue per license from indirect channels than direct sales, as we typically sell our products to channel partners at a 25% to 50% discount from list price. In addition, we have entered into several contracts with original equipment manufacturers, or OEMs, in 1998 that contemplate the incorporation of our products into their product offerings. We expect this OEM channel to be an additional important source of revenue for us in the future. We expense research and development costs as incurred. Although we have not capitalized any internal development costs under Statement of Financial Accounting Standards No. 86, we have capitalized core and developed technology assets in connection with two acquisitions that we completed in 1998. The primary assets acquired in these acquisitions were security assessment technologies for Windows NT, Unix and 20 22 databases. While we expect the expansion of our product offerings to originate primarily from internal development, our strategy includes acquiring products and technologies that fit within our product strategy and that potentially accelerate the timing of the commercial introduction of such products and technologies as integrated components of our enterprise network security solutions. Our business has grown rapidly in the last three years, with total revenues increasing from $4.5 million in 1996 to $35.9 million in 1998. However, we have experienced net losses in each of these years and, as of December 31, 1998, had an accumulated deficit of $9.3 million. These losses resulted from significant costs incurred in the development and sale of our products and professional services. During this period, we went from seven employees at January 1, 1996 to 328 employees at December 31, 1998. We expect to expand our domestic and international sales and marketing operations, increase investment in product development and our proprietary threat and vulnerability database, seek acquisition candidates that will enhance our products and market share, and improve our internal operating and financial infrastructure in support of our strategic goals and objectives. All of these initiatives will increase operating expenses. As a result, while operating losses have narrowed over the course of 1998, we cannot be certain that we will become profitable in the future. Even if we become profitable in the future, we cannot be certain that we can sustain such profitability. Due to our fast growth over the past several years in an emerging market, period-to-period comparisons of our operating results are not meaningful. Although we recently have experienced significant revenue growth, we cannot assume that we can sustain such growth and, therefore, investors should not rely on our past growth as a predictor of future performance. Rather, our prospects must be considered in light of the risks and difficulties frequently encountered by companies in new and rapidly evolving markets. There can be no assurance that we will be successful in addressing such risks and difficulties. RESULTS OF OPERATIONS The following table sets forth our consolidated historical operating information, as a percentage of total revenues, for the periods indicated.
YEAR ENDED DECEMBER 31, ------------------------- CONSOLIDATED STATEMENT OF OPERATIONS DATA: 1996 1997 1998 - ------------------------------------------ ----- ----- ----- Revenues: Perpetual licenses........................................ 94.9% 81.2% 72.2% Subscriptions............................................. 4.9 18.3 20.6 Professional services..................................... 0.2 0.5 7.2 ----- ----- ----- 100.0 100.0 100.0 Costs and expenses: Cost of revenues.......................................... 0.4 5.0 13.5 Research and development.................................. 27.5 25.5 25.9 Charges for in-process research and development........... -- -- 2.2 Sales and marketing....................................... 84.4 87.1 63.4 General and administrative................................ 14.7 13.2 12.2 Amortization.............................................. -- -- 0.6 ----- ----- ----- 127.0 130.8 117.8 ----- ----- ----- Operating loss.............................................. (27.0)% (30.8)% (17.8)% ===== ===== =====
REVENUES Our revenues increased from $4.5 million in 1996, to $13.5 million in 1997 and to $35.9 million in 1998. Revenues from perpetual licenses increased during these periods from $4.2 million in 1996, to $10.9 million in 1997 and to $25.9 million in 1998. Historically, we have generated most of our revenues from perpetual licenses, but perpetual license revenues have decreased as a percentage of total revenues from 95% in 1996, to 81% in 1997 and to 72% in 1998. Subscription revenues have increased substantially during these periods, from $219,000 in 1996, to $2.5 million in 1997 and to $7.4 million in 1998, representing 5%, 18% and 21%, 21 23 respectively, of total revenues. We continue to diversify our mix of sales within the SAFEsuite family of products, especially due to the significant increases in the sale of licenses for RealSecure, our intrusion detection product. As a result, sales of licenses for our initial product, Internet Scanner, continued to grow in absolute dollars but decreased as a percentage of license revenues from 93% in 1996, to 57% in 1998, and to less than 45% of license revenues in the fourth quarter of 1998. With the continued introduction of new product offerings, both from internal development and acquisitions consummated in 1998, we expect this trend to continue. A key initiative in 1998 was to address the demand from customers for implementation, training and consulting services. As a result, professional services revenues increased from less than 1% of revenues in each of 1996 and 1997 to 7% of total revenues in 1998. Professional services revenues increased principally in the latter half of 1998 and comprised 12% of our total revenues in the fourth quarter of 1998. On a geographic basis, we derived the majority of our revenues from sales to customers within North America. However, international operations continue to contribute significantly to revenues. Sales to customers outside of North America represented 19% of our total revenues in 1998 compared with 21% in 1997 and 4% in 1996. No customer represented more than 10% of total revenues in any of these periods. COSTS AND EXPENSES Cost of Revenues Cost of revenues includes packaging and distribution costs for our software licenses. Since we use the Internet to distribute product updates and keys necessary to activate a customer's software, this is a minor cost. Cost of revenues also includes costs associated with a technical support group that provides assistance to maintenance customers. Finally, the category includes the costs we incur to provide professional services to customers. During the first half of 1998, we built up our professional services management team who then developed a billable consulting staff over the balance of the year. The growth in professional services has caused gross margin, represented by total revenues less cost of revenues expressed as a percentage of total revenues, to trend downward from 99% and 95% in 1996 and 1997, respectively, to 87% in 1998. We expect gross margin to settle at a few percentage points below the 1998 level. Research and Development Research and development expenses consist of salary and related costs of research and development personnel, including costs for employee benefits and depreciation of related computer equipment. Research and development expenses include costs associated with maintaining the "X-Force", a team composed of security experts dedicated to understanding new vulnerabilities and real-time threats and attacks and developing solutions to address these security issues. We continue to increase research and development expenditures because we regard primary research and product development as a requirement for retaining our leadership position in the market. We also increased the number of our development personnel as we expanded our suite of products, upgraded our existing products with enhanced functionality and began development efforts in connection with OEM arrangements that were executed in the last half of 1998 but for which no revenues have yet been generated. Accordingly, research and development expenses increased in absolute dollars from $1.2 million in 1996, to $3.4 million in 1997 and to $9.3 million in 1998. These costs remained at a relatively constant percentage of revenues, although we anticipate that this percentage will trend downward in future periods. We have reflected a charge of $802,000 in our 1998 statement of operations for identified in-process research and development in connection with our October 1998 acquisitions of two companies engaged in Windows NT, Unix and database security assessment technologies. The charge was based on a valuation of products under development using estimated future cash flows, reduced for the core technology component of such products and the percentage of product development remaining at the time of the acquisition. 22 24 Sales and Marketing Sales and marketing expenses consist of salaries, travel expenses, commissions, advertising, maintenance of our Web site, trade show expenses, costs of recruiting sales and marketing personnel and costs of marketing materials. Sales and marketing expenses were $3.8 million in 1996, $11.7 million in 1997 and $22.8 million in 1998. Sales and marketing expenses increased during these periods primarily from a significant increase in the number of regional United States sales locations and personnel, increased commissions commensurate with increased direct sales revenues and expanded international operations in Europe and the Asia/Pacific region. Sales and marketing expenses were 84% and 87% of our total revenues in 1996 and 1997, respectively, but decreased to 63% of revenues in 1998. This decrease occurred because we had employed a larger proportion of our sales force for a sufficient period of time to enable them to achieve greater levels of productivity. If we are able to maintain low rates of attrition within our sales force, we expect this trend to continue. General and Administrative General and administrative expenses of $656,000 in 1996, $1.8 million in 1997 and $4.4 million in 1998, represented approximately 15%, 13% and 12%, respectively, of our total revenues. General and administrative expenses consist of personnel-related costs for executive, administrative, finance and human resources, information systems and other support services and legal, accounting and other professional services fees. During 1998, we upgraded our internal financial reporting and information systems, and we expect to continue to expend resources to enhance our management's ability to obtain and analyze information about our domestic and international operations. In addition, we incurred approximately $720,000 of amortization of deferred compensation in 1998, the majority of which is recorded in the general and administrative category. This charge is related to the valuation of stock options to employees and directors granted around the time of our initial public offering of our common stock in March 1998. Income Taxes No provision for federal or state income taxes has been recorded because we have experienced cumulative net losses since inception. We recorded a minor amount of income tax expense in 1998 related to our European operations. At December 31, 1998, we had net operating loss carryforwards of approximately $13.6 million for federal tax purposes which will expire, if not utilized, in 2011 through 2018. These carryforwards include $7.7 million related to exercises of stock options for which the income tax benefit, if realized, would increase additional paid-in-capital. We also had approximately $800,000 of net operating loss carryforwards related to certain foreign operations which will expire, if not utilized, in 2002 and 2003. We have not recognized any benefit from the future use of loss carryforwards for these periods or any other periods since inception because management's evaluation of all the available evidence in assessing realizability of the tax benefits of such loss carryforwards indicates that the underlying assumptions of future profitable operations contain risks that do not provide sufficient assurance to recognize such benefits currently. 23 25 QUARTERLY RESULTS OF OPERATIONS The following tables set forth certain unaudited consolidated quarterly statement of operations data for the eight quarters ended December 31, 1998, as well as such data expressed as a percentage of our total revenues for the periods indicated. This data has been derived from unaudited consolidated financial statements that, in our opinion, include all adjustments (consisting only of normal recurring adjustments) necessary for a fair presentation of such information when read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. The operating results for any quarter are not necessarily indicative of results for any future period.
QUARTER ENDED --------------------------------------------------------------------------------------- MAR. 31, JUNE 30, SEPT. 30, DEC. 31, MAR. 31, JUNE 30, SEPT. 30, DEC. 31, 1997 1997 1997 1997 1998 1998 1998 1998 -------- -------- --------- -------- -------- -------- --------- -------- (IN THOUSANDS) CONSOLIDATED STATEMENT OF OPERATIONS DATA: Revenues: Perpetual licenses............ $1,872 $2,150 $ 2,767 $ 4,147 $ 4,875 $ 5,559 $ 6,596 $ 8,906 Subscriptions................. 349 513 691 912 1,169 1,487 2,152 2,598 Professional services......... 4 8 15 39 29 285 682 1,591 ------ ------ ------- -------- ------- ------- -------- ------- 2,225 2,671 3,473 5,098 6,073 7,331 9,430 13,095 Costs and expenses: Cost of revenues.............. 87 137 176 276 513 892 1,559 1,867 Research and development...... 493 569 895 1,477 1,636 1,832 2,541 3,312 Charge for in-process research and development............. -- -- -- -- -- -- -- 802 Sales and marketing........... 1,754 2,342 3,051 4,584 4,648 5,431 5,632 7,051 General and administrative.... 320 301 443 709 981 1,100 1,046 1,262 Amortization.................. -- -- -- -- -- -- -- 230 ------ ------ ------- -------- ------- ------- -------- ------- 2,654 3,349 4,565 7,046 7,778 9,255 10,778 14,524 ------ ------ ------- -------- ------- ------- -------- ------- Operating loss.................. (429) (678) (1,092) (1,948) (1,705) (1,924) (1,348) (1,429) Interest income, net............ 35 68 66 59 66 841 765 694 ------ ------ ------- -------- ------- ------- -------- ------- Loss before income taxes...... (394) (610) (1,026) (1,889) (1,639) (1,083) (583) (735) Provision for income taxes.... -- -- -- -- -- -- -- 62 ------ ------ ------- -------- ------- ------- -------- ------- Net loss........................ $ (394) $ (610) $(1,026) $(1,889) $(1,639) $(1,083) $ (583) $ (797) ====== ====== ======= ======== ======= ======= ======== ======= AS A PERCENTAGE OF TOTAL REVENUES: Revenues: Perpetual licenses............ 84.1% 80.5% 79.7% 81.3% 80.3% 75.8% 70.0% 68.0% Subscriptions................. 15.7 19.2 19.9 17.9 19.2 20.3 22.8 19.8 Professional services......... 0.2 0.3 0.4 0.8 0.5 3.9 7.2 12.2 ------ ------ ------- -------- ------- ------- -------- ------- 100.0 100.0 100.0 100.0 100.0 100.0 100.0 100.0 Costs and expenses: Cost of revenues.............. 3.9 5.1 5.1 5.4 8.5 12.2 16.5 14.3 Research and development...... 22.2 21.3 25.8 29.0 26.9 25.0 27.0 25.3 Charge for in-process research and development............. -- -- -- -- -- -- -- 6.1 Sales and marketing........... 78.8 87.7 87.8 89.9 76.5 74.1 59.7 53.8 General and administrative.... 14.4 11.3 12.7 13.9 16.2 15.0 11.1 9.6 Amortization.................. -- -- -- -- -- -- -- 1.8 ------ ------ ------- -------- ------- ------- -------- ------- 119.3 125.4 131.4 138.2 128.1 126.2 114.3 110.9 Operating loss.................. (19.3) (25.4) (31.4) (38.2) (28.1) (26.2) (14.3) (10.9) Net loss........................ (17.7)% (22.8)% (29.5)% (37.1)% (27.0)% (14.8)% (6.2)% (6.1)% ====== ====== ======= ======== ======= ======= ======== =======
As a result of our limited operating history, we are unable to predict our future revenues and operating results. LIQUIDITY AND CAPITAL RESOURCES We have financed our operations to date primarily through sales of our equity securities. The net proceeds of $61.5 million from our March 1998 initial public offering were the primary source of cash provided by financing activities in 1998. In February 1996 and February 1997, we received aggregate net proceeds of $8.9 million from the sale of our preferred stock, all of which automatically converted into common stock when we completed our initial public offering. Net cash used in operations of approximately $4.3 million in 1998 included $4.1 million of net loss. This loss, however, included $3.8 million of non-cash expense for depreciation of equipment, amortization of 24 26 acquisition related intangibles and deferred compensation, and a charge for the write-off of acquired in-process research and development. The other use of cash in operations was working capital associated with our growth. An increase in accounts receivable of $8.1 million was only partially offset by an increase in deferred revenues of $4.5 million. Growth in annual maintenance contracts, the upfront billing of multi-year maintenance arrangements with certain customers and an increase in term licenses increased the deferred revenues balance. Our primary investing activity of 1998 was our acquisitions of March Information Systems Limited and the technology assets of DbSecure. The $5.2 million cash component of these acquisitions included cash consideration and direct transaction costs. We also invested in equipment totaling $3.6 million in 1998 as we provided existing and new personnel with the computer hardware and software necessary to perform their job functions. This included engineering lab equipment, expanded information systems and a telephone switch installed in connection with our relocation to our new headquarters facilities. We expect a similar level of equipment investment in 1999, assuming continued growth in our number of employees. At December 31, 1998, we had $52.6 million of cash and cash equivalents, consisting primarily of money market accounts and short-term, commercial paper carrying the highest investment grade rating. We believe that these investments will be sufficient to fund any operating losses and capital expenditures and meet our working capital needs for the foreseeable future. On January 29, 1999, we filed a registration statement for a proposed public offering of 2.4 million shares of common stock, including 1.2 million shares newly issued by us and 1.2 million to be sold by certain of our existing stockholders. Assuming that this offering is completed, we currently intend to use the net proceeds of the newly issued shares for general corporate purposes, including possible acquisitions of or investments in businesses, products and technologies that are complementary to ours. Although we have not identified any specific businesses, products or technologies that we intend to acquire or invest in, and there are not any current agreements or negotiations with respect to any such transactions, from time to time we evaluate such opportunities. Pending such uses, we will invest the net proceeds in government securities and other short-term, investment-grade, interest-bearing instruments. YEAR 2000 We have reviewed our products and believe that they are designed to properly function through and beyond the year 2000. Furthermore, we only support the current and most recent prior version of our products. While we have conducted tests of our software and have informed our customers that our products are Year 2000 compliant, we cannot guarantee that our products, particularly when they incorporate third-party software, will contain all date code changes necessary to ensure Year 2000 compliance. In addition, we use several internal management and other information systems in the operation of our business. Since we have experienced most of our growth in systems and personnel since January 1, 1997, purchases and upgrades of systems have occurred principally during 1997 and 1998. Internal systems for financial, human resources and sales reporting, as well as telephone, voice mail and other office support systems, were purchased during 1998 and are reflected either on the balance sheet as capital purchases or expensed under our standard policy. We used our best efforts to ensure that these new systems are Year 2000 compliant. We are in the process of contacting providers of various tools used in our product development process and the providers of desktop systems (primarily Microsoft) to determine that these recognized systems, such as Windows NT and Windows 95/98, will be Year 2000 compliant with appropriate fixes. We do not depend on any suppliers or manufacturers whose failure to be Year 2000 compliant would have any significant impact on our financial condition or results of operations. We expect to complete our Year 2000 project for these remaining items by the middle of 1999. We do not expect to expend any significant funds to correct Year 2000 issues. Any minor expenses will be funded through cash provided by operations. Based on available information, we do not believe we have any material exposure to significant business interruptions as a result of Year 2000 compliance issues, or that the cost of remedial actions will have a material adverse effect on our business, financial condition or results of operations. Accordingly, we have not adopted any formal contingency plan in the event we do not achieve Year 2000 compliance. 25 27 Risk Factors Forward-looking statements are inherently uncertain as they are based on various expectations and assumptions concerning future events and are subject to known and unknown risks and uncertainties. Our forward-looking statements should be considered in light of the following important risk factors. Variations from our stated intentions or failure to achieve objectives could cause actual results to differ from those projected in our forward-looking statements. We undertake no obligation to update publicly any forward-looking statements for any reason, even if new information becomes available or other events occur in the future. We Are a Young Company That Has Never Been Profitable We were incorporated in April 1994 and have never achieved profitability. Although our losses have narrowed recently, we cannot be certain that we will become profitable in the future. Even if we become profitable at some point in the future, we cannot be certain that we can sustain such profitability. You should be aware that we have only a limited operating history upon which to evaluate our business and prospects. We operate in a new and rapidly evolving market and must, among other things: - respond to competitive developments; - continue to upgrade and expand our product and services offerings; and - continue to attract, retain and motivate our employees. Our Future Operating Results Will Fluctuate Significantly As a result of our limited operating history, we cannot predict our future revenues and operating results. However, we do expect our future revenues and operating results to fluctuate due to a combination of factors, including: - the growth of private Internet-based networks (often referred to as intranets); - the extent to which the public perceives that unauthorized access to and use of online information is a threat to network security; - the volume and timing of orders, including seasonal trends in customer purchasing; - our ability to develop new and enhanced products and expand our professional services; - the growth in the acceptance of, and activity on, the Internet and the World Wide Web, particularly by corporate, institutional and government users; - customer budgets which may limit their ability to purchase our products; - foreign currency exchange rates that affect our international operations; - the mix of distribution channels through which we sell our products; - product and price competition in our markets; and - general economic conditions, both domestically and in our foreign markets. We increasingly focus our efforts on sales of enterprise-wide security solutions, which consist of our entire product suite and related professional services, rather than on the sale of component products. As a result, we expect that each sale may require additional time and effort from our sales staff. In addition, the revenues associated with particular sales vary significantly depending on the number of products licensed by a customer, the number of devices used by the customer and the customer's relative need for our professional services. Large individual sales, or even small delays in customer orders, can cause significant variation in our license revenues and results of operations for a particular period. The timing of large orders is usually difficult to predict and, like many software companies, our customers typically license most of our products in the last month of a quarter. 26 28 Our future operating expenses are expected to increase in future periods as we intend to: - expand our domestic and international sales and marketing operations; - increase our investments in product development and our proprietary threat and vulnerability database; - expand our professional services capabilities; - seek acquisition candidates that will enhance our products and market share; and - improve our internal operating and financial systems. We cannot predict our operating expenses based on our past results. Instead, we establish our spending levels based in large part on our expected future revenues. As a result, if our actual revenues in any future period fall below our expectations, our operating results likely will be adversely affected because very few of our expenses vary with our revenues. Because of the factors listed above, we believe that our quarterly and annual revenues, expenses and operating results likely will vary significantly in the future. We Face Intense Competition in Our Market The market for network security monitoring, detection and response solutions is intensely competitive, and we expect competition to increase in the future. We cannot guarantee that we will compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. A detailed discussion of our competition appears in Item 1 of Part I of this Annual Report on Form 10_K. We Face Rapid Technological Change in Our Industry and Frequent Introductions of New Products Rapid changes in technology pose significant risks to us. We do not control nor can we influence the forces behind these changes, which include: - the extent to which businesses and others seek to establish more secure networks; - the extent to which hackers and others seek to compromise secure systems; - evolving computer hardware and software standards; - changing customer requirements; and - frequent introductions of new products and product enhancements. To remain successful, we must continue to change, adapt and improve our products in response to these and other changes in technology. Our future success hinges on our ability to both continue to enhance our current line of products and professional services and to introduce new products that address and respond to innovations in computer hacking, computer technology and customer requirements. We cannot be sure that we will successfully develop and market new products that do this. Any failure by us to timely develop and introduce new products, to enhance our current products or to expand our professional services capabilities in response to these changes could adversely affect our business, operating results and financial condition. Our products involve very complex technology, and as a consequence, major new products and product enhancements require a long time to develop and test before going to market. Because this amount of time is difficult to estimate, we have had to delay the scheduled introduction of new and enhanced products in the past and may have to delay the introduction of new products and product enhancements in the future. The techniques computer hackers use to gain unauthorized access to or to sabotage networks and intranets are constantly evolving and increasingly sophisticated. Furthermore, because new hacking techniques are usually not recognized until used against one or more targets, we are unable to anticipate most new hacking techniques. To the extent that new hacking techniques harm our customers' computer systems or businesses, affected customers may believe that our products are ineffective, which may cause them or prospective customers to reduce or avoid purchases of our products. 27 29 Risks Associated with Our Global Operations The expansion of our international operations includes the maintenance of sales offices in dispersed locations throughout the world, including throughout Europe and the Asia/Pacific and Latin America regions. Our international presence and expansion exposes us to risks not present in our U.S. operations, such as: - the difficulty in managing an organization spread over various countries located across the world; - unexpected changes in regulatory requirements in countries where we do business; - excess taxation due to overlapping tax structures; - fluctuations in foreign currency exchange rates, which may be aggravated in European markets by the recent introduction of the Euro currency; - export license requirements and restrictions on the export of certain technology, especially encryption technology; - trade restrictions; - changes in tariff and freight rates; and - depressed regional and economic conditions, such as those currently affecting many regions in Asian markets. Despite these risks, we believe that we must continue to expand our operations in international markets to support our growth. To this end, we intend to establish additional foreign sales operations, expand our existing offices, hire additional personnel, expand our international sales channels and customize our products for local markets. If we fail to execute this strategy, our international sales growth will be limited. To date, we have primarily denominated our revenues from international operations in United States dollars; however, we will increasingly denominate sales in local foreign currencies in the future. An increase in the value of the United States dollar relative to foreign currencies would make our products more expensive and, therefore, potentially less competitive in foreign markets. In addition, even if we successfully expand our international operations, we may not be able to maintain or increase international market demand for our products. We Increasingly Rely on Indirect Distribution Channels Although our direct sales have accounted for a majority of our revenues in 1998, we expect to continue to license a significant percentage of our products to end users through indirect distribution channels in the future. Our indirect distribution channel partners include: - original equipment manufacturers that bundle our products with products that they sell to their customers; - managed service providers, such as telecommunications companies and Internet service providers, that host networking and Internet operations for business customers; and - consultants and systems integrators that incorporate our products into customized solutions that they have implemented for their customers. Our future performance will also depend, in part, on our ability to both retain the channel partner relationships we have built and attract new channel partners to market and support our products effectively, especially in new markets. We cannot assure you that revenue from channel partners that accounted for significant revenues in past periods will continue or, if continued, will reach or exceed past performance levels. In addition, we often depend upon our channel partners to install and support our products for end users. If our channel partners fail to provide adequate installation and support, end users of our products could cease using, or improperly implement and operate, our products. Such a failure could substantially increase our customer support costs and adversely affect our business. 28 30 Potential Future Acquisitions or Investments As part of our growth strategy, we have acquired, and may continue to acquire or make investments in, companies with products, technologies or professional services capabilities complementary to our solutions. In acquiring companies in the future, we could encounter difficulties in assimilating their personnel and operations into our company. These difficulties could disrupt our ongoing business, distract our management and employees, increase our expenses and adversely affect our results of operations. These difficulties could also include accounting requirements, such as amortization of goodwill or in-process research and development expense. We Depend on Our Key Personnel Our future success also depends on our continuing ability to attract and retain highly qualified engineers, managers and sales and professional services personnel. The competition for employees at all levels of the software industry, especially those with experience in the relatively new discipline of security software, is increasingly intense. We Depend on Our Intellectual Property Rights and Use Licensed Technology We have discussed the importance of the protection of our proprietary in Item 1 of Part I of this Annual Report on Form 10-K. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. We are not aware that any of our products infringes the proprietary rights of others, but it is conceivable that our current or future products may infringe the proprietary rights of others. In fact, in July 1998 Network Associates, which is one of our competitors, filed a lawsuit against us alleging that our RealSecure product violates a patent claim for intrusion detection technology held by Network Associates. We believe that the lawsuit is without merit and are vigorously defending against Network Associates' claims. However, should Network Associates prevail in the suit, it could materially and adversely affect our business. We expect the number of intellectual property infringement lawsuits against software companies to increase. Any such claims, with or without merit, could be time consuming, result in costly litigation, cause product shipment delays or require us to enter into royalty or licensing agreements. We Lack Certain Trademark Protection We currently cannot obtain trademark protection on the name "Internet Security Systems" due to its general use in a variety of security-related applications. While we have in the past taken and will continue to take action against any use of that name in a manner that may create confusion for our products in our current or future markets, we may not be successful in these efforts. We Face Potential Product Liability Exposure and Product Defects Many organizations use our products for critical functions of monitoring and enhancing network security. As a result, we risk product liability and related claims for our products if they do not adequately perform this function. In our licensing agreements, we typically seek to limit our liability for special, consequential or incidental damages, but these provisions may not in all cases be enforceable under applicable laws. In addition, we currently have $2.0 million of product liability insurance coverage that, subject to customary exclusions, covers claims resulting from failure of our products or services to perform their intended function or to serve their intended purpose. A product liability claim, to the extent not covered by our insurance, could materially and adversely affect our business, operating results and financial condition. 29 31 Complex software products such as ours may contain undetected "bugs" that, despite our testing, are discovered only after installation and use by our customers. The occurrence of these bugs could result in adverse publicity, loss of or delay in market acceptance or claims by customers against us, any of which could have a material adverse effect upon our business, operating results and financial condition. Customers who deploy or use our products improperly or incompletely may experience temporary disruptions to their computer networking systems, which could damage our relationship with them and our reputation. Our current products may not be error-free and it is extremely doubtful that our future products will be error-free. Furthermore, computers are manufactured in a variety of different configurations with different operating systems (such as Windows, Unix, Macintosh and OS/2) and embedded software. As a result, it is very difficult to comprehensively test our software products for programming or compatibility errors. Errors in the performance of our products, whether due to our design or their compatibility with products of other companies, could hinder the acceptance of our products. ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA See the index to Consolidated Financial Statements at Item 14 ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE None. 30 32 PART III Certain information required by Part III is omitted from this Form 10-K because the Company will file a definitive Proxy Statement pursuant to Regulation 14A (the "Proxy Statement") not later than 120 days after the end of the fiscal year covered by this Form 10-K, and certain information to be included therein is incorporated herein by reference. ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT The information required by this Item is incorporated by reference to the Proxy Statement under the sections captioned "Proposal 1 -- Election of Directors," "Executive Compensation -- Directors and Executive Officers" and "Compliance with Section 16(a) of the Securities Exchange Act of 1934." ITEM 11. EXECUTIVE COMPENSATION The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Executive Compensation." ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Principal Stockholders." ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS The information required by this Item is incorporated by reference to the Proxy Statement under the section captioned "Executive Compensation -- Certain Transactions with Management." 31 33 PART IV ITEM 14. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K (a) The following documents are filed as part of this Form 10-K: 1. Consolidated Financial Statements. The following consolidated financial statements of ISS Group, Inc. are filed as part of this Form 10-K on the pages indicated:
PAGE ---- ISS GROUP, INC. Report of Independent Auditors.............................. 33 Consolidated Balance Sheets as of December 31, 1997 and 1998...................................................... 34 Consolidated Statements of Operations for the Years Ended December 31, 1996, 1997 and 1998.......................... 35 Consolidated Statements of Stockholders' Equity (Deficit) for the Years Ended December 31, 1996, 1997 and 1998...... 36 Consolidated Statements of Cash Flows for the Years Ended December 31, 1996, 1997 and 1998.......................... 37 Notes to Consolidated Financial Statements.................. 38 2. Consolidated Financial Statement Schedules: Schedule II -- Valuation and Qualifying Accounts............ 48
Schedules other than the one listed above are omitted as the required information is inapplicable or the information is presented in the consolidated financial statements or related notes. 3. Exhibits. The exhibits to this Annual Report on Form 10-K have been included only with the copy of this Annual Report on Form 10-K filed with the Securities and Exchange Commission. Copies of individual exhibits will be furnished to stockholders upon written request to the Company and payment of a reasonable fee.
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT - ------- ---------------------- 2.1* -- Stock Purchase Agreement dated October 6, 1998, by and among the Company, March Information Systems and its shareholders (filed as Exhibit 2.1 to the Company's Current Report on Form 8-K dated October 20, 1998). 3.1* -- Certificate of Incorporation (filed as Exhibit 3.1 to the Company's Registration Statement on Form S-1, Registration No. 333-44529 (the "Form S-1"). 3.2* -- Bylaws (filed as Exhibit 3.2 to the Form S-1). 4.1* -- Specimen Common Stock certificate (filed as Exhibit 4.1 to the Form S-1). 4.2 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate of Incorporation and Bylaws of the Company defining the rights of holders of the Company's Common Stock. 10.1* -- Restated 1995 Stock Incentive Plan (filed as Exhibit 10.1 to the Form S-1). 10.2* -- Internet Security Systems, Inc. Amended and Restated Rights Agreement (filed as Exhibit 10.3 to the Form S-1). 10.3* -- Stock Exchange Agreement dated December 9, 1997 (filed as Exhibit 10.4 to the Form S-1). 10.4* -- Amended and Restated Agreement Regarding Acceleration of Vesting of Future Optionees (filed as Exhibit 10.5 to the Form S-1). 10.5* -- Forms of Non-Employee Director Compensation Agreement, Notice of Stock Option Grants and Stock Option Agreement (filed as Exhibit 10.6 to the Form S-1). 10.6* -- Sublease for Atlanta facilities (filed as Exhibit 10.7 to the Form S-1).
32 34
EXHIBIT NUMBER DESCRIPTION OF EXHIBIT - ------- ---------------------- 10.7* -- Form of Indemnification Agreement for directors and certain officers (filed as Exhibit 10.8 to the Form S-1). 10.8* -- Series B Preferred Stock Purchase Agreement (filed as Exhibit 10.9 to the Form S-1). 10.9* -- Sublease for additional Atlanta facilities (filed as Exhibit 10.9 to the Company's Registration Statement on Form S-1, Registration No. 333-71471). 21.1* -- Subsidiaries of the Company (filed as Exhibit 21.1 to the Company's Registration Statement on Form 2-1, Registration No. 333-71471). 23.1 -- Consent of Ernst & Young LLP. 24.1 -- Power of Attorney, pursuant to which amendments to this Annual Report on Form 10-K may be filed, is included on the signature page contained in Part IV of the Form 10-K. 27.1* -- Financial Data Schedule (filed as Exhibit 27.1 to the Company's Registration Statement on Form S-1, Registration No. 333-71471).
- --------------- * Incorporated herein by reference to the indicated filing. (b) Reports on Form 8-K During the quarter ended December 31, 1998, the Company filed one Current Report on Form 8-K. This report was filed on October 20, 1998, reporting the execution of a Stock Purchase Agreement with March Information Systems and its shareholders. This Current Report was amended to include certain financial information regarding March Information Systems dated on December 16, 1998. 33 35 REPORT OF INDEPENDENT AUDITORS Board of Directors ISS Group, Inc. We have audited the accompanying consolidated balance sheets of ISS Group, Inc. as of December 31, 1997 and 1998, and the related consolidated statements of operations, stockholders' equity (deficit), and cash flows for each of the three years in the period ended December 31, 1998. Our audit also included the financial statement schedule listed in the Index at Item 14(a). These financial statements and schedule are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements and schedule based on our audits. We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of ISS Group, Inc. at December 31, 1997 and 1998, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 1998, in conformity with generally accepted accounting principles. Also, in our opinion, the related financial statement schedule, when considered in relation to the basic financial statements taken as a whole, presents fairly in all material respects the information set forth therein. /s/ Ernst & Young LLP Atlanta, GA January 15, 1999 34 36 ISS GROUP, INC. CONSOLIDATED BALANCE SHEETS
DECEMBER 31, ------------------------- 1997 1998 ----------- ----------- ASSETS Current assets: Cash and cash equivalents................................. $ 3,929,000 $52,632,000 Accounts receivable, less allowance for doubtful accounts of $255,000 and $287,000, respectively................. 4,038,000 12,586,000 Prepaid expenses and other current assets................. 281,000 743,000 ----------- ----------- Total current assets.............................. 8,248,000 65,961,000 Property and equipment: Computer equipment........................................ 1,688,000 4,370,000 Office furniture and equipment............................ 268,000 1,027,000 Leasehold improvements.................................... 15,000 275,000 ----------- ----------- 1,971,000 5,672,000 Less accumulated depreciation............................. 402,000 1,655,000 ----------- ----------- 1,569,000 4,017,000 Goodwill, less accumulated amortization of $77,000.......... -- 3,094,000 Other intangible assets, less accumulated amortization of $154,000.................................................. -- 4,692,000 Other assets................................................ 49,000 257,000 ----------- ----------- Total assets......................................... $ 9,866,000 $78,021,000 =========== ===========
LIABILITIES AND STOCKHOLDERS' EQUITY (DEFICIT) Current liabilities: Accounts payable.......................................... $ 2,002,000 $ 692,000 Accrued expenses.......................................... 1,798,000 4,202,000 Deferred revenues......................................... 2,106,000 6,678,000 Current portion of long-term debt......................... 70,000 -- ----------- ----------- Total current liabilities............................ 5,976,000 11,572,000 Long-term debt.............................................. 70,000 -- Other liabilities........................................... -- 134,000 Commitments and contingencies Redeemable, Convertible Preferred Stock (5,737,000 shares authorized): Series A; $.001 par value; 3,650,000 and 0 shares issued and outstanding, respectively (liquidation preference $1 per share).......................................... 3,621,000 -- Series B; $.001 par value; 2,087,000 and 0 shares issued and outstanding, respectively (liquidation preference $2.53 per share)....................................... 5,257,000 -- Stockholders' equity (deficit): Preferred stock; $.001 par value; 20,000,000 shares authorized, none issued or outstanding Common stock, $.001 par value, 50,000,000 shares authorized, 7,921,000 and 17,292,000 shares issued and outstanding, respectively.............................. 8,000 17,000 Additional paid-in capital................................ 695,000 76,110,000 Deferred compensation..................................... (571,000) (662,000) Cumulative adjustment for currency revaluation............ -- 142,000 Accumulated deficit....................................... (5,190,000) (9,292,000) ----------- ----------- Total stockholders' equity (deficit)................. (5,058,000) 66,315,000 ----------- ----------- Total liabilities and stockholders' equity (deficit)........................................... $ 9,866,000 $78,021,000 =========== ===========
See accompanying notes. 35 37 ISS GROUP, INC. CONSOLIDATED STATEMENTS OF OPERATIONS
YEAR ENDED DECEMBER 31, --------------------------------------- 1996 1997 1998 ----------- ----------- ----------- Revenues: Perpetual licenses.................................... $ 4,233,000 $10,936,000 $25,936,000 Subscriptions......................................... 219,000 2,465,000 7,406,000 Professional services................................. 10,000 66,000 2,587,000 ----------- ----------- ----------- 4,462,000 13,467,000 35,929,000 Costs and expenses: Cost of revenues...................................... 18,000 676,000 4,831,000 Research and development.............................. 1,225,000 3,434,000 9,321,000 Charge for in-process research and development........ -- -- 802,000 Sales and marketing................................... 3,768,000 11,731,000 22,762,000 General and administrative............................ 656,000 1,773,000 4,389,000 Amortization.......................................... -- -- 230,000 ----------- ----------- ----------- 5,667,000 17,614,000 42,335,000 ----------- ----------- ----------- Operating loss.......................................... (1,205,000) (4,147,000) (6,406,000) Interest income......................................... 77,000 245,000 2,382,000 Interest expense........................................ (3,000) (17,000) (16,000) ----------- ----------- ----------- Loss before income taxes................................ (1,131,000) (3,919,000) (4,040,000) Provision for income taxes.............................. -- -- 62,000 =========== =========== =========== Net loss................................................ $(1,131,000) $(3,919,000) $(4,102,000) =========== =========== =========== Basic and diluted net loss per share of Common Stock.... $ (0.14) $ (0.50) $ (0.28) =========== =========== =========== Weighted average number of shares used in calculating basic and diluted net loss per share of Common Stock................................................. 7,916,000 7,907,000 14,883,000 =========== =========== =========== Unaudited pro forma net loss per share of Common Stock................................................. $ (0.29) $ (0.25) =========== =========== Unaudited weighted average number of shares used in calculating unaudited pro forma net loss per share of Common Stock.......................................... 13,644,000 16,189,000 =========== ===========
See accompanying notes. 36 38 ISS GROUP, INC. CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (DEFICIT)
ACCUMULATED RETAINED COMMON STOCK ADDITIONAL OTHER EARNINGS -------------------- PAID-IN DEFERRED COMPREHENSIVE (ACCUMULATED SHARES AMOUNT CAPITAL COMPENSATION INCOME DEFICIT) ---------- ------- ----------- ------------ -------------- ------------- Balance at December 31, 1995....... 8,002,000 $ 8,000 $ 125,000 $ -- $ -- $ (140,000) Comprehensive income (loss) Net loss....................... -- -- -- -- -- (1,131,000) Repurchase of Common Stock from founder........................ (100,000) -- (15,000) -- -- -- Accretion related to Redeemable, Convertible Preferred Stock.... -- -- (7,000) -- -- -- ---------- ------- ----------- --------- -------- ----------- Balance at December 31, 1996....... 7,902,000 8,000 103,000 -- -- -- Comprehensive income (loss) Net loss....................... -- -- -- -- -- (3,919,000) Accretion related to Redeemable, Convertible Preferred Stock.... -- -- (11,000) -- -- -- Deferred compensation related to stock options.................. -- -- 571,000 (571,000) -- -- Issuance of Common Stock......... 19,000 -- 32,000 -- -- -- ---------- ------- ----------- --------- -------- ----------- Balance at December 31, 1997....... 7,921,000 8,000 695,000 (571,000) -- (5,190,000) Comprehensive income (loss) Net loss....................... -- -- -- -- -- (4,102,000) Translation adjustment......... -- -- -- -- 142,000 -- -- -- -- -- -- -- Issuance of Common Stock: Initial public offering........ 3,070,000 3,000 61,528,000 -- -- -- Conversion of Redeemable, Convertible Preferred Stock in connection with the initial public offering...... 5,737,000 6,000 8,872,000 -- -- -- Acquisitions................... 158,000 -- 3,901,000 -- -- -- Exercise of stock options...... 405,000 -- 292,000 -- -- -- Issuance to consultant......... 1,000 -- 11,000 -- -- -- Deferred compensation related to stock options.................. -- -- 811,000 (811,000) -- -- Amortization of deferred compensation in connection with stock options.................. -- -- -- 720,000 -- -- ---------- ------- ----------- --------- -------- ----------- Balance at December 31, 1998....... 17,292,000 $17,000 $76,110,000 $(662,000) $142,000 $(9,292,000) ========== ======= =========== ========= ======== =========== TOTAL STOCKHOLDERS' COMPREHENSIVE EQUITY INCOME (DEFICIT) ------------- -------------- Balance at December 31, 1995....... -- $ (7,000) Comprehensive income (loss) Net loss....................... $(1,131,000) (1,131,000) =========== Repurchase of Common Stock from founder........................ -- (15,000) Accretion related to Redeemable, Convertible Preferred Stock.... -- (7,000) ----------- Balance at December 31, 1996....... (1,160,000) Comprehensive income (loss) Net loss....................... $(3,919,000) (3,919,000) =========== Accretion related to Redeemable, Convertible Preferred Stock.... -- (11,000) Deferred compensation related to stock options.................. -- -- Issuance of Common Stock......... -- 32,000 ----------- Balance at December 31, 1997....... -- (5,058,000) Comprehensive income (loss) Net loss....................... $(4,102,000) (4,102,000) Translation adjustment......... 142,000 142,000 ----------- $(3,960,000) -- =========== Issuance of Common Stock: Initial public offering........ -- 61,531,000 Conversion of Redeemable, Convertible Preferred Stock in connection with the initial public offering...... -- 8,878,000 Acquisitions................... -- 3,901,000 Exercise of stock options...... -- 292,000 Issuance to consultant......... -- 11,000 Deferred compensation related to stock options.................. -- -- Amortization of deferred compensation in connection with stock options.................. 720,000 ----------- Balance at December 31, 1998....... $66,315,000 ===========
See accompanying notes. 37 39 ISS GROUP, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS
YEAR ENDED DECEMBER 31, --------------------------------------- 1996 1997 1998 ----------- ----------- ----------- OPERATING ACTIVITIES Net loss................................................ $(1,131,000) $(3,919,000) $(4,102,000) Adjustments to reconcile net loss to net cash used in operating activities: Depreciation....................................... 66,000 334,000 1,253,000 Amortization of goodwill and intangibles........... -- -- 231,000 Charge for in-process research and development..... -- -- 802,000 Amortization of deferred compensation.............. -- -- 720,000 Other non-cash expense............................. -- 31,000 118,000 Changes in assets and liabilities, excluding the effects of acquisitions: Accounts receivable........................... (1,802,000) (2,089,000) (8,107,000) Prepaid expenses and other assets............. (146,000) (179,000) (501,000) Accounts payable and accrued expenses......... 955,000 2,728,000 776,000 Deferred revenues............................. 607,000 1,462,000 4,461,000 ----------- ----------- ----------- Net cash used in operating activities......... (1,451,000) (1,632,000) (4,349,000) ----------- ----------- ----------- INVESTING ACTIVITIES Acquisitions, net of cash acquired...................... -- -- (5,206,000) Purchases of property and equipment..................... (320,000) (1,630,000) (3,567,000) ----------- ----------- ----------- Net cash used in investing activities................... (320,000) (1,630,000) (8,773,000) ----------- ----------- ----------- FINANCING ACTIVITIES Proceeds from (payments on) long-term debt.............. 210,000 (70,000) (140,000) Net proceeds from Redeemable, Convertible Preferred Stock issuances....................................... 3,607,000 5,253,000 -- Payments on notes payable to shareholder................ (30,000) -- -- Net proceeds from initial public offering............... -- -- 61,531,000 Other Common Stock activities........................... (15,000) 1,000 292,000 ----------- ----------- ----------- Net cash provided by financing activities............... 3,772,000 5,184,000 61,683,000 ----------- ----------- ----------- Foreign currency impact on cash......................... -- -- 142,000 Net increase in cash and cash equivalents............... 2,001,000 1,922,000 48,703,000 Cash and cash equivalents at beginning of year.......... 6,000 2,007,000 3,929,000 ----------- ----------- ----------- Cash and cash equivalents at end of year................ $ 2,007,000 $ 3,929,000 $52,632,000 =========== =========== =========== SUPPLEMENTAL CASH FLOW DISCLOSURE Interest paid........................................... $ 1,000 $ 17,000 $ 16,000 =========== =========== ===========
See accompanying notes. 38 40 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS DECEMBER 31, 1998 1. SIGNIFICANT ACCOUNTING POLICIES CONSOLIDATION AND DESCRIPTION OF BUSINESS The consolidated financial statements include the accounts of ISS Group, Inc. and its subsidiaries ("ISS"). All significant intercompany investment accounts and transactions have been eliminated in consolidation. On March 27, 1998, ISS completed an initial public offering ("IPO") of its Common Stock. A total of 3,450,000 shares were sold at $22 per share, including 450,000 shares sold pursuant to the underwriters over-allotment option and 380,000 sold by certain selling stockholders. ISS did not receive any of the proceeds from the sale of shares by the selling stockholders. The net proceeds to ISS were approximately $61,531,000 and certain of such proceeds have been used for general corporate purposes. ISS's shares are traded on the Nasdaq National Market under the ticker symbol "ISSX". ISS Group, Inc. was incorporated in the State of Delaware on December 8, 1997 to be a holding company for Internet Security Systems, Inc., a Georgia company incorporated on April 19, 1994, to design, market, and sell computer network security assessment software. In addition, ISS has various other subsidiaries in Europe and the Asia/Pacific region with primary marketing and sales responsibilities for ISS's products and services in their respective markets. The financial statements of foreign subsidiaries have been translated into United States dollars in accordance with Financial Accounting Standards Board ("FASB") Statement of Financial Accounting Standards ("SFAS") No. 52 Foreign Currency Translation. Revenues from international customers, except in Japan, were denominated in U.S. dollars. Revenues from Japanese customers and international expenditures were denominated in the respective local currencies and translated using the average exchange rates for the year. The effect on the statements of operations related to transaction gains and losses is insignificant for all years presented. All balance sheet accounts have been translated using the exchange rates in effect at the balance sheet date. ISS's business is focused on maintaining the latest security threat and vulnerability checks within existing products and creating new products and services that are consistent with ISS's goal of providing an adaptive solution approach to enterprise network security. This approach entails continuous security risk monitoring and response to develop an active and informed network security policy. REVENUE RECOGNITION ISS recognizes its perpetual license revenues upon (i) delivery of software or, if the customer has evaluation software, delivery of the software key, and (ii) issuance of the related license, assuming no significant vendor obligations or customer acceptance rights exist. For perpetual license agreements when payment terms extend over periods greater than 12 months, revenue is recognized as such amounts are billable. In October 1997, the AICPA issued Statement of Position ("SOP") No. 97-2, Software Revenue Recognition, which ISS adopted, effective January 1, 1997. Such adoption had no effect on ISS's methods of recognizing revenue from license and maintenance activities. Prior to 1997, ISS's revenue recognition policy was in accordance with the preceding authoritative guidance provided by SOP No. 91-1, Software Revenue Recognition. Subscriptions revenues include maintenance and term licenses. Annual renewable maintenance is a separate component of perpetual license agreements with revenue recognized ratably over the maintenance contract term. Term licenses allow customer use of the product and maintenance for a specified period, generally 12 months, for which revenues are also recognized ratably over the contract term. Professional services revenues are recognized as such services are performed. 39 41 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) COST OF REVENUES Cost of revenues include amounts related to ISS's technical support group who provide assistance to customers with maintenance agreements and the costs related to ISS's professional services. CASH AND CASH EQUIVALENTS Cash equivalents include all highly liquid investments with a maturity of three months or less when purchased. Such amounts are stated at cost, which approximates market value. CONCENTRATIONS OF CREDIT RISK Financial instruments that potentially subject ISS to significant concentrations of credit risk consist principally of cash and cash equivalents and accounts receivable. ISS maintains cash and cash equivalents in short-term money market accounts with two financial institutions and short-term, investment grade commercial paper. ISS's sales are primarily to companies located in the United States, Europe and the Asia/Pacific region. ISS performs periodic credit evaluations of its customers' financial condition and does not require collateral. Accounts receivable are due principally from large U.S. companies under stated contract terms. ISS provides for estimated credit losses, which have not been significant to date, as required. PROPERTY AND EQUIPMENT Property and equipment are stated at cost less accumulated depreciation. Depreciation is computed using the straight-line method for financial reporting purposes over the estimated useful lives of the assets (primarily three years). GOODWILL AND INTANGIBLES The major classes of intangible assets, including goodwill (excess of cost over acquired net assets), at December 31, 1998 are as follows:
LIFE ---- Goodwill.................................................... 10 $3,171,000 less accumulated amortization............................... (77,000) ---------- $3,094,000 ========== Core technology............................................. 8 $3,853,000 Developed technology........................................ 5 778,000 Work force.................................................. 6 215,000 ---------- 4,846,000 less accumulated amortization............................... (154,000) ---------- $4,692,000 ==========
Goodwill and other intangible assets are amortized using the straight-line method for the period indicated. They are reviewed for impairment whenever events indicate that their carrying amounts may not be recoverable. In such reviews, undiscounted cash flows associated with these assets are compared with their carrying values to determine if a write-down to fair value is required. 40 42 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) RESEARCH AND DEVELOPMENT COSTS Research and development costs are charged to expense as incurred. ISS has not capitalized any such development costs under SFAS No. 86, Accounting for the Costs of Computer Software to Be Sold, Leased, or Otherwise Marketed, because the cost incurred between the attainment of technological feasibility for the various software products through the date when such products are made available for general release to customers has been insignificant. INCOME TAXES ISS uses the liability method of accounting for income taxes. Under this method, deferred income tax assets and liabilities are determined based on differences between the financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. ADVERTISING COSTS ISS incurred $485,000, $572,000 and $486,000 of advertising costs for the years ended December 31, 1996, 1997 and 1998, respectively, which are expensed as incurred and are included in sales and marketing expense in the statements of operations. USE OF ESTIMATES The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the financial statements and accompanying notes. Actual results may differ from those estimates, and such differences may be material to the consolidated financial statements. STOCK-BASED COMPENSATION ISS generally grants stock options for a fixed number of shares to certain employees with an exercise price equal to the fair value of the shares at the date of grant. ISS accounts for stock option grants in accordance with Accounting Principles Board ("APB") Opinion No. 25, Accounting for Stock Issued to Employees, and, accordingly, recognizes compensation expense only if the fair value of the underlying Common Stock exceeds the exercise price of the stock option on the date of grant. In October 1995, the FASB issued SFAS No. 123, Accounting for Stock-Based Compensation, which provides an alternative to APB Opinion No. 25 in accounting for stock-based compensation issued to employees. As permitted by SFAS No. 123, ISS continues to account for stock-based compensation in accordance with APB Opinion No. 25 and has elected the pro forma disclosure alternative of SFAS No. 123 (see Note 5). LOSS PER SHARE Basic and diluted historical net loss per share (see Note 9) was computed by dividing net loss plus accretion of the Series A and Series B Redeemable, Convertible Preferred Stock by the weighted average number of shares of Common Stock. Common Stock equivalents were antidilutive and therefore were not included in the computation of weighted average shares used in computing diluted loss per share. Also, ISS has no Common Stock equivalents due to "cheap stock" as defined in Securities and Exchange Commission ("SEC") Staff Accounting Bulletin No. 98. Unaudited pro forma net loss per share was computed by dividing net loss by the unaudited weighted average number of shares of Common Stock outstanding plus the assumed conversion of the Redeemable, 41 43 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED) Convertible Preferred Stock into 5,737,000 shares of Common Stock as of the later of (i) January 1, 1997 or (ii) the date of issuance of such preferred stock, instead of March 27, 1998 when such shares of preferred stock automatically converted into Common Stock. RECENTLY ISSUED ACCOUNTING STANDARDS In June 1997, the FASB issued SFAS No. 131, Disclosures about Segments of an Enterprise and Related Information. SFAS No. 131 establishes standards for the way that public business enterprises report information about operating segments in annual financial statements for periods beginning after December 15, 1997. The Statement requires that business segment financial information be reported in the financial statements utilizing the management approach. The management approach is defined as the manner in which management organizes the segments within the enterprise for making operating decisions and assessing performance. Since ISS is organized as, and operates in, a single business segment that provides products, technical support and consulting and training services as components of its enterprise solution for network security, this Statement did not have an impact on financial reporting for the year ended December 31, 1998. ISS adopted SFAS No. 130, Reporting Comprehensive Income, on January 1, 1998. ISS reported comprehensive income in its statement of changes in stockholders' equity (deficit). The adoption of SFAS No. 130 resulted in revised and additional disclosures but had no effect on the financial position, results of operations, or liquidity of ISS. RECLASSIFICATIONS Certain reclassifications were made to the prior years' financial statements to conform with the 1998 presentation. 2. FAIR VALUE OF FINANCIAL INSTRUMENTS The carrying amounts reported in the balance sheets for cash and cash equivalents, accounts receivable and accounts payable approximate their fair values. The carrying amounts reported in the balance sheet at December 31, 1997 for long-term debt approximated its fair values as the interest rate related to such debt was variable and commensurate with the credit worthiness of ISS. 3. BUSINESS COMBINATION AND ASSET ACQUISITION In October 1998, ISS acquired March Information Systems Limited ("March"), a United Kingdom-based developer of Windows NT and Unix-based security assessment technologies. Also in October 1998, ISS acquired the technology assets of DbSecure, Inc., a developer of database security risk assessment software. ISS issued 158,000 shares of ISS Common Stock and paid $5,206,000 in cash, net of cash acquired, and direct transaction costs for these acquisitions. Both of these acquisitions have been accounted for as purchases and their results have been included in the results of ISS's operations from the effective dates of acquisition. Substantially all of the aggregate consideration of $9,144,000 was allocated to identified intangibles, including core and developed technologies, in-process research and development, work force and goodwill (see Note 1). The valuations of core and developed technologies and in-process research and development were based on the present value of estimated future cash flows over the lesser of: (i) five years or (ii) the period in which the product is expected to be integrated into an existing ISS product. The resulting values were reviewed for reasonableness based on the time and cost spent on the effort, the complexity of the development effort and, in the case of in-process development projects, the stage to which it had progressed. For in-process research and 42 44 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 3. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED) development, the valuation was reduced for the core technology component of such product and the percentage of product development remaining at the acquisition date. The resulting in-process research and development amount of $802,000 is reflected as a charge in the 1998 statement of operations. The following table summarizes pro forma unaudited results of operations as if the acquisition of March was concluded on January 1, 1997. The effect of the DbSecure acquisition is not included as its impact was immaterial. The adjustments to the historical data reflect the reduction of interest income in connection with the cash portion of the purchase price and amortization of goodwill and intangibles. This unaudited pro forma financial information is not necessarily indicative of what the combined operations would have been if ISS had control of such combined businesses for the periods presented.
1997 1998 ----------- ----------- Revenues.................................................... $15,513,000 $37,735,000 Operating loss.............................................. (4,901,000) (6,838,000) Net loss.................................................... (4,946,000) (4,828,000) Per share: Basic and diluted net loss................................ $ (0.62) $ (0.32) Pro forma net loss........................................ $ (0.36) $ (0.30)
4. REDEEMABLE, CONVERTIBLE PREFERRED STOCK Redeemable, Convertible Preferred Stock consisted of the following:
GROSS NET SERIES DATE OF ISSUANCE PROCEEDS PROCEEDS SHARES ISSUED - ------ ----------------- ---------- ---------- -------------- A February 2, 1996 $3,650,000 $3,607,000 3,650,000 B February 14, 1997 5,280,000 5,253,000 2,087,000 ---------- ---------- --------- $8,930,000 $8,860,000 5,737,000 ========== ========== =========
Accretion related to the Series A and Series B Redeemable, Convertible Preferred Stock was recorded over the respective redemption period by charges against additional paid-in capital with corresponding increases to the carrying value of the Series A and Series B Redeemable, Convertible Preferred Stock. Such increases aggregated $7,000 and $11,000 for the years ended December 31, 1996 and 1997, respectively, and were immaterial in 1998. All of the outstanding shares of Redeemable, Convertible Preferred Stock were automatically converted into an aggregate of 5,737,000 shares of Common Stock on March 27, 1998 in connection with the IPO. 5. STOCK OPTION PLANS ISS's Incentive Stock Plan (the "Plan") provides for the granting of qualified or nonqualified options to purchase shares of ISS's Common Stock. Under the Plan, there are 3,000,000 shares reserved for future issuances, which increases automatically on the first trading day of each year, beginning with 1999, by an amount equal to 3% of the number of shares of Common Stock outstanding on the last trading day of the immediately preceding year. Certain options granted under the Plan prior to the IPO are immediately exercisable, subject to a right of repurchase by ISS at the original exercise price for all unvested shares. Options granted subsequent to the IPO are generally exercisable as vesting occurs. Vesting is generally in equal annual installments over four years, measured from the date of the grant. 43 45 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 5. STOCK OPTION PLANS -- (CONTINUED) During the quarters ended December 31, 1997 and March 31, 1998, deferred compensation of $571,000 and $811,000, respectively, was recorded for options granted with an exercise price less than the fair value of the Common Stock on the date of grant. The deferred compensation was determined by comparing the exercise price of stock options issued in December 1997 to the estimated price range for the IPO as set forth in the initial filing on January 20, 1998 of ISS's Registration Statement on Form S-1. The fair value of ISS's Common Stock in January and February 1998 was based on the final estimated price range contained in ISS's pre-effective amendment to its Registration Statement filed in March 1998. The amounts are being charged to operations proportionately over the four-year vesting period of the related stock options. Amortization of deferred compensation for the year ended December 31, 1998 was $720,000. All other options were issued at fair market value on the date of grant. On December 8, 1997, the Board of Directors granted to each of the four non-employee directors a nonstatutory option to purchase up to 20,000 shares of Common Stock outside the Plan, on the same terms as if those options had been granted under the 1995 Plan. ISS reserved 80,000 shares of Common Stock for issuance under these options. A summary of ISS's stock option activity is as follows:
1997 1998 --------------------- --------------------- WEIGHTED WEIGHTED AVERAGE AVERAGE NUMBER EXERCISE NUMBER EXERCISE OF SHARES PRICE OF SHARES PRICE ---------- -------- ---------- -------- Outstanding at beginning of year..................... 810,000 $0.16 1,888,000 $ 2.71 Granted............................................ 1,103,000 4.54 961,000 22.78 Exercised.......................................... (7,000) 0.15 (405,000) 0.72 Canceled........................................... (18,000) 0.50 (65,000) 9.32 ---------- ---------- Outstanding at end of year........................... 1,888,000 2.71 2,379,000 10.98 ========== ========== Exercisable at end of year........................... 1,888,000 2.71 1,585,000 3.85 ========== ========== Weighted average fair value of options granted during the year........................................... $ 2.34 $ 12.77 ========== ==========
The following table summarizes information about stock options outstanding at December 31, 1998:
OPTIONS OUTSTANDING OPTIONS FULLY ---------------------------- VESTED AND EXERCISABLE NUMBER OF WEIGHTED -------------------------- OPTIONS AVERAGE NUMBER WEIGHTED OUTSTANDING AT REMAINING EXERCISABLE AVERAGE DECEMBER 31, CONTRACTUAL AT DECEMBER 31, EXERCISE RANGE OF EXERCISE PRICES 1998 LIFE 1998 PRICE - ------------------------ -------------- ----------- --------------- -------- $0.15-0.60..................................... 695,000 7.7 years 289,000 $0.26 $1.00-7.00..................................... 741,000 8.9 years 185,000 5.99 $8.00-20.00.................................... 612,000 9.2 years -- -- $21.00-30.00................................... 181,000 9.8 years -- -- $31.00-50.00................................... 150,000 9.7 years -- --
ISS has reserved 2,379,000 shares of ISS common stock for the future exercise of stock options at December 31, 1998. Pro forma information regarding net income and net income per share is required by SFAS No. 123, which also requires that the information be determined as if ISS had accounted for its employee stock options 44 46 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 5. STOCK OPTION PLANS -- (CONTINUED) granted subsequent to December 31, 1994 under the fair value method prescribed by that Statement. The fair value for options granted was estimated at the date of grant using the Black-Scholes option pricing model. The following weighted average assumptions were used for 1997 and 1998, respectively: risk-free interest rates of 6.28% and 5.27%; no dividend yield; a .60 volatility factor; and an expected life of the options of 4 and 5 years, respectively. The Black-Scholes option valuation model was developed for use in estimating the fair value of traded options which have no vesting restrictions and are fully transferable. In addition, option valuation models require the input of highly subjective assumptions including the expected stock price volatility. Because employee stock options have characteristics different from those of traded options, and because the changes in the subjective input assumptions can materially affect the fair value estimate, in management's opinion, the existing models do not necessarily provide a reliable single measure of the fair value of its employee stock options. For purposes of pro forma disclosures, the estimated fair value of the option is amortized to expense over the options' vesting period. The following pro forma information adjusts net loss for the years ended December 31, 1997 and 1998 for the impact of SFAS No. 123:
YEAR ENDED DECEMBER 31, ------------------------- 1997 1998 ----------- ----------- Pro forma net loss.......................................... $(3,975,000) $(6,126,000) =========== =========== Pro forma net loss per share................................ $ (0.29) $ (0.38) =========== ===========
6. COMMITMENTS AND CONTINGENT LIABILITIES ISS has noncancellable operating leases for facilities that expire at various dates through July 2002. Future minimum payments under noncancellable operating leases with initial terms of one year or more consisted of the following at December 31, 1998:
OPERATING LEASES ---------- 1999........................................................ $1,855,000 2000........................................................ 1,693,000 2001........................................................ 1,513,000 2002........................................................ 683,000 ---------- Total minimum lease payments...................... $5,744,000 ==========
Rent expense was approximately $105,000, $401,000 and $1,200,000 for the years ended December 31, 1996, 1997, and 1998, respectively. In July 1998, Network Associates, Inc. ("Network Associates"), a competitor of ISS, filed a patent infringement suit against ISS in the Federal District Court for the Northern District of California. The suit alleges that ISS's product, RealSecure, violates certain patent claims issued for Network Associates' intrusion detection technology. ISS believes the lawsuit is without merit and intends to defend against it vigorously. However, there can be no assurance that the lawsuit will not have or result in a material adverse effect on ISS's business, operating results or financial condition. 45 47 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 7. INCOME TAXES A reconciliation of the provision for income taxes to the statutory federal income tax rate is as follows:
YEAR ENDED DECEMBER 31, ------------------------------------- 1996 1997 1998 --------- ----------- ----------- Statutory rate at 34%, applied to pretax loss............ $(384,000) $(1,332,000) $(1,440,000) State income taxes, net of federal income tax benefit.... (45,000) (157,000) (160,000) Intangibles.............................................. -- -- 345,000 Research and development tax credit...................... (28,000) (159,000) (384,000) Foreign operations....................................... 100,000 -- 62,000 Other.................................................... 46,000 (26,000) 42,000 Change in valuation allowance............................ 311,000 1,674,000 1,597,000 --------- ----------- ----------- $ -- $ -- $ 62,000 ========= =========== ===========
The provision for income taxes for the year ended December 31, 1998 consisted of $62,000 of current income taxes related to some of ISS's foreign operations. Deferred income taxes reflect the net income tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes. Significant components of ISS's net deferred income tax assets are as follows:
DECEMBER 31, -------------------------- 1997 1998 ----------- ------------ Deferred income tax liabilities: Core technology............................................. $ -- $ (494,000) ----------- ------------ Total deferred income tax liabilities....................... -- (494,000) ----------- ------------ Deferred income tax assets: Depreciation.............................................. 69,000 72,000 Accrued liabilities....................................... 143,000 410,000 Allowance for doubtful accounts........................... 97,000 109,000 Deferred compensation..................................... -- 274,000 Net operating loss carryforwards.......................... 1,573,000 5,178,000 Research and development tax credit carryforwards......... 187,000 571,000 ----------- ------------ Total deferred income tax assets.................. 2,069,000 6,120,000 Less deferred income tax asset valuation allowance.......... (2,069,000) (6,120,000) ----------- ------------ Net deferred income tax assets.............................. $ -- $ -- =========== ============
For financial reporting purposes, a valuation allowance has been recognized to reduce the net deferred income tax assets to zero. ISS has not recognized the benefit from the future use of such loss carryforwards because management's evaluation of all the available evidence in assessing the realizability of the tax benefits of such loss carryforwards and other deferred income tax benefits indicates that the underlying assumptions of future profitable operations contain risks that do not provide sufficient assurance to recognize such tax benefits currently. ISS has approximately $13,600,000 of net operating loss carryforwards for federal income tax purposes that expire in varying amounts between 2011 and 2018. These carryforwards include approximately $7,700,000 related to exercises of stock options in 1998 for which the income tax benefit, if realized, would increase additional paid-in capital. ISS also has approximately $800,000 of net operating loss carryforwards related to 46 48 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 7. INCOME TAXES -- (CONTINUED) its foreign operations which expire between 2002 and 2003. Additionally, ISS has approximately $571,000 of research and development tax credit carryforwards which expire between 2011 and 2014. 8. EMPLOYEE BENEFIT PLANS ISS sponsors a 401(k) plan that covers substantially all employees over 21 years of age. ISS may make contributions to the plan at its discretion, but has made no contributions to the plan through December 31, 1998. 9. LOSS PER SHARE The following table sets forth the computation of basic, diluted and pro forma (unaudited) net loss per share:
YEAR ENDED DECEMBER 31, --------------------------------------- 1996 1997 1998 ----------- ----------- ----------- Numerator: Net loss.............................................. $(1,131,000) $(3,919,000) $(4,102,000) Accretion of Series A and Series B Redeemable, Convertible Preferred Stock........................ (7,000) (11,000) -- ----------- ----------- ----------- $(1,138,000) $(3,930,000) $(4,102,000) =========== =========== =========== Denominator: Denominator for basic and diluted net loss per share -- weighted average shares................... 7,916,000 7,907,000 14,883,000 Redeemable, Convertible Preferred Stock............... -- 5,737,000 1,306,000 ----------- ----------- ----------- Weighted average shares for pro forma net loss per share.............................................. 7,916,000 13,644,000 16,189,000 =========== =========== =========== Basic net loss per share................................ $ (0.14) $ (0.50) $ (0.28) =========== =========== =========== Diluted net loss per share.............................. $ (0.14) $ (0.50) $ (0.28) =========== =========== =========== Pro forma net loss per share (unaudited)................ $ (0.29) $ (0.25) =========== ===========
Stock options aggregating 1,888,000 and 2,379,000 at December 31, 1997 and 1998, respectively, are not included in the above calculations as they are antidilutive. 10. EXPORT SALES Export sales from the United States to the Europe and Asia/Pacific region represented approximately 10% and 3%, respectively, of total revenues for the year ended December 31, 1997 and 12% and 0%, respectively, of total revenues for the year ended December 31, 1998. Export sales were not significant for the year ended December 31, 1996. Revenues generated from ISS's foreign operations located in the Europe and Asia/Pacific region totaled approximately 0% and 8%, respectively, and 2% and 5%, respectively, of total revenues for the years ended December 31, 1997 and 1998, respectively. ISS had no revenue generating foreign operations prior to 1997. 47 49 ISS GROUP, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED) 11. QUARTERLY FINANCIAL RESULTS -- (UNAUDITED) Summarized quarterly results for the two years ended December 31, 1997 and 1998 are as follows (in thousands, except per share data):
FIRST SECOND THIRD FOURTH ------- ------- ------- ------- 1997 by quarter: Revenues........................................ $ 2,225 $ 2,671 $ 3,473 $ 5,098 Operating loss.................................. (429) (678) (1,092) (1,948) Net loss........................................ (394) (610) (1,026) (1,889) Loss per share(1): Basic and diluted............................... (0.05) (0.08) (0.13) (0.24) Pro forma (unaudited)........................... (0.03) (0.05) (0.08) (0.14) 1998 by quarter: Revenues........................................ 6,073 7,331 9,430 13,095 Operating loss.................................. (1,705) (1,924) (1,348) (1,429) Net loss........................................ (1,639) (1,083) (583) (797) Loss per share(1): Basic and diluted............................... (0.19) (0.06) (0.03) (0.05) Pro forma (unaudited)........................... (0.12) -- -- --
- --------------- (1) Because of the method used in calculating per share data, the quarterly per share data will not add to the per share data as computed for the year. 48 50 SCHEDULE II VALUATION AND QUALIFYING ACCOUNTS
BALANCE AT BEGINNING OF BALANCE AT YEAR PROVISION WRITEOFFS END OF YEAR ------------- --------- --------- ------------ 1996 Allowance for Doubtful Accounts................ $ -- $ 86,000 $ (7,000) $ 79,000 ======== ======== ========= ======== 1997 Allowance for Doubtful Accounts................ $ 79,000 $195,000 $ (19,000) $255,000 ======== ======== ========= ======== 1998 Allowance for Doubtful Accounts................ $255,000 $135,000 $(103,000) $287,000 ======== ======== ========= ========
49 51 SIGNATURES Pursuant to the requirements of the Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this Report to be signed on its behalf by the undersigned, thereunto duly authorized. ISS GROUP, INC. By: /s/ RICHARD MACCHIA ------------------------------------ Richard Macchia Vice President and Chief Financial Officer Dated: February 17, 1999 POWER OF ATTORNEY KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below hereby severally constitutes and appoints, Thomas E. Noonan, Richard Macchia and Jon Ver Steeg, and each or any of them, his true and lawful attorney-in-fact and agent, each with the power of substitution and resubstitution, for him in any and all capacities, to sign any and all amendments to this Annual Report (Form 10-K) and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each said attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or cause to be done by virtue hereof. Pursuant to the requirements of the Securities Exchange Act of 1934, this Report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated.
NAME TITLE DATE ---- ----- ---- /s/ THOMAS E. NOONAN Chairman, President and Chief February 17, 1999 - ----------------------------------------------------- Executive (Principal Thomas E. Noonan Executive Officer) /s/ CHRISTOPHER W. KLAUS Chief Technology Officer, February 17, 1999 - ----------------------------------------------------- Secretary and Director Christopher W. Klaus /s/ RICHARD MACCHIA Vice President and Chief February 17, 1999 - ----------------------------------------------------- Financial Officer Richard Macchia (Principal Financial and Accounting Officer) /s/ RICHARD S. BODMAN Director February 17, 1999 - ----------------------------------------------------- Richard S. Bodman /s/ ROBERT E. DAVOLI Director February 17, 1999 - ----------------------------------------------------- Robert E. Davoli /s/ KEVIN J. O'CONNOR Director February 17, 1999 - ----------------------------------------------------- Kevin J. O'Connor /s/ DAVID N. STROHM Director February 17, 1999 - ----------------------------------------------------- David N. Strohm
50 EX-23.1 2 CONSENT OF ERNST & YOUNG 1 Consent of Independent Auditors We consent to the incorporation by reference in the Registration Statement (Form S-8 No. 333-53279) pertaining to the ISS Group, Inc. Restated 1995 Stock Incentive Plan of our report dated January 15, 1999, with respect to the consolidated financial statements and schedule of ISS Group, Inc. included in the Annual Report (Form 10-K) for the year ended December 31, 1998 filed with the Securities and Exchange Commission. /s/ Ernst & Young LLP Atlanta, Georgia February 10, 1999 -----END PRIVACY-ENHANCED MESSAGE-----