INTERNET SECURITY SYSTEMS INC/GA - 10-K Annual Report

Back to GetFilings.com

- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549

---------------------

FORM 10-K

(MARK ONE)
[X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE
SECURITIES EXCHANGE ACT OF 1934
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2003
OR
[ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE
SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM ____________ TO ____________

Commission file number 0-23655

INTERNET SECURITY SYSTEMS, INC.
(Exact name of Registrant as Specified in Its Charter)

DELAWARE 58-2362189
(State or other jurisdiction of (I.R.S. Employer Identification No.)
incorporation or organization)

6303 BARFIELD ROAD 30328
ATLANTA, GEORGIA (Zip code)
(Address of principal executive offices)

Registrant's telephone number, including area code: (404) 236-2600

Securities registered pursuant to Section 12(b) of the Act: None

Securities registered pursuant to Section 12(g) of the Act:
COMMON STOCK, $0.001 PAR VALUE
PREFERRED STOCK PURCHASE RIGHTS
(Title of Class)

Indicate by check mark whether the Registrant (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
Registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days.

Yes [X] No [ ]

Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to the
best of Registrant's knowledge, in definitive proxy or information statements
incorporated by reference in Part III of this Form 10-K or any amendment to this
Form 10-K. [X]

Indicate by check mark whether the registrant is an accelerated filer (as
defined in Exchange Act Rule 12b-2). Yes [X] No [ ]

The aggregate market value of the voting stock held by non-affiliates of the
Registrant, based upon the closing sale price of Common Stock on June 30, 2003
as reported on the Nasdaq National Market, was approximately $454 million
(affiliates being, for these purposes only, directors, executive officers and
holders of more than 5% of the Registrant's Common Stock).

As of February 27, 2004, the Registrant had 50,199,839 outstanding shares of
Common Stock.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the Proxy Statement for the Registrant's Annual Meeting of
Stockholders to be held on May 24, 2004 are incorporated by reference into Part
III of this Form 10-K.
- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------

In this Form 10-K, the words "Internet Security Systems," "ISS," "the
Company," "we," "our," "ours," and "us" refer to Internet Security Systems,
Inc., and its subsidiaries.

This Annual Report on Form 10-K contains forward-looking statements.
Forward-looking statements can be identified by the use of words such as "may,"
"will," "should," "could," "continue," "future," "potential," "believe,"
"project," "plan," "intend," "seek," "estimate," "predict", "expect",
"anticipate" and similar expressions, or the negative of such terms, or other
comparable terminology. Forward-looking statements also include the assumptions
underlying or relating to any of the foregoing statements. Our actual results
could differ materially from those anticipated in these forward-looking
statements as a result of various factors, including those set forth below under
the caption "Risk Factors" and those otherwise described from time to time in
our Securities and Exchange Commission reports filed after this Form 10-K. All
forward-looking statements included in this Form 10-K are based on information
available to ISS on the date hereof. We assume no obligation (except where
required by law) to update any forward-looking statements for any events or
circumstances occurring after the date of this Form 10-K.

Internet Security Systems, Network ICE, Proventia, System Scanner, Wireless
Scanner, SiteProtector, SecurePartner and X-Press Update are trademarks and
service marks, BlackICE is a licensed trademark and the Internet Security
Systems logo, X-Force, RealSecure, Internet Scanner, and Database Scanner are
registered trademarks and service marks, of Internet Security Systems, Inc. or
its wholly-owned subsidiaries. Each trademark, trade name or service mark of any
other company appearing herein belongs to its holder.

PART I

ITEM 1. BUSINESS

INTRODUCTION

OVERVIEW

Internet Security Systems, Inc. is an established world leader in network
and information security providing products and services that help to protect
businesses from network and system risks. We offer a proactive line of security
solutions that provide protection against a variety of ever-changing threats for
gateways, networks, servers and desktops, and includes security software and
appliances, managed security services, consulting and training services and
online security research, advisory and other knowledge services. This
comprehensive line of products and services are designed specifically for the
enterprise, service providers, risk management, small business and consumer
markets. Our threat protection solutions go beyond basic access control to
deliver multiple layers of defense that detect, prevent and respond to threats
before those threats cause damage to our customers' business operations.

Our products are designed to meet the need for comprehensive,
cost-effective detection, prevention and response arising from attacks, misuse
and security policy violations while promoting the confidentiality, privacy,
integrity and availability of proprietary information. Our family of products is
a critical element of an active Internet and networking security program within
today's world of global connectivity, enabling organizations to proactively
monitor, detect and respond to risks to enterprise information. Our managed
services offerings focus primarily on remote management of our best-of-breed
security technology including security assessment and intrusion protection
systems. We focus on serving as the trusted security provider to our customers
by maintaining within our products the latest counter-measures to security
risks, creating new innovative products, and providing professional and managed
services.

ISS was founded in 1994 and is headquartered in Atlanta, Georgia. The
mailing address for our headquarters is 6303 Barfield Road, Atlanta, Georgia,
30328, and our telephone number at that location is (404) 236-2600. Our website
can be found at www.iss.net. We make available free of charge through our
website our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, and
Current Reports on Form 8-K, and amendments to those reports, as soon as
reasonably practicable after we file them electronically with, or furnish them
to, the Securities and Exchange Commission. Our Corporate Governance Guidelines
and Code of Conduct are also available on our website and are available in print
to any stockholder

1

who mails a request to our headquarters, attention to the Corporate Secretary.
Our website also contains other corporate governance-related documents that may
be found of interest to stockholders. The information on our website is not
incorporated by reference in this Form 10-K.

INDUSTRY BACKGROUND

Online security is of growing importance to today's businesses, as
organizations of all sizes and markets become increasingly reliant on
Internet-based technology to conduct day-to-day operations. Businesses adopt
these Internet-based technologies to streamline operations and create new
business opportunities. To capitalize on the benefits of the Internet,
businesses must open their networks to business partners, customers and their
mobile workforce, significantly increasing the value and vulnerability of their
online assets.

The more that organizations and consumers depend on networks to conduct
business, the greater the risk of business interruption, negative publicity,
theft of proprietary or private information, liability for damages to others,
and other costly business losses. The gateways, networks, servers and desktops
that make online commerce work are inherently vulnerable to online threats. A
threat is any tool or technique that can be used to damage the data stored on a
network, server or desktop, or to compromise those resources for unauthorized
use. The tools used to attack online resources and the sophistication of these
threats continues to increase. At the same time, the technological
sophistication needed to launch an attack continues to decrease.

MARKETS

We provide products and services to a variety of customers. We view our
primary customer markets as enterprise, service provider and risk management
customers. We also have products for consumers and small offices. Our primary
markets are addressed through our direct sales efforts and through various
partners, including system integrators, value-added resellers and distributors.

ENTERPRISE

Enterprise market customers generally have annual revenues exceeding $100
million. Our enterprise software, appliances and services solutions provide
proactive protection against online business interruption and loss, all designed
to operate with minimal administration or interference with normal network
operations. These comprehensive protection offerings merge gateway, network,
server and desktop protection into an integrated threat management environment.
This combination of software, appliances and services enables centralized
management across multiple locations and network segments, including wireless
networks, branch offices and mobile workers. Most importantly, our proactive
approach keeps staff informed about newly discovered security issues, ensuring
that the protection solution can be updated to account for newly evolved
threats.

SERVICE PROVIDER

We provide best-of-breed technology and a proven track record in network
security management for service providers looking to establish online security
as part of a broad-based, Internet-oriented business solution. We partner with
service providers that want to resell managed security services and are seeking
a well-known, credible and stable partner in the security industry, an
established ability to bring partners to market, and a comprehensive services
portfolio.

Our advanced security management software solutions, extensive experience
protecting customer networks and industry leading ability to collect and analyze
threat trends from around the world in our Global Threat Operations Center
(GTOC) allow us to partner with organizations looking to bundle a security
management component within a broader set of business services.

2

PRODUCTS AND SERVICES

ENTERPRISE PROTECTION

Enterprise solutions include Proventia(TM) multi-function protection
products, RealSecure(R) software and Managed Services. Our products and services
protect the entire infrastructure, from the perimeter to the core. Our centrally
managed family of Proventia protection products ranges from detection up to
completely unified and proactive multi-function appliances, combining firewall,
intrusion prevention and anti-virus technologies. The Proventia multi-function
protection family streamlines and simplifies security by unifying security
technologies on a single engine. In 2003, we continued to market our REALSECURE
PROTECTION PLATFORM, a unique software offering that encompasses vulnerability
assessment and threat detection, prevention and response across networks,
servers and desktops, all coordinated through the SITEPROTECTOR(TM) centralized
management platform. In addition, our Managed Services extends this protection
strategy through managed security offerings and expert 24/7 monitoring, support
and response management for situations where additional flexibility and support
are required. Extensive professional services and emergency response services
provide an appropriate, effective security solution, regardless of business
environment.

Key components of our enterprise protection products include:

GATEWAY PROTECTION -- Unifies critical security technologies,
including firewall, virtual private network (VPN), anti-virus and intrusion
prevention, within a single appliance and management system to protect
against known and unknown threats, worms and viruses.

Proventia M Series Multi-Function Appliances -- Provide complete
protection at the gateway and network level in a single all-in-one
appliance without jeopardizing network bandwidth or availability.

NETWORK PROTECTION -- Utilizes industry-leading intrusion detection
and prevention technologies to protect corporate networks from attack and
misuse.

Proventia G Series Intrusion Prevention Appliances -- Proactively
block malicious attacks from entering the network, including denial of
service, backdoors and hybrid threats. Attacks are blocked in real-time,
minimizing the need for active administrator involvement in most
security events.

Proventia A Series Intrusion Detection Appliances -- Deliver our
market-leading RealSecure network intrusion detection, forensics, and
response technology in an easy-to-use, cost effective, rapidly deployed
appliance format.

RealSecure Network 10/100 Software -- Provides intelligent,
automated integration of threat assessment, intrusion detection, and
data analysis within a self-contained, centrally managed application.

RealSecure Network Gigabit Software -- Provides intelligent,
automated integration of threat assessment, intrusion detection, and
data analysis within a self-contained, centrally managed application for
line operations at gigabit speeds.

SERVER PROTECTION -- Defends servers and applications against
unauthorized access and a broad array of threats by combining intrusion
prevention with firewall capabilities.

RealSecure Server Software -- Provides automated, real-time
intrusion protection by analyzing events, host logs, and inbound and
outbound network activity on critical enterprise servers to block
malicious activity from damaging critical assets.

DESKTOP PROTECTION -- Protects fixed, remote and mobile desktops
against unauthorized access and a broad array of threats by combining
intrusion prevention, firewall capabilities, application protection and VPN
compatibility.

RealSecure Desktop Software -- Provides real-time protection
against malicious activity by analyzing application, network and VPN
behavior on desktops.

3

SITEPROTECTOR MANAGEMENT CONSOLE -- Scalable, centralized management
and reporting for enterprise deployments of Internet Security Systems'
protection products. Significantly reduces demand on staff and other
operational resources.

SITEPROTECTOR SECURITYFUSION(TM) MODULE -- Uses advanced data
correlation and analysis to rapidly and automatically derive the likelihood
of a successful attack from aggregated vulnerability assessment
information.

SITEPROTECTOR THIRD PARTY MODULE -- Interfaces with market-leading
firewalls such as CheckPoint and Cisco PIX to automate the collection of
audit and intrusion detection events into SiteProtector's central
management system for advanced analysis.

VULNERABILITY ASSESSMENT SOFTWARE

In addition to our gateway, network, server, and desktop protection
products, we also offer security assessment and policy compliance solutions for
proactive measurement of online risk. These offerings include:

INTERNET SCANNER(R) SOFTWARE -- Provides comprehensive network
vulnerability assessment for measuring online risk.

SYSTEM SCANNER(TM) SOFTWARE -- Ensures policy compliance and detects
vulnerabilities that leave servers open to compromise.

DATABASE SCANNER(R) SOFTWARE -- Assesses online business risks by
identifying security exposures in leading database applications.

WIRELESS SCANNER(TM) SOFTWARE -- Provides automated detection and
security analyses of mobile networks utilizing 802.11b WLAN (Wi-Fi) access
points and clients.

CONSUMER AND SMALL OFFICE SOFTWARE

We offer powerful, affordable firewall and intrusion detection protection
software solutions providing fast, accurate protection for the consumer and
small office product market. Our products include:

BLACKICE(TM) PC PROTECTION SOFTWARE -- Provides comprehensive personal
firewall and intrusion protection for individual PCs.

BLACKICE SERVER PROTECTION SOFTWARE -- Provides comprehensive firewall
and intrusion protection capabilities for individual servers.

X-FORCE(R) SERVICES

The X-Force organization, our industry leading group of security experts
dedicated to proactive counter intelligence and public education, delivers
timely, accurate information for anyone interested in protecting online assets
against attack or misuse. This proactive approach suffuses all our offerings,
from research and development to products and services, including publicly
available information and product support.

Our X-Force organization provides information on threats through three
complementary online publications:

- Security Advisories contain new vulnerability research developed by the
X-Force itself, as well as solutions to manage or resolve the threat.

- Security Alerts are timely compilations of threat information, both from
us and from other external resources.

- Security Alert Summaries are weekly publications containing short
descriptions of security issues identified and researched during the past
week. Each issue in the Alert Summary is linked to detailed information
in the online X-Force Database.

4

The X-Force organization begins this process through our Global Threat
Operations Center. This specialized threat intelligence facility collects
security trend information from five state-of-the-art Security Operations
Centers operating on three continents to analyze the nature and severity of any
threat in real-time. The X-Force then proactively helps deliver our solutions to
market via alerts, advisories, product updates, professional services, emergency
response services and 24/7 remotely managed security services. In addition, we
provide the fee-based X-Force Threat Analysis Service for customers needing
immediate, comprehensive notification of the breaking security events.

X-Force threat intelligence consists of global and local primary source
overviews of evolving threats. This information may be sorted by specific
geography, business sector, operating system or attack technique, allowing
anyone interested in information protection to evaluate global threat conditions
as part of their own security operations. All our service offerings use X-Force
threat intelligence as a differentiator, whether as part of a professional
services consulting engagement, managed security services, X-Force Education
Services or customer support. In addition, X-Force research and development
quickly and easily integrates into our software solutions via self-installing
X-Press Update(TM) product enhancements.

MANAGED SECURITY SERVICES

ISS Managed Security Services offer online protection for organizations
lacking the time, expertise or appropriate internal resources to secure critical
information resources. Our services include:

MONITORED AND MANAGED IDS SERVICE -- Unobtrusively monitors client
servers and network traffic for potential threats, and responds to attacks
or misuse that can damage online information resources.

MONITORED AND MANAGED FIREWALL SERVICE -- Flexible, remotely managed
firewall service that delivers cost-effective protection that reduces
customer staff requirements. Optional features include High Availability
capabilities, Monitored Firewall, Client VPN enablement and Site-to-Site
VPN.

VULNERABILITY MANAGEMENT SERVICE -- Provides real time vulnerability
information by examining servers, firewalls, switches and more. Provides
comprehensive on-demand security audits that identify, analyze and report
on network security vulnerabilities.

PROFESSIONAL SECURITY SERVICES

Our professional security services combine our advanced technology and
experienced security experts to help organizations plan and implement sound
security management solutions. Our standards-based methodology covers the
complete security management lifecycle, including assessment, design,
deployment, management and support, as described below.

ASSESSMENT

Penetration Test -- Network simulation attack in a controlled
environment, resulting in a clear snapshot of an organization's security
condition, specific exploitable vulnerabilities and risks as seen from a
designated remote Internet location.

Information Security Assessment -- Comprehensive evaluation of an
organization's information security policies, procedures, controls and
mechanisms, as well as its networks, servers, desktops and databases in
relation to the globally recognized ISO 17799 standard, which is a
comprehensive set of controls comprising best practices in information
security established by the International Standards Organization.

Security Certification -- Comprehensive and rigorous internal and
external evaluation of an organization's information security policies,
procedures, controls and mechanisms, as well as networks, servers, desktops
and databases, comparing current security standing to the globally
recognized ISO 17799 standards. This service includes a two-day
interactive, strategic project-planning workshop that results in an
actionable plan to achieve and maintain on-going security goals. We provide
our clients with a certification of best security practices upon
implementation of our recommendations.

5

ISO 17799 and Regulatory Compliance Gap Analysis -- Analysis and
documentation of tactical recommendations based upon the globally
recognized ISO 17799 standard and regulatory requirements.

Wireless Network Assessment -- Security assessment of wireless network
environments including both assessment and penetration testing.

Application Security Assessment -- Review and evaluation of
application security from the client and server perspectives.

DESIGN

Policy Development -- Rapid development of security policies that map
to an organization's business objectives, regulatory issues and industry
best practices.

Standards & Procedures Development -- Development of written
procedures to ensure the repeated correct installation and configuration of
operating systems, applications and databases which are essential in
reducing risks to the network environment and computing infrastructure.

Security Strategy Workshop -- Strategic planning engagement in which
we assist customers to develop a specific security strategy based upon best
practices, and the customer's specific requirements.

Implementation Planning -- Our security specialists work with client
staff to determine and plan the most effective and strategic locations in
which to install ISS solutions, how to best implement them with minimal
impact on current network operations, and how to plan for the ongoing
management and maintenance of the security solution.

Network Architecture Design -- Assists organizations in designing a
secure customized network architecture designed to meet organizational
goals now and in the future.

Vulnerability Remediation -- A prioritized roadmap that helps clients
understand the remediation efforts needed, timeframes and expertise
required to quickly remediate the most serious problems and put a long-term
security program into place.

Vertical & Regulatory Markets Strategy Design -- Provides an
organization with a thorough understanding of the impact of regulatory
issues on it and develops a plan to achieve regulatory compliance.

Security Awareness Program Development -- A short duration, high value
engagement that quickly increases employees' security consciousness and
helps other security initiatives move forward effectively.

DEPLOYMENT

Deployment Consulting -- Installation, configuration and tuning for
ISS's vulnerability assessment, intrusion detection and enterprise security
management solutions.

Migration -- Consulting, installation, configuration and tuning
services for migrating to new ISS vulnerability assessment, intrusion
detection and enterprise security management solutions.

MANAGEMENT

Emergency Response Services -- Our professional services staff
combines leading security research with real-world incident response
experience to help organizations prepare for, and respond immediately to,
information security breaches.

X-Force Threat Analysis Service -- Internet Security Systems' X-Force
Threat Analysis Service enables proactive security management through
comprehensive evaluation of global online threat conditions and detailed
analyses tailored for specific customer needs. The X-Force Threat Analysis
Service is a blend of threat information collected from our international
network of Security Operations Centers and trusted security intelligence
from the X-Force research and development organization. This constantly
monitors and advises regarding the nature and severity of external Internet
threats. Daily

6

summaries provide current and forecast assessments for active
vulnerabilities, viruses/worms and threats, including links to recommended
fixes and security advice.

SUPPORT

ISS Technical Support provides ongoing product support services under
license agreements. We believe that providing a high level of customer service
and technical support is necessary to achieve rapid product implementation,
which, in turn, is essential to customer satisfaction and continued license
sales and revenue growth. Accordingly, we are committed to recruiting and
maintaining a high-quality technical support team. A team of dedicated certified
engineers trained to answer questions on the usage of our products provides
telephone and email support worldwide, 24 hours a day, seven days a week
(including holidays), from our corporate office in Atlanta. Customers in Asia
can also contact ISS Technical Support in the Philippines or Tokyo during local
business hours. The ISS Technical Support Team located in Mountain View,
California provides email support to our consumer customer base. In the United
States and internationally, our resellers and distributors provide telephone
support to their customers with additional technical assistance from us. For our
managed services security solutions, customer support is available for several
offerings up to 24 hours a day, seven days a week. Technical support is offered
via phone, email or secure Web form and includes access to an online knowledge
base as well as direct contact with qualified support personnel.

X-FORCE EDUCATION SERVICES

Internet Security Systems' X-Force Education Services division provides
hands-on, real-world security management courses that empower the IT staff of
our clients to take control of their information security. Our courses are based
on ISS' best-of-breed security protection solutions, critical security topics
and real-world experience, preparing our customers for the security tasks that
they will face.

Our experienced instructors offer educational programs for security
professionals worldwide. By developing and maintaining internal staff knowledge,
organizations can maximize the return on their security investments. Classes are
delivered at our Atlanta corporate training center, regional offices around the
world, authorized training centers, and client sites.

GEOGRAPHIC SEGMENTS

We provide our network security management solutions in three geographic
areas: the Americas (United States, Canada, Latin America and South America),
EMEA (Europe, Middle East and Africa) and Asia/Pacific. These geographic areas
represent our three reportable segments. The accounting policies of the
reportable geographic segments are the same as described under the caption
"Critical Accounting Policies" in "Management's Discussion and Analysis of
Financial Condition and Results of Operations" and in our consolidated financial
statements, and are applied consistently across the segments. Revenues, as a
percentage of total revenues, for each segment are as follows:

PRODUCT DEVELOPMENT

We employ a three-pronged product development strategy to achieve our goal
of providing comprehensive security coverage for monitoring, detection and
response.

First, we provide regular security updates to our products that are based
on our X-Force vulnerability and threat database. These updates are usually
provided as part of separate maintenance agreements sold with the product
license.

7

Second, we continue to develop new best-of-breed security products to
protect gateways, networks, servers and desktops. Historically, existing
products are updated to add new features and improve functionality. These
enhancements are available to customers through our software maintenance
program.

Third, to complement our network, server and desktop products and provide
more comprehensive network security coverage, we continue to develop additional
enterprise-level security management features that are included in our
SiteProtector management console. SiteProtector is intended to help customers
protect their networks, servers and desktops by continuously measuring and
analyzing the status of their security- in real time and across the
enterprise-and is designed to operate with our network, server and desktop
products.

We develop our products to operate in heterogeneous computing environments.
Products are compatible with other vendors' products across a broad range of
platforms, including HP-UX, IBM AIX, Linux, Sun Solaris and Microsoft Windows.
Starting in the second quarter of 2003, we began to aggressively transition our
product development efforts from primarily software-based products towards
hardware-based products that deliver integrated network protection solutions on
ISS-branded Linux-based servers. These integrated appliances improve protection
and flexibility for customers, and reduce costs through simple procurement,
deployment and management. Our network products are also offered for specific
hardware vendor platforms, including appliances from Nokia, Crossbeam and ISS
branded appliances through various partners. We have incorporated a modular
design in our software products to permit plug-and-play capabilities, although
customers often use our professional services or our strategic partners to
install and configure products for use in larger or more complex network
systems.

Research and development expenses were $35.4 million, $35.3 million, and
$41.8 million in 2001, 2002 and 2003, respectively. All product development
activities are conducted at either our principal offices in Atlanta or at our
research and development facilities in Mountain View, California. Late in 2003,
we closed our research and development facilities in Reading, England and
Sydney, Australia, consolidating affected projects into our Atlanta operations.
As of December 31, 2003, 275 personnel were employed in product development
teams. Our personnel include members of the Computer Security Institute, Forum
for Incident Response and Security Technicians (FIRST), Georgia Tech Industrial
Partners Association, Georgia Tech Information Security Center and the
International Computer Security Association (ICSA), enabling us to actively
participate in the development of industry standards in the emerging market for
network and Internet security systems and products.

PRICING

We use a range of fee structures to license our products, depending on the
type of product and the intended use. We license our vulnerability assessment
products, Internet Scanner, System Scanner, Wireless Scanner and Database
Scanner based on the number of devices being assessed. The pricing provides low
entry points for departmental users without limiting our revenue potential from
customers with large networks. Pricing for our threat detection and response
products, including the RealSecure line of software agents, is based on the
number of copies deployed on the network. Thus, licensing fees for our products
are ultimately determined by the size of the customer's network, as size
dictates the number of devices to be assessed or the number of copies to be
deployed. Management software is sold on a capacity basis. The license fee for
the management software is determined by the size of the sensor/detector and
scanner purchase. This capacity-based pricing structure provides customers with
the ability to license as much management as they require.

In addition to license fees, customers purchase maintenance agreements in
conjunction with their initial purchase of a software license, with annual
maintenance fees typically equal to 20% of the product's license fee.
Maintenance agreements include annually renewable telephone support, product
updates, access to our X-Force Security Alerts and error corrections. Our
continuing research into new security risks and resulting product updates
provide significant ongoing value. We provide customers with a regular stream of
security updates, known as X-Press Updates, as part of this maintenance
agreement. X-Press Updates serve to keep our products up to date with the latest
vulnerabilities and threats that are present in Internet environments. As a
result, a substantial majority of our customers renew their maintenance
agreements. We have historically

8

sold fully paid perpetual licenses with a renewable annual maintenance agreement
and have licensed our products on a subscription basis, including maintenance,
for one or two year periods. We are currently evaluating other alternatives for
customers desiring longer-term arrangements or multi-year commitments. Customers
who use our products to provide information technology assessment services are
offered subscription license agreements, typically with a one-year term.

Our Proventia multi-function appliances offer more optional components for
the customer, all tightly integrated and managed from a single easy-to-use
web-based console application. After buying the appliance and maintenance, the
customer can choose optional content subscriptions for intrusion prevention and
anti-virus. Annual subscription prices vary by the number of users protected by
the appliances. The customer can also choose to purchase optional add-on
functionality such as the Virtual Private Networking module.

Fees for our Proventia product line are comprised of three components: 1) a
platform fee which includes the hardware and a license to the underlying
software; 2) software and hardware maintenance, which includes technical support
and repair; and, 3) content subscriptions which provide security updates. A
variety of appliance models are offered to fit different customer environments.

Monitoring fees for managed security services are determined by the
complexity of the monitoring arrangement and by the number of devices being
monitored. The pricing is scalable, allowing for customers to start with basic
security monitoring services and expand as the business grows. Contracts are for
a minimum one-year term and are typically billed monthly as services are
performed.

Our professional services fees are calculated either on a fixed-fee basis
or an hourly rate per consultant based on the scope of the engagement, market
sector and geographical territory. Educational services are calculated on a
per-class basis.

CUSTOMERS

As of December 31, 2003, we had more than 11,000 business customers and
maintained operations in 22 countries. No customer accounted for more than 10%
of our consolidated revenues in 2001, 2002 or 2003. Target customers include
both public and private sector organizations, as well as consumers, that use
Internet protocol enabled information systems. Business customers represent a
broad spectrum of organizations within diverse sectors, including financial
services, technology, telecommunications, and government and information
technology services.

SALES AND MARKETING

Sales Organization

Our sales organization is divided regionally among the Americas, EMEA and
the Asia/Pacific regions. In the Americas, we market our products through a
combination of our direct sales organization and through various partners,
including system integrators, value-added resellers and distributors. The direct
sales organization for the Americas consists of regionally based sales
representatives and sales engineers, and a telesales organization located in
Atlanta. We maintain a number of domestic sales offices in various cities
throughout the United States and in Canada, Mexico and Brazil. As of December
31, 2003, we employed approximately 177 people in the Americas sales
organization. The regionally based direct sales representatives focus on
opportunities with large organizations, and frequently these opportunities are
worked in concert with one or more partners. Included as part of the sales
organization is a channel management group that drives incremental revenue
through selected channel partners and acts as the liaison between the direct
sales representatives and the channel partners.

In the EMEA and Asia/Pacific regions, most of our sales occur through
authorized resellers. Internationally we have established regional sales offices
in several countries in Europe as well as in Egypt, Japan, Australia and
Singapore. Personnel in these offices are responsible for market development,
including managing our relationships with resellers, assisting them in winning
and supporting key customer accounts, acting as a liaison between the end user
and our marketing and product development organizations and providing consulting
and training services. As of December 31, 2003, approximately 324 employees were

9

located in our EMEA and Asia/Pacific regional offices. We expect to continue to
expand our field organization into additional countries in these regions.

SecurePartner(TM) Program Channel Sales

A key element of our marketing strategy is to establish our products,
services and information security methodologies as the leading approach for
information protection and security management for the enterprise, service
provider and risk management markets. We have implemented a multi-faceted
program to leverage the use of corporate, product and service brands to increase
acceptance of our offerings through relationships with various distribution and
reseller channel partners. We typically enter into written agreements with
resellers, distributors, managed service providers, internet service providers,
large global consulting firms and OEMs. These agreements generally do not
provide for firm dollar commitments from the parties, but are intended to
establish the basis upon which the parties will work together to achieve
mutually beneficial objectives.

Distributors

To accommodate the large number of smaller resellers, a two-tier
distribution model has been established to ensure appropriate access to ISS
products and support. We provide direct, focused support to these distributors,
who in turn, support an extensive community of smaller resellers and
consultancies as well as provide products to our resellers.

Resellers

We maintain the resources to train and support security consultants,
systems integrators and product and service resellers who match our offerings
with their own complementary products and services. By reselling our solutions,
our resellers provide additional value for specific market and industry
segments, while maintaining our ongoing commitment to quality products and
customer satisfaction. There are three different levels of reseller
opportunities:

- Premier Partners. Premier Partners are typically security consultants,
value-added resellers (VARs) and systems integrators with focused
security practices. Many Premier Partners are experienced in the sales
and implementation of leading protection, authentication and encryption
technologies. Premier Partners must achieve the highest level of resales
to attain and maintain Premier Partner status. These partners leverage
their expertise with our vulnerability assessment and enterprise
protection products. Premier Partners receive direct distribution of our
products, sales and technical training, access to market development
funds, monthly regular SecurePartner email newsletters, other
partner-only communications, access to the ISS Partner Resource Center
Web site and a listing on our Partner Web pages.

- Authorized Partners. Authorized Partners generally consist of
organizations that provide security focused consulting and/or integration
services. Authorized Partners are also required to maintain a specified
level of resale, although at a more modest level than Premier Partners.
Authorized Partners typically purchase ISS products and services though
our distributors but can take advantage of a select number of the
benefits that Premier Partners enjoy.

- Corporate Resellers. Although we have numerous reseller partners,
certain of these relationships generate unique and significant leverage
for us in targeted markets. Our corporate resellers provide broad
awareness of our brands through enhanced marketing activity, access to
large sales forces and access to larger, more strategic customer
opportunities.

Alliance Partners

We work closely with leading global organizations to expand the breadth and
depth of their offerings to include product and service solutions from ISS.
These partners include managed service providers, internet service providers
consulting organizations, and OEMs. Most of these providers integrate and manage
one or

10

more our products as part of a larger service offering, or resell our Managed
Security Services as an extension of its core offerings.

Original Equipment Manufacturers

Agreements with OEMs enable them to incorporate our products into their own
product offerings to enhance their security features and functionality. We
receive royalties or other consideration from OEM vendors and increased
acceptance of our products under these arrangements, which, in turn, are
intended to promote sales of our other products to the OEM's customers.

Marketing Programs

We conduct a number of marketing programs to support the sale and
distribution of our products and services. These programs are designed to inform
existing and potential end-user customers and resellers about the capabilities
and benefits of our products and services. Marketing activities include: Public
relations, industry analyst relations and education; publication of technical
and educational articles in both print and online media, through our white
papers, and through our own print and online newsletters and/or magazines;
direct mail and email; participation in industry tradeshows; product/technology
conferences, seminars, and web casts; competitive analysis; sales training;
advertising and development and distribution of marketing literature; and
maintenance of our Web site.

COMPETITION

The market for network security monitoring, detection, prevention and
response solutions is intensely competitive, and we expect competition to
increase in the future. We believe that the principal competitive factors
affecting the market for information security include security effectiveness,
manageability, technical features, performance, ease of use, price, scope of
product offerings, professional services capabilities, distribution
relationships and customer service and support. Although we believe that our
solutions generally compete favorably with respect to such factors, we cannot
guarantee that we will compete successfully against current or potential
competitors, especially those with significantly greater financial resources or
brand name recognition.

INTELLECTUAL PROPERTY

We rely primarily on copyright, trademark, patent and trade secret laws,
confidentiality procedures and contractual provisions to protect our
intellectual property and other proprietary rights. We have obtained one United
States patent, one Taiwanese patent and have a number of patent applications
pending in the United States and certain foreign jurisdictions. We believe that
the technological and creative skills of our personnel, new product
developments, frequent product enhancements, our name recognition, our
professional services capabilities and delivery of reliable product maintenance
are essential to establishing and maintaining a technology leadership position.
We cannot assure you that our competitors will not develop technologies that are
similar to ours. We generally license our software products to end users in
object code (machine-readable) format. Some of our customers have required us to
maintain a source-code escrow account with a third-party software escrow agent,
and a failure by us to perform our obligations under any of the related license
and maintenance agreements, or our insolvency, could result in the release of
our product source code to such customers. The standard form license agreement
for our software products allows the end user to use our products solely on the
end user's computer equipment for the end user's internal purposes, and the end
user is generally prohibited from sublicensing or transferring the products.

Despite our efforts to protect our intellectual property, unauthorized
parties may attempt to copy aspects of our products or to obtain and use
information that we regard as proprietary. Policing unauthorized use of our
products is difficult. While we cannot determine the extent to which piracy of
our software products occurs, we expect software piracy to be a persistent
problem. In addition, the laws of some foreign countries do not protect our
proprietary rights to as great an extent as do the laws of the United States and
many foreign countries do not enforce these laws as diligently as U.S.
government agencies and private parties. See "Management's Discussion and
Analysis of Financial Condition and Results of Operations -- Risk Factors."

11

EMPLOYEES

As of December 31, 2003, we had 1,148 employees, of whom 275 were engaged
in product research and development, 320 were engaged in sales and marketing,
266 were engaged in customer service and support, 98 were engaged in
professional services, and 189 were engaged in administrative functions. We
believe that we have good relations with our employees.

ITEM 2. PROPERTIES

We currently lease three buildings totaling approximately 302,000 square
feet in Atlanta, Georgia for our headquarters and research and development
facility. The lease on these three buildings expires in May 2013.

We lease additional office space in Chicago, Illinois; Mountain View,
California; Southfield, Michigan; New York, New York; Paramus, New Jersey and
Washington, D.C., as well as small executive suites in a number of United States
cities. In addition, we lease office space in Sao Paulo and Rio, Brazil;
Brussels, Belgium; London, England; Paris, France; Stuttgart, Germany;
Stockholm, Sweden; Milan, Rome and Padova, Italy; Madrid, Spain; Zurich,
Switzerland; Amsterdam, Netherlands; Warsaw, Poland; Cairo, Egypt; Manila,
Philippines; Seoul, Korea; Brisbane, Australia; Singapore; Osaka and Tokyo,
Japan.

We believe that our existing facilities are adequate for our current needs
and that additional space will be available as needed.

ITEM 3. LEGAL PROCEEDINGS

The Company and certain of its officers and directors were named as
defendants in a consolidated amended complaint that was filed in the United
States District Court for the Northern District of Georgia on October 9, 2002.
The lawsuit purports to be brought on behalf of a class of investors who
purchased the Company's stock during the period from April 5, 2001 through
August 14, 2001 (the "Class Period"). The lawsuit alleges violations of the
federal securities laws, including Sections 10(b) and 20(a) of the Securities
Exchange Act of 1934, as amended, and Rule 10b-5 thereunder. The complaint
generally alleges that the Company and the individual defendants violated the
anti-fraud provisions of the federal securities laws and caused the Company's
stock to trade at artificially high prices by making misrepresentations relating
to the Company's financial condition and prospects during the Class Period. The
complaint seeks damages in an unspecified amount. On September 3, 2003, the
court dismissed the consolidated amended complaint. The plaintiffs have moved
the court to reconsider its dismissal order and to grant them leave to amend
their complaint. The Company and the individual defendants have opposed those
motions. The court has not yet ruled. The Company believes that the court's
order dismissing the action was appropriate and further that the Company has
meritorious defenses and intends to continue defending the action vigorously.

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

No matter was submitted to a vote of our stockholders during the fourth
quarter of 2003.

12

PART II

ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS

Our Common Stock is quoted on the NASDAQ National Market under the symbol
"ISSX". The following table lists the high and low per share sales prices for
the Common Stock as reported by the NASDAQ National Market for the periods
indicated:

As of February 27, 2004, there were 50,199,839 shares of our Common Stock
outstanding held by 255 stockholders of record.

We have never declared nor paid cash dividends on our capital stock. We
intend to retain any earnings for use in our business and do not anticipate
paying any cash dividends in the foreseeable future. Our Board of Directors will
determine future dividends, if any.

On October 29, 2003, ISS announced a voluntary option exchange program
intended to reduce the number of outstanding options. Stock options with
exercise prices exceeding $30 per share were eligible. Our directors and five
most senior executive officers, including the chief executive officer, are not
eligible to participate in the program. Approximately 783,000 of the 1,343,000
eligible option shares with exercise prices between $30 and $83 per share have
elected to participate in the program. New options will be issued at the rate of
2.5 old option shares for each new option share. The exercise price per share
for new options will be priced at the Nasdaq National Market closing price six
months and a day after the cancellation of old options, which is currently
expected to be May 27, 2004. This transaction is exempt from registration under
Section 3(a)(9) of the Securities Act of 1933.

13

ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA

The financial data set forth below for each of the three years in the
period ended December 31, 2003 and as of December 31, 2003 and 2002 has been
derived from the audited consolidated financial statements appearing elsewhere
in this Annual Report on Form 10-K. The financial data for the years ended
December 31, 1999 and 2000 and as of December 31, 1999, 2000 and 2001 has been
derived from audited financial statements not included herein. This data should
be read in conjunction with the consolidated financial statements and notes
thereto, and with Item 7, "Management's Discussion and Analysis of Financial
Condition and Results of Operations".

14

ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS
OF OPERATIONS

The following Management's Discussion and Analysis of Financial Condition
and Results of Operations should be read in conjunction with the Consolidated
Financial Statements and related Notes thereto included elsewhere in this Form
10-K. Except for the historical financial information, many of the matters
discussed in this Item 7 may be considered "forward-looking" statements. Such
forward-looking statements are not guarantees of future performance and involve
a number of risks and uncertainties. Many of the risks and uncertainties are
described below under the caption "Risk Factors".

OVERVIEW

We are focused on protecting gateways, networks, servers and desktops
against an ever-changing spectrum of threats, with a comprehensive line of
products and services designed specifically for the enterprise, service
provider, risk management, small business and consumer markets. These threat
protection solutions go beyond basic access control to deliver multiple layers
of defense that detect, prevent and respond to threats prior to those threats
causing damage to our customers' business operations.

Our family of products is a critical element of an active Internet and
networking security program within today's world of global connectivity,
enabling organizations to proactively monitor, detect and respond to risks to
enterprise information. Prior to 2003, our products were exclusively software,
providing intrusion detection and vulnerability assessment solutions. In 2003,
we began to sell a new line of products called Proventia, which includes an
appliance pre-loaded and configured with our network-based software solutions
for intrusion detection and in-line intrusion prevention. Initial customer
response has been positive, with this line representing 45% of product and
license sale revenues for the fourth quarter of 2003. We believe this new
product line is critical to growing our product sales and the ongoing
subscription revenues associated with such sales.

In the fourth quarter of 2003, our product offering expanded to further
include a multi-function Proventia appliance that includes, in addition to
intrusion protection, firewall, virtual private network, and anti-virus
protection. We expect the addition of content filtering and anti-spam to this
product line in the first half of 2004. We believe this expanded product
offering significantly increases our market opportunity as well as our risk from
broader competition. While there were some sales of this product in 2003, our
expectations for future revenue growth are dependent on successfully penetrating
both our existing intrusion protection market and new network security markets
with this multi-function appliance.

Our managed services offerings currently provide remote management of our
best-of-breed security technology, focusing on security assessment and intrusion
detection systems, and include firewalls, VPNs, anti-virus and URL filtering
software. We focus on serving as the trusted security provider to our customers
by maintaining within our existing products the latest counter-measures to
security risks, creating new innovative products based on our customers' needs
and providing professional and managed services. In an effort to create
differentiation, we emphasize the management of our own products, which has
allowed us to announce a new offering in early 2004 called managed protection
services. We expect this new service to provide guaranteed protection to
customers who meet the requirements of the program. The program provides for a
fixed cash payment if the protection system is compromised by an exploit for
which protection is guaranteed.

Many factors will affect our future financial performance, especially our
ability to differentiate our offerings from competitors that include much larger
companies with greater marketing capabilities, financial resources and brand
recognition. In order to continue to create such differentiation, we expect to
continue to expand our domestic and international sales and marketing
operations, seek acquisition candidates and alliances with partners whose
products, technologies or services capabilities are complementary to our
solutions; and improve our internal operating and financial infrastructure in
support of our strategic goals and objectives. At the same time, we expect to
adjust our organization size in light of changing economic conditions and
maintain emphasis on controlling discretionary spending and capital
expenditures. While we believe in the long-term success of our business
solutions, our prospects must be considered in light of the

15

recent experience, risks and difficulties that are frequently encountered by
companies serving rapidly evolving markets. See "Risk Factors".

CRITICAL ACCOUNTING POLICIES

The consolidated financial statements were prepared in conformity with
accounting principles generally accepted in the United States. As such,
management is required to make certain estimates, judgments and assumptions it
believes are reasonable based upon the information available. These estimates
and assumptions affect the reported amounts of assets and liabilities at the
date of the financial statements and the reported amounts of revenues and
expenses during the periods presented. The significant accounting policies which
management believes are the most critical to aid in fully understanding and
evaluating our reported financial results include the following:

Revenue recognition

We recognize software license revenue under Statement of Position ("SOP")
97-2, Software Revenue Recognition, as modified by SOP 98-9, Software Revenue
Recognition with Respect to Certain Transactions, when the following criteria
have been met:

- persuasive evidence of an arrangement exists;

- delivery has occurred or services have been rendered;

- price is fixed or determinable; and

- collection is probable.

Product licenses and sales include revenue from sales of perpetual software
licenses and products. We recognize perpetual software license revenues upon (1)
delivery of software or, if the customer has evaluation software, delivery of
the software key and (2) issuance of the related license, assuming that no
significant vendor obligations or customer acceptance rights exist. Where
payment terms are extended over periods greater than 12 months, revenue is
recognized as such amounts become due and payable. Product sales consist
primarily of appliances sold in conjunction with ISS licensed software. These
sales are recognized upon shipment to the customer provided all other revenue
recognition criteria are met.

Sales of enterprise products are generated both through direct sales to
end-users as well as through various partners, including system integrators,
value-added resellers and distributors. License revenue is recognized when the
sale has occurred for an identified end user through electronic delivery of a
software key that is necessary to operate the product, provided all other
revenue recognition criteria are met. At the point of delivery, the end-user has
no right of return.

Subscription revenues include product support and content updates, term
licenses, and managed service arrangements. Renewable product support and
content updates are separate components of software licenses and appliances
sold. Term licenses allow customers to use our products and receive product
support coverage and content updates for a specified period, generally 12
months. We generally invoice for product support, content updates and term
licenses at the beginning of the term and recognize revenue ratably over the
subscription term. Security monitoring and management services for information
assets and systems are part of managed services and associated revenues are
recognized and billed as such services are provided.

Historically, our appliance and software sales have been accounted for
primarily as revenue at the time of sale, with product support and content
updates generally representing between 20% and 30% of the license or product
amount. With the introduction of the multi-function appliance, we expect to
significantly alter this ratio, as the majority of the initial price paid by the
customer will be for content provided for a specified term. This will result in
the subscription component being recorded initially in deferred revenues and
recognized over the term as subscription revenue.

Professional services revenues include fee-based service engagements and
training. Service engagements are typically billed on either a fixed fee or
time-and-materials basis and focus primarily on security

16

assessments of customer networks and the development of customers' security
policies. These offerings are intended to support our goal of providing products
and managed services. We prefer to have our partners provide these services
where practical. We recognize such professional services revenues as the related
services are rendered.

Multiple element arrangements can include any combination of our products
or services listed above. When some elements are delivered prior to others in an
arrangement, all revenue is deferred until the delivery of the last element
unless all of the following exist:

- vendor specific objective evidence (VSOE) of fair value of the
undelivered elements;

- the functionality of the delivered elements is not dependent on the
undelivered elements; and

- delivery of the delivered elements represents the culmination of the
earnings process.

When these criteria have been met, we allocate revenue to the delivered
software product using the residual method. Under the residual method, we
allocate discounts inherent in the arrangement entirely to the product that is
initially delivered and recognize the other elements as they are delivered based
on the vendor specific objective evidence, which is typically determined by the
company selling those elements separately.

Our historical rate of product returns by customers of our software
products is negligible. We do not have sufficient experience with our
newly-introduced Proventia appliance products to make a meaningful estimate of
product return rates for these products. We offer evaluation software available
via download from our website and evaluation units for appliance-based products
that allow potential customers to see the functionality of the products on their
own networks. We did not have any transactions in 2001, 2002 or 2003 involving
reciprocal arrangements where goods or services were purchased from an
organization at the same time that we licensed software or provided services to
that organization.

Allowance for doubtful accounts

Our sales are global, with customers located in the United States, Europe,
Latin America and Asia/Pacific regions. We perform periodic credit evaluations
of our customer's financial condition and do not require collateral. We provide
for estimated credit losses as such losses become probable. We evaluate specific
accounts when we become aware of a situation where a customer may not be able to
meet its financial obligations due to deterioration of its liquidity or
financial viability, credit ratings or bankruptcy. The allowance for doubtful
accounts is established based on the best facts available to us and is
reevaluated and adjusted as additional information is received. At December 31,
2003, the allowance for doubtful accounts totaled $2.8 million, or 4.0% of the
$69.4 million of total trade receivables. This 4.0% allowance percentage of
receivables reflects our practice to leave accounts on our general ledger and
provide reserves pending final resolution of collectibility rather than
write-off such accounts.

Our bad debt expense for the year ended December 31, 2003 amounted to $1.1
million. This was a decrease from $1.6 million in 2001 and $2.1 million in 2002.
The economic conditions in the Asia/Pacific region, especially in Korea and
China, increased our bad debt expense in 2002 by $1.0 million based on an
internal evaluation of the outstanding receivables in this region. During 2002,
we also decreased the provision by $400,000 for allowances specifically
established in prior years for two customers that were successfully collected in
2002. The lower provision for 2003 is directly attributable to the absence of
any significant new identified exposures. We continued to monitor the Asia
situation identified in 2002. In January 2004, a new distributor for China
assumed the rights and the obligations of the distribution agreement for ISS
products from the old distributor. In connection with this agreement, we
modified the new distributor's obligations, which resulted in an additional
$200,000 of bad debt expense recorded in the fourth quarter of 2003 and the
write-off of $1.1 million against the allowance account. We have a firm
repayment schedule with the new distributor, a public company with a liquid
balance sheet, and expect that the outstanding balance of $2.4 million at
January 31, 2004 is collectible.

While actual credit losses have historically been within management's
expectations and the provisions established, we cannot guarantee that we will
continue to experience the same credit loss rates we have in the

17

past. If the financial condition of our customers were to deteriorate, resulting
in an impairment of their ability to make payments, additional allowances may be
required.

Impairment of goodwill and Other Acquisition-related Intangibles

We review goodwill for impairment on an annual basis or on an interim basis
whenever events or changes in circumstances indicate that the carrying amount of
an asset may not be recoverable. All other long-lived and intangible assets are
reviewed for impairment whenever events or circumstances indicate that the
carrying amount of an asset may not be recoverable. Such impairment loss would
be measured as the difference between the carrying amount of the asset and its
fair value based on the present value of estimated future cash flows.
Significant judgment is required in the forecasting of future operating results,
which are used in the preparation of projected cash flows. Due to uncertain
market conditions and potential changes in our strategy and products, it is
possible that forecasts used to support our intangible assets may change in the
future which could result in significant non-cash charges that would adversely
affect our results of operations.

We currently have goodwill and other acquisition related intangibles of
approximately $211 million, with $195 million of goodwill related to our June
2001 acquisition of Network ICE. The determination of whether or not goodwill is
impaired involves significant judgments based upon short and long-term
projections of future performance. We have concluded that this amount is
realizable based on forecasted discounted cash flows through 2007 and on our
stock market valuation. Neither method indicated that our goodwill had been
impaired and, as a result, we did not record any impairment losses related to
goodwill during the year ended December 31, 2003. Other intangibles of
approximately $10 million are principally software form the Network ICE
acquisition that is a primary component in most of our current product
offerings.

ACQUISITIONS

We believe that our total solutions approach will positively impact all of
our revenue categories. This includes our products and managed services
offerings, as well as product support, professional services and training. While
we expect the expansion of these product and service offerings to originate
primarily from internal development, our strategy includes acquiring products,
technologies and service capabilities that fit within our strategy and could
potentially accelerate the timing of the commercial introduction of such
products and technologies.

In January 2004, we acquired Cobion, AG ("Cobion"), a privately held
company based in Kassel, Germany. Cobion provides content filtering and
anti-spam technology that protects individuals and enterprises against unwanted
Web content, spam, misuse of information and lost productivity. The purchase
price was approximately $33 million in cash plus the direct costs of
acquisition. We intend to continue to sell the Cobion product on a stand-alone
basis as well as include the technology in our multi-function Proventia
appliance in 2004.

In October 2002, we completed the acquisition of privately held vCIS, Inc.
("vCIS") of Santa Clara, California, a developer of patent-pending,
next-generation, pre-emptive behavioral inspection technology. The technology
prevents malicious code from executing and causing damage before it has an
opportunity to interact with the enterprise network. The aggregate purchase
price was $19.6 million and was primarily allocated to in-process research and
development. In-process research and development had not yet reached
technological feasibility and was required to be expensed at the time of
acquisition under generally accepted accounting principles ("GAAP"). As a
result, we incurred an expense of $18.5 million in the fourth quarter of 2002.
Of the remaining purchase price, $1.2 million was allocated to the assembled
workforce, which is being amortized over three years, $200,000 was allocated to
net tangible assets, principally fixed assets, and $300,000 of liabilities were
assumed. In the fourth quarter of 2003 we committed to a plan to close the
research and development facility in Sydney, Australia, transferred knowledge of
the product to our Atlanta-based personnel, and wrote off the remaining
approximately $700,000 of the intangible asset related to the vCIS workforce.

In August 2002, Internet Security Systems KK ("ISS KK"), our Asia-Pacific
subsidiary, acquired a distributor in Singapore, TriSecurity Holdings Pte Ltd.
("TriSecurity"). TriSecurity was the sole distributor

18

for ISS KK in Southeast Asia, including India, and its business was almost
exclusively focused on ISS solutions. This acquisition provides our Asia-Pacific
subsidiary direct support capabilities for their customers in Southeast Asia and
allows ISS KK to expand its capabilities in this growing market. The
consideration consisted of 1,000 shares of ISS KK stock and approximately $1.2
million of cash. Goodwill of approximately $4.0 million related to the purchase
was recorded. During the first quarter of 2003, ISS KK amended the agreement and
agreed to make payment of 245 shares of ISS KK in each of the first quarters of
2004 and 2005, relating to annual contingent consideration payments defined in
the 2002 purchase agreement. The additional consideration of $626,000, based on
current fair market value of the shares, was recorded as additional goodwill and
additional paid-in-capital at such time. When such shares are actually issued, a
gain or loss will be recognized to the extent of any difference between the
$626,000 fair value of the shares to be issued and the book value of those
shares.

In June 2001, we acquired Network ICE Corporation ("Network ICE"), a
privately-held corporation based in San Mateo, California. Network ICE was a
leading developer of desktop intrusion protection technology and highly scalable
security management systems. The merger was accounted for as a purchase and,
accordingly, the operating results of Network ICE are included in the
consolidated financial statements of ISS from the date of acquisition.
Substantially all of the aggregate purchase price of $237.6 million was
allocated to goodwill, with the remainder allocated to identified intangibles,
including in-process research and development, developed technology, customer
relationships, and to deferred compensation related to stock options assumed.

RESULTS OF OPERATIONS

The following table sets forth our consolidated historical operating
information, as a percentage of total revenues, for the periods indicated:

19

REVENUES

Product licenses and sales

Product licenses and sales, including perpetual licenses and sales of
partner software and hardware appliances, reflect a decreasing trend for the
last three years. They also continue to be a decreasing source of revenue
generation at 55% of total revenues in 2001, 50% in 2002 and 44% in 2003 as
subscription revenues grew significantly. We believe that the general economic
slowdown in information technology spending contributed to the decrease in
product licenses and sales as well as the cost and complexity of deploying and
managing software based solutions for networks.

In the second quarter of 2003, we began to ship our first Proventia network
protection appliance (the Proventia A Series Appliance) which provides intrusion
detection capabilities to customers. The Proventia family of appliances
collectively provides unified, multi-function protection capabilities designed
to identify and prevent many forms of attack with minimal user intervention.
They are designed to operate in demanding network environments while being easy
to deploy, easy to use and centrally managed, all in an effort to make our
solution more cost-effective. Revenues from our Proventia appliance line
represented 10% of total revenues for the year ended December 31, 2003. In the
fourth quarter of 2003, we introduced and shipped our in-line intrusion
protection Proventia appliance (the Proventia G Series Appliance) and the
multi-function appliance (the Proventia M Series Appliance) that initially
includes firewall, virtual private network anti-virus and intrusion protection
capabilities. In the fourth quarter, Proventia represented 45% of our product
and license revenues, which produced a reversal in the quarterly trend of
reduced product and license revenues. Our future growth is dependent on a
continuation of the positive market response to our Proventia family of
products. In 2004, we expect to extend Proventia to our server and desktop
solutions that will continue to be delivered as software offerings. This
expected growth is critical as it represents not only product and license
revenues, but also subscription revenues from product support and content.

Our present product roadmap focuses our development on product offerings
and enhancements that will continue to improve central control and
manageability, easier deployment and more refined information and broader
Proventia appliance offerings. We expect that this focus will make our products
more cost effective to implement and maintain and will increase the future level
of product licenses and sales.

Subscriptions

Subscriptions revenue represented 30% of total revenues in 2001, 38% of
total revenues in 2002 and 46% in 2003. Subscription revenues consist of product
support and content updates, term licenses of products and security-monitoring
fees for managed services offerings. The increase in subscriptions revenue as a
percentage of total revenues was primarily due to an increase in product content
and support revenues, the largest component, which grew from 20% of total
revenues in 2001 to 27% in 2002 and to 31% in 2003. Product content and support
includes hardware support of our Proventia appliances, software updates,
technical support and security content that includes advisory updates from
X-Force, our internal team of security experts. We continue to increase our
software client base that generates product content and support revenues,
through a combination of contracts associated with new product licenses and
renewal of existing contracts.

Managed services revenues accounted for 11% of total revenues in the year
2003, as compared with 8% in the year 2002 and 6% in the year 2001. We believe
these increases were due to a strong demand in the market for proven,
financially sound, managed security service providers. We are marketing managed
services both directly to end users and through partners, including a number of
new arrangements with integrators and service providers that include managed
services as a part of their service offerings to their customers. We also expect
sales of managed services to continue to increase as a percentage of total
revenues over time as we focus our efforts on marketing new, innovative
offerings, such as our Managed Protection Services, to new and existing
customers. Managed Protection Services is a premium service combining
vulnerability assessment, managed protection and other professional services.

20

Professional services

Professional services revenue decreased both in absolute dollars and as a
percentage of total revenue from 15% in 2001 to 12% in 2002 and to 10% in 2003.
During 2001 we began narrowing our consulting offerings to focus on services
that directly contribute to our protection platform strategy. This strategy
continued in 2002 as we focused on high-value offerings that utilize our X-Force
expertise, and chose to use partners to provide deployment and other offerings
where appropriate. In 2003, we believe that entities continued to curtail costs
and limit spending of discretionary dollars on professional services in current
economic times, which resulted in flat to lower levels of demand for these
services. In addition, we continued the strategy that promotes professional
services through our systems integrator and channel partner relationships.

Although we continue to offer training classes at our Atlanta headquarters
and customers' premises, our primary focus is to deliver course materials to our
customers through authorized training centers.

Geographic regions

Geographically, we derived the majority of our revenues from sales to
customers within the Americas region. Revenues by region represented the
following percentages of total revenues:

Revenues in EMEA benefited from volume growth combined with a strengthening
currency throughout 2003, since products are primarily sold in the Euro
currency. Asia/Pacific remained consistent with 2002, decreasing minimally, we
believe, because of difficult economic conditions in portions of the region in
2003. The financial data for each segment can be found in Note 11 to the
Consolidated Financial Statements.

COSTS AND EXPENSES

Personnel

Personnel and related costs represent our largest expense category. Our
headcount has fluctuated between approximately 1,150 and 1,250 over the last 3
years as we acquired and integrated acquisitions and continually refined our
business targets in light of difficult economic conditions during these years.

Cost of product licenses and sales

Cost of product licenses and sales consists of several components. Costs
associated with licensing our software products are minor. The substantial
portion of our cost of product licenses and sales represents the hardware cost
of our Proventia appliances and payments to partners for their products that we
sell or integrate with our managed service offerings. This cost, as a percentage
of product licenses and sales, decreased from 11% in 2001 to 6% in 2002 and
increased to 9% in 2003. The decrease from 2001 to 2002 was a result of a
movement away from the direct sales of third-party products that had been a more
significant part of our revenues as a result of a 1999 acquisition. The increase
from 2002 to 2003 was connected with the introduction of the Proventia appliance
line in the second quarter of 2003 and we expect the increase in cost of product
licenses and sales to continue to increase in future periods as sales of the
Proventia appliances increase and become a larger component of our product
licenses and sales.

Cost of subscriptions and professional services

Cost of subscriptions and professional services includes the cost of our
technical support personnel who provide assistance to customers under product
support agreements, the security operations center ("SOC") costs of providing
managed security monitoring services and the costs related to our professional
services and training. These costs increased modestly from $50.7 million in 2001
to $51.1 million in 2002 followed by a

21

decrease to $48.7 million in 2003. As a percentage of subscription and
professional services revenues, the costs decreased from 50% in 2001 to 42% in
2002 and 35% in 2003.

Costs associated with our technical support personnel and our security
operations centers increased in 2002 and 2003 as we added personnel to handle
additional customers. We gained efficiencies in our security operations centers
and restructured our support groups to be more productive so personnel increased
at a much lower rate than revenue growth, contributing to the decrease in those
costs as a percentage of total revenues. While we continue to seek increased
productivity, we do expect to increase costs with a continued increase in
revenues in the future.

Offsetting this increase of costs associated with our technical support
personnel and our security operations centers was a decrease in costs associated
with our professional services and education services. Cost decreases
accompanied the decrease in revenues that occurred through a continued narrowing
of our consulting offerings to focus on services that directly contribute to our
protection platform strategy, the outsourcing of educational training outside of
Atlanta to authorized partners, and a decrease in the number of training classes
related to third-party products.

Research and development

Research and development expenses consist of salary and related costs of
research and development personnel, including costs for employee benefits, and
depreciation on computer equipment. These costs include those associated with
maintaining and expanding the X-Force, our internal team of security experts. We
believe our primary research and product development and managed service
offerings are important to retaining our leadership position in the market.

We continue to add functionality to our product family, providing gateway,
network, server and desktop-based solutions, as well as to our security
management applications. These improvements as well as new offerings are
intended to provide our customers with more powerful and easier-to-use solutions
for security management across the enterprise. Included among new releases and
major enhancements in 2003 were:

- Proventia A Series models (A201, A604 and A1204) -- network threat
detection appliance for aggregate network bandwidth from 200 Mbps to 1200
Mbps on 1 to 4 network segments.

- Proventia G Series models (G100 and G200) -- network threat protection
appliance for aggregate network bandwidth from 100 Mbps to 200 Mbps on a
particular network segment.

- Proventia M Series model (M50) -- unified firewall, VPN, anti-virus, and
intrusion detection and prevention in one appliance, under one management
system, to protect at the network and the gateway.

- RealSecure Server Sensor 7.0 -- assesses host security to detect and
report system security weaknesses, and provides intrusion prevention and
response.

- RealSecure(R) Desktop 7.0 -- provides protection against malicious
activity by analyzing application and network (including VPN) behavior on
desktops.

- RealSecure Internet Scanner 7.0 -- added improved accuracy and new
ease-of-use features to our network assessment solution.

- RealSecure SiteProtector 2.0 -- unifies the management of protection
across networks, servers and desktops to increase customers' ability to
effectively detect, prevent and respond to today's ever-changing spectrum
of threats.

Research and development expenses were $35.4 million in 2001, $35.3 million
in 2002 and $41.8 million in 2003. These costs fluctuated as a percentage of
total revenues from 16% in 2001 to 15% in 2002 and 17% in 2003.

In 2002 we continued to provide new product offerings and enhancements
without an increase in research and development expenses. Our development group
headcount increased in the fourth quarter of 2002 due to

22

the addition of 20 engineers from the vCIS acquisition. The increase in 2003 in
both absolute dollars and percentage of revenues is due to the increase in the
number of our development personnel focused on our Proventia offerings.

Throughout 2003, we also reorganized and consolidated our efforts for
security content, protection agent frameworks, management infrastructure and
multifunction appliance delivery to enhance operational and development
efficiency. This resulted in closing our engineering operations in Reading, U.K.
and Sydney, Australia in the fourth quarter of 2003. The Reading office was
closed November 30, 2003 and all costs associated with the closing of this
facility were charged to expense in 2003. The Sydney office will remain open
through the first half of 2004, with a small number of key employees. The costs
of severance associated with all terminated employees from the Sydney office
were expensed in 2003. The normal operating costs of keeping the office open
into 2004 will be expensed as incurred. These exit costs, which totaled $1.5
million, increased research and development expenses by 1% of total revenues in
2003 to 16%.

While we are committed to continue our investment in X-Force research and
development capabilities, which we believe distinguishes ISS from its
competitors, we intend to seek leverage in future periods in the research and
development area while enhancing current technologies and developing new
technologies.

Sales and marketing

Sales and marketing expenses consist of salaries, travel expenses,
commissions, advertising, maintenance of our website, trade show expenses, costs
of recruiting sales and marketing personnel and costs of marketing materials.
Sales and marketing expenses were $92.0 million in 2001, $93.7 million in 2002
and $87.5 million in 2003.

Gaining leverage in sales and marketing was a key objective for us in 2002,
and we were able to decrease these expenses as a percentage of total revenues
from 41% in 2001 to 39% in 2002. This occurred largely because we resized our
operations globally in the third quarter of 2001, resulting in personnel
reductions and decreases in various operating expenses, followed by further
reduction in the third quarter of 2002 in areas such as Latin America and Europe
where revenue demand did not support our cost base. Marketing costs increased in
2002 as we launched our first television and print advertising campaign designed
to demonstrate the multitude of threats that can compromise the security of a
company's networks, servers or desktops. This campaign was aimed at increasing
awareness of the ISS brand, especially at the mainstream business market.

In 2003, sales and marketing expenses decreased in both absolute dollars to
$87.5 million and as a percentage of total revenue to 36%. These decreases
occurred as a result of a full year impact of 2002 sales headcount reductions as
well as selective decreases during 2003. Additionally, we incurred lower
commissions due to the decrease in total product license and sales revenues.
Finally, marketing costs were at a lower level, as we did not continue our
television and print advertising campaign in 2003.

We expect to continue to achieve leverage in our sales efforts by focusing
our direct touch sales force on large customers that are served either directly
by us or through large systems integrators. This channel, which includes systems
integrators, value-added resellers and distributors, will continue to be of
increasing importance to us. We intend to use its capabilities to reach larger
customers through joint selling efforts and to reach departmental and small
companies, especially for our Proventia multi-function appliance, which we
believe has much more appeal to these companies.

General and administrative

General and administrative expenses of $20.4 million in 2001, $24.3 million
in 2002 and $22.7 million in 2003, represented approximately 9% of our total
revenues in 2001, 10% in 2002 and 9% in 2003. General and administrative
expenses consist of personnel-related costs for executive, administrative,
finance and human resources, internal information systems and other support
services costs, and legal, accounting and other professional service fees.

The increase in general and administrative expenses from 2001 to 2002
includes non-recurring expenses associated with a relocation of our Asia/Pacific
headquarters in Tokyo during the second quarter of 2002.

23

Costs included lease termination costs, including remaining rent payments,
write-off of leasehold improvements and moving costs. These costs increased
general and administrative expenses by 1% of total revenues in 2002.

Charge for in-process research and development

We have reflected charges of $2.9 million in 2001 and $18.5 million in 2002
for the write-offs of in-process research and development costs associated with
the Network ICE acquisition in June 2001 and the vCIS acquisition in October
2002. In-process research and development had not reached technological
feasibility based on identifiable technological risk factors which indicated
that even though successful completion was expected, it was not assured at the
acquisition date and was immediately charged to operations.

vCIS was developing a protection kernel that uses behavior analysis
technology to identify viruses, Trojans, worms, and other forms of malicious
code. The technology operates on behavior of malicious code rather than on
individual signatures of malicious code. It conducts real time assessments of
all executable program files, in a safe environment, and cleans the files before
they are allowed to execute within an actual system. At the time the merger
transaction was concluded, the vCIS technology had not reached technological
feasibility, vCIS had no marketable product and vCIS had not identified any
alternative uses for the technology at its current stage of development. We
continue to work on the development of the product and had not used this
technology in our product line as of the end of 2003.

Amortization

We incurred amortization expense related to intangible assets and
stock-based compensation of $5.2 million in 2001, $5.7 million in 2002 and $6.0
million in 2003. These intangible assets and stock-based compensation resulted
from acquisitions accounted for under the purchase method of accounting and are
amortized over their useful lives. Due to the closing of our Reading, UK and
Sydney, Australia research and development facilities in late 2003, the expense
in 2003 includes a $738,000 charge related to our workforce reductions at these
facilities.

Interest income

Net interest income decreased from $6.3 million in 2001 to $3.2 million in
2002 and to $2.7 million in 2003. The decrease in interest income year over year
resulted from lower market rates of interest on debt securities. The market rate
of interest paid on investment-grade commercial paper and similar investments
dropped from approximately 4.5% during 2001 to approximately 2% during 2002 and
dropped to approximately 1% for 2003. As a result, interest income decreased
despite an increase in cash and cash equivalents and interest-bearing marketable
securities.

Other income (expense), net

Other income and expense is primarily the result of issuance of stock in
subsidiary companies and the results of investment in and the acquisition of
distributors. In accordance with Staff Accounting Bulletin No. 51 ("SAB 51"), we
have recorded gains when shares in our Japanese subsidiary have been issued in
connection with its 2001 initial public offering, a 2002 acquisition of a
Singapore-based distributor and option exercises in 2002 and 2003. Additionally,
our Japan subsidiary took a minority position in a number of private companies,
which ultimately produced a $1.9 million realized gain in 2002, and a $2.2
million impairment loss in 2003. At December 31, 2003, our Japan subsidiary has
only one remaining investment for $700,000, which is carried at cost and has
been deemed to not be impaired.

Provision for income taxes

We recorded a provision for income taxes of $12.5 million in 2001, $13.1
million in 2002, and $11.2 million in 2003. While income tax expense was
recorded on domestic income for each year, taxes payable were reduced by
deductions related to the value of employee exercise of stock options. The tax
benefit

24

for the use of these stock option deductions was recorded as additional paid-in
capital. Taxes paid generally relate to foreign operations.

As of December 31, 2003, we had net operating loss carryforwards of
approximately $21.8 million related to stock option deductions that expire in
varying amounts between 2011 and 2021. The tax benefit for this carryforward
will be recorded as additional paid-in-capital when it is realized. We also have
approximately $7.7 million of research and development tax credit carryforwards,
which expire between 2011 and 2023 and foreign tax credit carryforwards of $2.8
million that expire between 2006 and 2008.

LIQUIDITY AND CAPITAL RESOURCES

Our financial position remained strong throughout 2003. Our cash and cash
equivalents and marketable security investments increased from $202.3 million at
December 31, 2002 to $238.2 million at December 31, 2003. Our investments in
marketable securities consist solely of high rated debt obligations with
maturities of 12 months or less.

During 2003, we met our working capital needs and capital equipment needs
with cash provided by operations. Cash provided by operations in 2003 totaled
$48.7 million compared to $48.9 million in 2002 and $39.4 million in 2001.
Accounts receivable, net of acquisitions, increased $9.9 million in 2003
compared to an increase of $5.2 million in 2002 and a decrease of $9.3 million
in 2001. These changes were primarily the result of changes in sales levels in
the fourth quarter of the respective periods, increasing from 2001 to 2002 and
from 2002 to 2003. We measure our accounts receivable management by our daily
sales outstanding. This is a measurement of accounts receivable divided by
billings in the quarter, represented by the sum of revenues plus the change in
the deferred revenues liability account balance. This measurement was 78, 77 and
81 days at December 31, 2001, 2002 and 2003, respectively, each within our
publicly stated target range of 75 to 85 days.

Our investing activities of $4.8 million in 2003 resulted from our capital
purchases, which decreased to $7.2 million compared to $10.9 million in 2002.
Our spending is primarily for improved computer hardware for new and existing
employees and investment in infrastructure hardware and software applications.
Investing activities also included changes in our marketable securities that
have quality characteristics similar to cash equivalents, except their
maturities when we acquire them are longer than three months. The cash flow
statement included the purchase of $76.5 million of intermediate term marketable
securities, primarily interest-bearing government obligations and commercial
paper, offset by net proceeds from the maturity of marketable securities of
$76.6 million.

Our financing activities used $13.7 million of cash in 2003, principally
due to the repurchase of our common stock under an authorized plan to repurchase
up to $50 million. Through December 31, 2003, we had repurchased a total of
$18.4 million, including the purchase of 1,177,000 shares of our common stock on
the open market during 2003 at an aggregate cost of $16.3 million.

At December 31, 2003, we had $238.2 million of cash and cash equivalents
and marketable securities; primarily money market accounts and investment grade
commercial paper. An additional $12.8 million of commercial paper investments
are pledged as collateral for stand-by letters of credit related to the
operating leases of our facilities and are shown on the balance sheet as
restricted marketable securities. We believe that such cash and cash equivalents
and marketable securities will be sufficient to meet our working capital needs
and capital expenditures for the foreseeable future. Furthermore, we are not
aware of any trends, events, or uncertainties that are reasonably likely to
result in any significant change to our liquidity.

From time to time, we evaluate possible acquisition and investment
opportunities in businesses, products or technologies that are complementary to
ours. In the event we determine to pursue such opportunities, we may use our
available cash and cash equivalents and marketable securities for this purpose.
In January 2004, we used approximately $40 million of cash in acquiring Cobion
and the license of development source code from another party.

25

Off-Balance Sheet Arrangements

Payments for certain of our operating leases are secured by two
collateralized stand-by letters of credit totaling approximately $10.3 million
at December 31, 2003. The stand-by letters of credit are annually renewable over
the duration of the applicable leases. These stand-by letters of credit
guarantee our payment obligations on the leases. If we default on the lease
payments, the landlords can claim against the letters of credit. We, in turn,
would be liable to the letter of credit issuers. Our stand-by letters of credit
are collateralized by securities worth $12.8 million at December 31, 2003. Other
than these non-cancelable operating leases, we have no off-balance sheet
financing arrangements, any relationships with "structured finance" or "special
purpose" entities, or any contractual obligations with unconsolidated entities
that are reasonably likely to impact our liquidity.

Contractual Commitments

The following table summarizes our significant contractual obligations at
December 31, 2003, and the effect such obligations are expected to have on our
liquidity and cash flows in future periods. This table excludes amounts already
recorded on our balance sheet as current liabilities at December 31, 2003
(amounts in thousands):

Other obligations consist of payments due under an existing software
licensing agreement. The expected timing and payment of the obligations above is
estimated based on current information. Timing of payments and actual amounts
paid may be different depending on the timing of receipt of goods or services or
changes to agreed-upon amounts for some obligations.

RISK FACTORS

There are many factors that affect ISS' business and the results of its
operations, some of which are beyond ISS' control. The following is a
description of some of the important factors that may cause the actual results
of ISS' operations in future periods to differ materially from those currently
expected or desired. We encourage you to read this section carefully.

We Operate in a Rapidly Evolving Market

We operate in a rapidly evolving market and must, among other things:

- respond to competitive developments;

- continue to upgrade and expand our product and services offerings; and

- continue to attract, retain and motivate our employees.

We cannot be certain that we will successfully address these issues. As a
result, we cannot assure our investors that we will be able to continue to
operate profitably in the future.

We introduced our new Proventia appliance line, beginning with the A Series
in April 2003. The G Series and M Series were introduced in the fourth quarter
of 2003. As a result of our limited history with these products, it may be
difficult to plan or project our revenues accurately. The revenue and income
potential of these products is unproven and the markets addressed by these
products are volatile. If these products fail to gain market acceptance, our
revenue could be below our expectations and our operating results could be
adversely affected.

26

Our Future Operating Results Will Likely Fluctuate Significantly

We cannot predict our future revenues and operating results with certainty.
However, we do expect our future revenues and operating results to fluctuate due
to a combination of factors, including:

- the growth in the acceptance of, and activity on, the Internet and the
world wide web, particularly by corporate, institutional and government
users;

- the extent to which the public perceives that unauthorized access to and
use of online information are threats to network security;

- customer budgets;

- the volume and timing of orders, including seasonal trends in customer
purchasing;

- our ability to develop new and enhanced product, managed service and
professional service offerings;

- the introduction and acceptance rate of ISS branded appliances, including
increased cost of goods sold and inventory costs;

- our ability to accurately forecast and produce demanded quantities of our
appliance products and models;

- availability of component parts of appliance products and reliance on
contract manufacturers to produce such products;

- our ability to provide scalable managed services offerings through our
partners in a cost effective manner;

- foreign currency exchange rates that affect our international operations;

- product and price competition in our markets; and

- general economic conditions, both domestically and in our foreign
markets.

We increasingly focus our efforts on sales of enterprise-wide security
solutions, which consist of our entire product suite and related professional
services, and managed security services, rather than on the sale of component
products. As a result, each sale requires substantial time and effort from our
sales and support staff. In addition, the revenues associated with particular
sales vary significantly depending on the number of products licensed by a
customer, the number of devices used by the customer and the customer's relative
need for our professional services. Large individual sales, or even small delays
in customer orders, can cause significant variation in our license revenues and
results of operations for a particular period. The timing of large orders is
usually difficult to predict and, like many software and services companies,
many of our customers typically complete transactions in the last month of a
quarter.

We cannot predict our operating expenses based on our past results.
Instead, we establish our spending levels based in large part on our expected
future revenues. As a result, if our actual revenues in any future period fall
below our expectations, our operating results likely will be adversely affected
because very few of our expenses vary with our revenues. Because of the factors
listed above, we believe that our quarterly and annual revenues, expenses and
operating results likely will vary significantly in the future.

Our ability to provide timely guidance and meet the expectations of
investors with respect to our operating and financial results is impacted by the
tendency of a majority of our sales to be completed in the last month of a
quarter. We may not be able to determine whether we will experience material
deviations from guidance or expectations until the end of a quarter.

Dependence on Third Party Suppliers and Manufacturers

We carry little inventory of our appliance products and we rely on
suppliers to deliver necessary components to our contract manufacturers in a
timely manner based on the forecasts we provide. We currently purchase some
Proventia appliance components and contract manufacturing services from single
or limited

27

sources. If shortages occur, supplies are interrupted, or we under forecast
sales of demanded models, we may not be able to deliver products to our
customers and our revenue and operating results would be adversely affected.
Because our supply of hardware is based on short-term forecasts and purchase
orders, our contract manufacturers are not obligated to purchase components for
greater quantities over longer periods. We provide six-month forecasts of our
demand to our contract manufacturer. If we overestimate our requirements, we or
our contract manufacturers may have excess inventory, which could increase our
costs. If we underestimate our requirements, our contract manufacturers may have
an inadequate component inventory and, based on lead times, this could interrupt
manufacturing and result in delays in shipments and revenues.

We Face Intense Competition in Our Market

The market for network security monitoring, detection, prevention and
response solutions is intensely competitive, and we expect competition to
increase in the future. We cannot guarantee that we will compete successfully
against our current or potential competitors, especially those with
significantly greater financial resources or brand name recognition. Our chief
competitors generally fall within the following categories:

- large companies, including Symantec Corp., Cisco Systems, Inc., Netscreen
Technologies, Inc. (which is being acquired by Juniper Networks, Inc.),
and Network Associates, Inc., that sell competitive products and
offerings, as well as other large software companies that have the
technical capability and resources to develop competitive products;

- software or hardware network infrastructure companies like Cisco Systems,
Inc. and Juniper Networks, Inc. that could integrate features that are
similar to our products into their own products;

- relatively smaller software companies offering relatively limited
applications for network and Internet security; and

- small and large companies with competitive offerings to components of our
managed services offerings.

Mergers or consolidations among these competitors, or acquisitions of small
competitors by larger companies, represent risks. For example, Symantec Corp.,
Cisco Systems, Inc., and Network Associates, Inc. have acquired smaller
companies that have intrusion prevention technologies during the past several
years, and Juniper Networks, Inc. announced that it is acquiring Netscreen
Technologies, Inc. These acquisitions will make these entities potentially more
formidable competitors to us if such products and offerings are effectively
integrated. Large companies may have advantages over us because of their longer
operating histories, greater name recognition, larger customer bases or greater
financial, technical and marketing resources. As a result, they may be able to
adapt more quickly to new or emerging technologies and changes in customer
requirements. They can also devote greater resources to the promotion and sale
of their products than we c